LastPass Free will be severely limited on March 16, 2021
If you are using LastPass Free, the free version of the LastPass password management and synchronization service, then you may need to find another password management solution soon, or pay LastPass owner LogMeIn to continue using the service as you used to in the past.
LastPass announced today that it will make changes to its Free service on March 16, 2021. Starting on that day, LastPass Free users will only be able to use one device type going forward to access their passwords and use synchronization functionality. The company distinguishes between the two device types computers and mobile devices, and starting on that day, Free users may only use one device type but not the other.
The change does not impact LastPass Free users who only use the service on their computers, e.g. a laptop, desktop PC or browser extension, or only on mobile devices, basically anything that runs on Android or iOS. Users who use the service on mobile and desktop systems however, cannot do so anymore going forward unless they buy a premium or families subscription. Premium subscriptions are offered at a discount at the time
LastPass notes that users will set the device type with their first login on March 16, 2021. Customers have three opportunities to switch the active device type according to the blog post before the selection becomes permanent. Users may still access LastPass but only from the selected device types and may still sign in on the non-active device type, but will be severely limited according to a support page. Users will be able to use some functionality, like recovering the account, generating a secure password or managing one-time passwords, and access Account Settings, Advanced Options and Help.
Access to viewing, adding, or managing passwords or other items stored in the Vault are not supported anymore, however. Access to support is also going to be restricted for free users of the service.
LastPass users will be informed via email notifications on March 1 and on March 16, 2021. and via the client's in-product messaging system.
The blog post does not reveal why the change is made; it looks to be an attempt to get free users to sign-up for a paying subscription.
LastPass Free users who use the service on both device types and don't wan to pay a subscription fee to continue doing so may switch to several alternatives. There is Bitwarden, an open source password manager that does not restrict the types of devices that you can use, or, my favorite, KeePass.
Now You: are you a LastPass user? Are you affected by the change?
I’ve been hacked several times whitin just a couple of weeks and it is happening now I don’t know what to do with the fact that two grown adults are hacking my phone and looking at my private pictures and my private email has my passwords to all my emails and now I think they’re trying to steal my account information to clean me out… Please help me stop this from happening and what I need to do to find out who they are and prosecute them both to the fullest extent
Hey, owl, get yourself a blog or use a pastebin!
Pen & Paper forever!
@pen is mightier than the sword!
> Pen & Paper forever!
I agree with it.
I use a computer on a daily basis for work reasons, but in my personal life outside of work, I lead a “digital detox” lifestyle. Not only that, but I prefer to read the newspaper, read books, write letters, go to parks and museums, walk in the fields and mountains, and chat at home parties.
However, when using the computer, “password manager” is a must.
Apparently, you are short-circuiting, but what is being talked about in the Ghacks community is about the “usefulness of a password manager”.
In the Comments section of this topic, A password manager unnecessary theory has been posted (still remember all my passwords…. / Pen and paper work just fine.).
Read through the entire comments section, along with Martin’s article!
The significance of this comment is not only to express personal opinion but also to raise awareness.
Many people who do not use a password manager tend to register “automatic login” at login destination. However, the actual situation of maintenance management of the login destination is unknown and extremely risky.
The 773 Million Record “Collection #1” Data Breach | Troy Hunt
https://www.troyhunt.com/the-773-million-record-collection-1-data-reach/
As an example:
The act of storing your unique data (email address, password, credit card information, etc.) on social media, Amazon, online shopping, etc. is risky!
Even if it is troublesome, you should log in every time you use it.
And change your password in a timely manner!
Meanwhile, pen and paper work just fine. Lock them up in a safe between sessions, excellent!
Storing passwords on electronic mediums, encrypted or not is just stupid.
@old_school_wins_again,
Meanwhile, pen and paper work just fine. Lock them up in a safe between sessions, excellent!
Storing passwords on electronic mediums, encrypted or not is just stupid.
Pen and paper !?
After all, this technique requires manual input.
There is a limit to what you can do with manual input, and it is insignificant (character set: combination of character type and number of characters).
And it is a prey of hacking methods such as “Keystroke logging”!
Keystroke logging | Wikipedia
https://en.wikipedia.org/wiki/Keystroke_logging
If you can’t believe “electronic mediums”, it’s like denying the PC in the first place.
You are free to stick to “pen and paper” stubbornly,
But posting such “Paleolithic values” to GHacks is a nonsense demagogy.
Increase your intellectual curiosity and update your skills (knowledge and experience)!
Surveillance Self-Defense
Tips, Tools and How-tos for Safer Online Communications
A Project of the Electronic Frontier Foundation
https://ssd.eff.org/
Keeping Your Data Safe
https://ssd.eff.org/en/module/keeping-your-data-safe
Using Password Managers to Stay Safe Online
https://ssd.eff.org/en/module/animated-overview-using-password-managers-stay-safe-online
How to Make a Super-Secure Password Using Dice
https://ssd.eff.org/en/module/animated-overview-how-make-super-secure-password-using-dice
KeePass Password Safe | Home
https://keepass.info/index.html
Introduction – KeePass | KeePass Help Center
https://keepass.info/help/base/index.html
First Steps Tutorial – KeePass | KeePass Help Center
https://keepass.info/help/base/firststeps.html
Master Key – KeePass | KeePass Help Center
https://keepass.info/help/base/keys.html
Plugins – KeePass | KeePass Plugins and Extensions
https://keepass.info/plugins.html
Technical FAQ – KeePass | KeePass Help Center
https://keepass.info/help/base/faq_tech.html
Detailed information on the security of KeePass.
https://keepass.info/help/base/security.html
Check all KeePass passwords against the Have I Been Pwned database locally | gHacks Tech News
https://www.ghacks.net/2019/01/18/check-all-keepass-passwords-against-the-have-i-been-pwned-database-locally/
I recommend “KeePass Password Safe, KeePassXC, Bitwarden” from my knowledge and experience, but with them, you can easily, inexhaustibly, and instantly generate very complex password sets, and can manage it.
Case example:
Number of characters in the password to be generated “35”:
/gôÃ@îÃ+EѲ”ÚjS{ùÚWÃŽ4Û«f,VZÙ#õIÃG?
Number of characters in the password to be generated “1000”:
IAF·Z:»¾ð6ö°`Ã…Mi».ÎØÃÃ’l_n.\r©ýo\»L©#ËvÀ+wQëj²õFºkÃœ))L³£Â1 ¾)°ávósÑjüÃ%JaH¦}nãv¬¶Øù¨bÓ4XWZK]®<qø%ØVBØ#ÃY#_LÅÛÈgÃôx«2ZÈhbßè$)¡gøVºÒÅʾmÑæ`/6üP帪¼éªjE¢ð@^OS"ý²è§SrÃŒX\TFU¾*hQÛ.áp+:8u%§ÊÃ:ó°cõFÃG?S*Zmï-½ØeNÀ,?±O©QZç&[¨êºKùØ´Éaÿ¯Nº#<$Nº$Ã¥<5te½Çö÷'a\sæÅu?HZ¯´ÈVca¨zå¢V.¬XSf#]qÿ^Z¥ü {Jçý»"^-ÃPgÃœ|pzËÌý]pILXÂ¥7½À¢oÕMQÀÜH2îÃ?.Äæúñè½G#EÃ¥te8m%¾ª©Ù×!o`¢hr3Ã;Àïf$¡¹ª¾’ÃÃŽ_*~ÜóêWz1Üîh)þ_é4oú§t*;×o¸/âà ñÖzM,VÊ®AãXwâ×ùò,pÂ_ÃŒ\ì÷±}¢9Èt9AãáhÂ¥ÃJÂêê=yòËRªv æª&ö&_¶Ê㣯MÅãØöëê~È/zW.i:)Ù&NQÓ[b¡Ã®Ãß8iH½ÜLM[fM¼3=+z$è4tÃŒYÄ°z&þ1ôû£¬À8»©¸Lñ×vy:Êr/Òðg¾_||mÔ¤Q©0<l¶Ô¯IxcÆ°(Ø\õä³$ëÎxÙ¶wØgÜÿ£G#|mc¸à ïÛåÜF£ÃÖ
You see, it’s amazing!
Is it possible to enter manually?
Is it possible to memorize such a complex password sets?
If “password sets” are inconsistent three times, your login account will be locked immediately and it is impossible for a third party to unlock it.
Don’t insist on such nonsense as “memorization” or “notes and pen”, you may want to use a password manager.
If you’re straightforward, you’ll be amazed at the amazing power of password managers.
Surveillance Self-Defense
Tips, Tools and How-tos for Safer Online Communications
A Project of the Electronic Frontier Foundation
https://ssd.eff.org/
Keeping Your Data Safe
https://ssd.eff.org/en/module/keeping-your-data-safe
Using Password Managers to Stay Safe Online
https://ssd.eff.org/en/module/animated-overview-using-password-managers-stay-safe-online
How to Make a Super-Secure Password Using Dice
https://ssd.eff.org/en/module/animated-overview-how-make-super-secure-password-using-dice
Should understand the importance of passwords correctly and choose “robust and reliable means” from the viewpoint of trouble prevention.
Half-hearted means are the cause of accidents and incidents.
If you are currently using a password manager software like 1Password, LastPass, Roboform, or iCloud Keychain, you should pick an alternative here:
https://www.privacytools.io/software/passwords/
Results of Bitwarden security audit published | gHacks Tech News
https://www.ghacks.net/2018/11/13/results-of-bitwarden-security-audit-published/
Bitwarden | Wikipedia
https://en.wikipedia.org/wiki/Bitwarden
KeePass Password Safe | Wikipedia
https://en.wikipedia.org/wiki/KeePass
KeePassXC | Wikipedia
https://en.wikipedia.org/wiki/KeePassXC
LastPass | Wikipedia
https://en.wikipedia.org/wiki/LastPass
I used to use LastPass since 2008 or perhaps even earlier — in any case, since the paid version cost $1/month. This began to go downhill when LP got purchased by LogMeIn: an awful company that buys products to murder them with terrible support and asking for payment for even basic features. Anyone remember Hamachi?
Anyway: since then LastPass gradually became slower and less convenient. Updates and comfort features came slower and slower. Often, its integration would not work well in password fields on desktop browsers, and it was even worse on mobile.
I finally decided I have had enough and about 18 months ago I switched to Bitwarden. My convenience was immediately improved and I have never looked back. When my pre-paid subscription for LastPass ends, I will delete my data. This tool must die.
This reminds me of the last few years of their XMarks service which itself changed hands a few times first to LastPass and then to LogMeIn. I paid for it for many years but once LogMeIn bought LastPass it was a downhill slope. Within a couple years of that they killed the service. Not to mention when LogMeIn killed their free service many years ago. Overall I don’t trust the company. Move your data to someone more trustworthy. That’s my 2 cents…
So does this stop someone signing up their phone separate to their PC then using the share option?
Irrespective, I don’t like their tactics and will ‘walk’.
Use KeePass plus Keepass2Android. Sync the database with self hosted or any storage provider of your choice. The database is small and secured. There’s no need to pay for remembering your passwords.
I have been a very happy bitwarden paid user for the past year, time to migrate my wife over to it from lastpass!
It seems that many of us here are old ***** who have been [desktop] internet connected for many, many years. Now back in the day, 1999 is a good example, nearly all the programmes were free, and for those that weren’t there was always a crack just around the corner. This changed over time where some of us started paying for some of our software. Let’s face it – whether it was an individual or a corporation – someone put in the hard yards to come up with the product. The others still think that software should be free for everyone for all time. And, some of it is. And, there will [nearly] always be a free version of software to perform the task you require. And yes, some of it is very good.
LastPass seems to be a popular product which always rates highly among reviewers and “what pwm do you use” polls. As todays’ world in all about mobile phones this announcement will not really affect many people. And if you do use LastPass and need the option of mobile and desktop I don’t think that 50c a week is going to break the bank.
It will be interesting to see if any users respond with their intentions – so far only 1 has – the rest has just been spam.
LastPass is still in business?
I don’t see many options in the market except:
(1) Bitwarden.
(2) KeepPass if you don’t need a seamless sync function across devices/platforms.
Either way, you should use 2FA like Authy for accounts with sensitive info as a second layer of protection. NOT Bitwarden’s built-in authenticator. It wouldn’t make sense to use it in case of an account hack situation.
Why do people pay for LastPass or any other password manager when BitWarden is great?
Why do people pay for LastPass or any other password manager when BitWarden is so great?
So many of these services use the same modus operandi:
1. Promise the world
2. Deliver a full product for free
3. Get people hooked
4. Put major restrictions on the free functionality and start charging people for full functionality
I would prefer these providers skip step #2 if #4 is in their shady game plan.
If I change user agent to “desktop” in my mobile browser, will Lastpass work on mobile if you don’t pay and chose “computer”?
Not yet known. But a user-agent is not the only way to determine that a device is mobile.
It’s another reminder that that’s what happens when software goes SaaS (subscription model).
I can see those who stick with the free version have two accounts if they use it on both PC and mobile. Usually after you create a long complex password you don’t really need to worry about it unless a security incident happens, and then you change it. So if you have the free version on PC just import your passwords into the free version on mobile. Changing one here and there to match on both won’t be a hassle after both have all the same passwords to start.
Can’t beat Keepass imho. Portable version. Blocked in firewall as no need for cloud stuff, etc. Just keep a backup and remember the password. Never failed me yet.
I can appreciate the need to to earn money, as long as it isn’t greedy. However, Lastpass wasn’t “worth” it to me. I pay for 1Password, and I haven’t been disappointed. It is more reliable than any of the others out there that I’ve tested, and it has a built-in 2FA autofill feature which is awesome.
I used to like Bitwarden, but they refuse to add the feature that put’s an icon in the login field that lets you click in the login field to choose your login credentials.
What alternatives (preferably free) can offer to store not only passwords, but also secure notes (this is one of the main functions I need), email addresses / address / and ect ???
Why use any cloud trap? KeePass completely free and offline. I don’t trust anything on someone else server.
You are only thinking about your own circumstances. I use a PC, a laptop, a pad and an Android phone. KeePass is less than convenient. On top of that, using an online manage I can log onto a friends machine and access my password. Before you suggest it, thumb drives don;t fit my Android and easily lost.
^this. I can’t believe the discussions doesn’t just end there.
Since the mobile version won’t export your passwords, if you intend to use LastPass Free on your mobile device you might want to export your passwords before March 16th.
Password security shifted to the payware requirement already.
I use it mostly LastPass on PC, infrequently on laptop and rarely on Android but do need a password manager. I now have a bitwarden account with passwords imported and am thinking I may continue with lastPass on PC for the ability to easily check password age.
I can still remember all my passwords, thank you. And in case I can’t, I can always reset them.
I don’t see the point of using a password manager unless you are so feeble you forget to poop.
That’s not the point of password manager tho. You generate unique password for every site and use a master password to access it.
It was easier time to make password when there are no requirement of symbols, capitals, and numbers.
I wish I was like you where I could remember my 150 site passwords that are all at least 16 characters long, and none are the same. You are awesome! My brain just can’t do that. :-(
How many passwords are you remembering? Or is it the same one for every service? :-)
If you don’t see the point of using a password manager then I would submit your have already attained a state of feeble(mindedness). Congratulations!
I currently have 762 passwords and other credentials saved in my Bitwarden account. All of these are unique and randomly generated with passphrases of at least 5 words and a random number, or where restrictions limit the number of characters (stupid!) I use the maximum allowed -2 and use upper/lower case, numbers and special characters. Good luck remembering all that!
There are only two possible situations where you don’t “need” a password manager:
* You either have only a couple of logins to remember, in which case you probably use passwords that are still pretty vulnerable compared to what a password manager can generate.
* You re-use the same passwords or small/easy-to-remember variations everywhere. In which case a small data leak on one site could render ALL of your accounts vulnerable. Especially when one of those accounts is your e-mail, which can then be used to reset the passwords on all your other accounts.
Either way, I’d like to flip your statement. I don’t see the point in NOT using a password manager, even in the first situation. The last situation is simply being stupid to be frank…
In case you don’t trust having all of your passwords in one place, you can always add a bit of “salt” to the generated passwords, which is an easy to remember part of the password that you add to every login but don’t add to your password manager. In that case you enter most of the password for any site with the password manager and then just add your extra bit of “salt” that only you know to be able login.
Either you don’t take into account other people’s different circumstances, you use weak passwords or you have an absolutely outstanding memory.
I have over 100 sites in my vault, each with different and highly complex passwords like 8TnQ@pSPxxNCY!mvWepL#xGL. Resetting every time is not an option.
If you are able to remember all of your passwords then they are almost certainly not very secure.
Password managers are very handy tools that shouldn’t be discouraged. But you should always try to keep your password database in your own hands.
“Vertrauen ist gut, doch Kontrolle ist besser” – Some Guy
Two of my current password have 21 symbols that include letters, capitalized letters symbols and numbers, I can remember them just fine, in total I use over 6 different passwords associated at random with different usernames or e-mail addresses and I never had trouble remembering them. Excusing your weak memory on security reasons means you really are lost..
What are going to do if that password manager fails or gets corrupted or hacked into? Relying too much on technology makes you a vegetable.
Oh wow, “over 6 different passwords”. So I’m guessing you still re-use passwords on multiple websites? This in itself is already a bigger security risk than the situation you can have with a password manager. Just put your six current passwords in random order with an “-” added in between as your master password, add 2FA to your password manager login to be sure and nobody could ever get into that. Not even you if you forget the master password ;-)
It’s true, you do need to trust your password manager (software and maker), but with something open source like Bitwarden that’s easier because you can check the code. It also stores an offline encrypted file with all your data inside that can be opened with a self-hosted or local version of Bitwarden. So even when their online service stops sometime in the future, you still have access to all your data.
But if there’s one thing that’s proven for sure time and again, it’s that human memory is flawed in many many ways. I hope you’ll still remember all those passwords when your 80+…
If your passwords are so easy to remember, then your security is feeble. This is a comment made by an ignorant person lacking common sense.
Well said.
LastPass has been going downhill for a while. I used to be a free user, but I switched to Bitwarden because LastPass was fumbling around during the Firefox transition to WebExtensions.
I think this is an extremely bad move by LastPass. Nowadays, everyone has a smartphone, and I bet lots of people have picked up computers as a daily thing due to the pandemic. Not having access to your passwords on a device is extremely bad. I think 2 devices is the utmost minimum, even if you want to squeeze money out of your user base.
That being said, this is a common strategy. Make a product, offer a free tier, and then restrict the features. You’re going to get a lot of people who will just pay you, instead of moving to a different alternative.
Pure greed.
Just switched myself & no issues.
Though I noticed that BitWarden doesn’t light up the data fields to select your credentials, you have to click on the browser extension to select the appropriate account
It’s not true. After correct configuration, it enters the data.
I just switched to Bitwarden, it took about 10 minutes – export passwords to csv (account / advanced), import to Bitwarden (vault / tools), install on desktop & mobile, and bye bye to greedy LastPass !
So far it’s great, much faster (LastPass had a horrible lag recently on my Brave / desktop) and more or less same features. It’s also open source, cool !
I was missing just one feature “require master password for specific accounts”. I found that it’s not an issue, probably for most people, because the vault locks down on browser restart by default.
I changed it to lock down on system lock – secure and convenient enough for my usage style since I lock down the computer when I’m away from it.
I didn’t test on mobile yet, but LastPass was not good on my android phone, rarely managed to auto-fill, so it probably can’t be worse.
I switched from LastPass to Bitwarden some time ago based on a piece Martin wrote. Never looked back.
Looks like i should try bitwarden, again.
This particular change doesn’t bother me much since I only use it on PC but still I keep some alternative options in case Lastpass will place even more restrictions on the free tier.
People are willingly using this datamining disservice, and even pay money for it? The mad, mad world we live in…
Seems like it’s mostly just going back to the way it used to be a few years ago? I paid for it then, so I’m okay with paying for it again.
I’ve been using LastPass since I can remember, but I only use it on PC, so this doesn’t bother me. Same with my family. We all only use it on PCs, so we are all good (for now I guess).
Need one ask why any company makes arbitrary changes? Money! (Cue Cabaret!)