
LogMeIn acquires Lastpass - anu_gupta
https://blog.lastpass.com/2015/10/lastpass-joins-logmein.html/
======
ejcx
Congrats to Bob and Joe and LastPass team. I'm a former LastPass employee and
will be forever empressed by their work ethic that I saw. They definitely
deserve it.

------
james-skemp
First comment on the blog so far: 'Oh no.'

My first reaction was to chuckle. I wonder how LastPass will change given the
new ownership. We switched over to this at work almost a year ago, after
trying to determine a password management strategy for years, and it's worked
fairly well, although it hasn't sold me on switching from Keepass for personal
use.

I'll be interested in what the Hacker News community thinks about this.

~~~
tmarman
As a former Hamachi user and LastPass user/advocate, I had the exact same
reaction when I saw this.

------
bketelsen
There are times when it might be better to disable comments on your corporate
blog. This was one of those times.

~~~
Tinyyy
Haha every single one of the comments on the blog is negative.

------
ntrepid8
This is pretty terrible news. It would have been need to see LastPass get
acquired by a company like AWS but LogMeIn doesn't really have the reputation
required to ask people to trust them with all their passwords.

Also, the valuation also seems low to me. Maybe LastPass was having trouble
generating recurring revenue. It seems like going public would be a better
route for security companies but maybe the revenue wasn't there for an IPO.

I've had a paid subscription for years and used their enterprise service for 2
different startups. Hopefully the service doesn't start to suck. I'm already
scouting alternatives.

~~~
gautier
We were in a similar situation a few months ago when Mitro announced that they
were shutting down their service.

Mitro's owner being _really_ nice, they open-sourced the browser extensions,
server and mobile applications so we used them to run our own:
[https://passopolis.com/](https://passopolis.com/)

We plan to keep the code open-source and we're working hard at the moment to
introduce the organisation feature useful for start-ups. We plan to make the
organisation feature a premium service so we can justify running and improving
Passopolis for as long as it stays useful.

------
Tinyyy
Honestly if you're a security / privacy company, can you please just not get
acquired? You can't 'transfer' your customers' trust to a third party like you
transfer cash.

~~~
lewisl9029
Agreed. Or just open source it so we won't have to trust you.

~~~
gherkin0
Using open source and not having to trust someone would be nice, but at a
certain point I would rather not be running my own security-critical
infrastructure for personal stuff (if I can avoid it). I only have so much
time.

------
onwardly
Price was $110M + $15M in contingency payments.

From the LogMeIn investor release[1]

Under the terms of the transaction, LogMeIn will pay $110 million in cash upon
close for all outstanding equity interests in LastPass, with up to an
additional $15 million in cash payable in contingent payments which are
expected to be paid to equity holders and key employees of LastPass upon the
achievement of certain milestone and retention targets over the two-year
period following the closing of the transaction.

1\. [https://investor.logmeininc.com/about-
us/investors/news/pres...](https://investor.logmeininc.com/about-
us/investors/news/press-release-details/2015/LogMeIn-to-Acquire-Password-
Management-Leader-LastPass/default.aspx)

~~~
AdmiralAsshat
That's funny. The LogMeIn employees have a financial stake in making sure that
people DON'T exit en masse after the acquisition. I wonder why?

I would caution, then, that any interviews given by any staffer to the effect
of "LastPass is not changing, your data is perfectly safe with LogMeIn, the
prices will not skyrocket, etc." over the next few months should be taken with
a grain of salt, since they quite literally have $15 million riding on you
_not leaving_.

~~~
corin_
As opposed to any other acquisition (excl. acquihires) where the company
doesn't have any incentive to keep customers at all and therefore everything
they say must be completely true?

------
HackyGeeky
Congrats to LastPass team for a successful exit :)

I understand why the users might have concerns with "LogMeIn", but well one
should've expected (at least on this forum) that this is going to happen.

I know this isn't the most popular comment. But, what the heck, be happy for
the LastPass team, they've worked their ass off. That's what this forum is
for, isn't it ? We(hackers) are all in the same boat.

~~~
criddell
I don't think anybody is unhappy for the LastPass team. Many of us use
LastPass though and so we are nervous about the future of something we trust
and use. I don't trust LogMeIn like I trusted LastPass and so now I have to
contemplate finding a new solution to a problem that I thought was solved.

So hooray to the LastPass team and condolences to the LastPass customers.

------
FatalBaboon
If you're looking to change your password manager, I've been using `pass` [0]
for years now, and it's one of he best open source project I have ever used.
Everything works, it uses git for remote storage and gpg for encryption. There
is no fancy browser plugin, but a command line to get the password is enough,
since browsers cache the password afterwards and most sites use long lived
sessions through cookies. And the android app works well.

Pass feels simple but it is actually elegant.

[0]: [http://www.passwordstore.org/](http://www.passwordstore.org/)

~~~
clinta
I also love pass. My problem now though is what to recommend to family and
friends. I've been evangelizing lastpass to them for a while, but I'm not
comfortable telling anyone to trust them anymore.

~~~
FatalBaboon
Precisely my problem as well, if only pass had a user-friendly interface under
windows..

------
wscott
Lastpass premium customer here. It was $12/yr. (that will probably change
after the 2yr/$15M target is over)

Right now lastpass encrypts in the browser and the company only saves a binary
blob that they can't access. So your data is safe. But they said, "As we
become part of the LogMeIn family over the next several months, we’ll be
releasing updates to LastPass, introducing new features.." that makes me
nervous.

The comments here have lots of suggestions like keepass, but none of them
really compare with the Lasspass Android support where it will automatically
log you into apps.

~~~
WorldMaker
KeePass apps are usually open source. Presumably some smart devs can
contribute such Android support to an Android KeePass app.

------
Adaptive
FWIW, regarding the ongoing complaints about the LP UI, they just released a
beta update to their chrome extension a couple days ago. Still a ways to go,
but they are/have been clearly working on the end user experience.

[https://chrome.google.com/webstore/detail/lastpass-
prebuild-...](https://chrome.google.com/webstore/detail/lastpass-prebuild-
free-pa/debgaelkhoipmbjnhpoblmbacnmmgbeg?utm_source=chrome-app-launcher-info-
dialog)

~~~
apocalyptic0n3
That actually seems to be quite the improvement. The vault actually seems
useful now and doesn't look like a poorly built app from 2002. Thanks for
sharing

------
wlesieutre
Hopefully they do better with this than when they bought Hamachi. It was a
great piece of easy-config VPN software, and they just ruined it.

I knew a lot of people who used it regularly. Now I can't think of any.

~~~
Justsignedup
:( Hamachi quickly went to hell. I bet they use the tech Hamachi provided but
the product was scrapped afaik.

------
uean
I'm also not pleased by this news, given the track record of Logmein and how
they butchered Hamachi (mind you, that was years ago), the price gouging and
increases to the Pro and Central customers, etc...

I could grumble for awhile, but I do see one positive change I think will be
made quite soon - Lastpass Enterprise did struggle to pass passwords through
remote sessions (to a client server, for example). We played with using
Thycotic Secret Server, but Lastpass Enterprise is better in so many other
ways that we dealt with copy/pasting passwords into the remote session. If
Logmein can bring Lastpass integration through their remote tools I'll be
really happy, and I think it will drive people back to Logmein who left over
the past few years price gouging.

That all said... Logmein was really _really_ terrible about grabbing the
clipboard of any user who had recently connected and hanging onto it.
'Pasting' into a session often splooged some other guys clipboard contents
(funny jokes, personal password, embarassing URL)...

------
mpclark
These acquisition announcements are always the same, and always get the same
sort of comments.

They tell of good fortune for the owners of the thing that has been sold, but
never tell the users what's in it for them. And that's usually because there
is nothing in it for them.

What am I supposed to be happy about?

~~~
IgorPartola
I can't exactly agree with you. First, lots of acquisitions are good for the
user because they often mean backing by a larger entity with deeper pockets,
ensuring that the service you use will be around for longer.

Second, why do they owe you anything? Either you are a free user, at which
point you don't really have a whole lot of say in what they do with their own
company, or you are paying $12 for a stellar password manager, which I would
say is definitely worth it.

I am not exactly a fan of LogMeIn, and I do really like LastPass and use it
every day, but if they chose to sell their company and cash out, good for
them. If the service somehow becomes bad, I will move onto one of many
alternatives, though this time probably an open source one.

~~~
aylons
> Second, why do they owe you anything? Either you are a free user, at which
> point you don't really have a whole lot of say in what they do with their
> own company, or you are paying $12 for a stellar password manager, which I
> would say is definitely worth it.

Because I not only paid US$12,00 to them, but I have also invested time and
thought in building habits and procedures based on their service.

If they their service becomes unworthy or cumbersome, or if I have any reason
to distrust them, I'll have to look elsewhere, not only costing me time, but
also giving me uncertainty and possibly having to choose a new service. And,
if I have chosen Lastpass, is because I believe other services are not worth
as much.

~~~
IgorPartola
OK, but why do they owe you anything for the time you chose to spend with
their product? In fact by repeatedly using their product you subtract from
their bottom line since you are consuming computing and support resources. As
far as I see it, $12 buys you a one year LastPass subscription, not a
perpetual right to be consulted on any corporate moves they might make.
Practically, you probably have a bit more say than a free user would about the
product features, but not nearly as much as one of their team members.

In short, while this change to LastPass might not be good for you (or me) in
the long run, I don't see why they'd have any responsibility to consult you or
me about whether to sell to LogMeIn. We are customers, not shareholders.

~~~
AdmiralAsshat
_In fact by repeatedly using their product you subtract from their bottom line
since you are consuming computing and support resources._

I don't understand the point you're trying to make here. Their product is
SaaS; by definition to use the product requires consuming their computing
resources--that's what they're selling! Unless you're honestly of the
mentality that companies have moral standing to tell you to eff-off once they
have your money. But I don't think you are, so please clarify.

To answer your question, LastPass's popularity is largely due to word-of-
mouth. People used LastPass because they liked it, they liked its ease of use,
they liked what they perceived to be the honest nature of the company. Because
people like the average user on HN, who are likely the "Tech guy" for all of
their immediate friends and family, tell their families to use LastPass and
help them set it up. When you piss off the guys who evangelized your product,
you're not just losing his business; you're potentially losing the business of
everyone whom they recommended it to.

Case in point, I convinced my girlfriend to start using it (she fortunately
got 6 months for free via a student email and hence will suffer no monetary
loss if we decide to switch) and was considering telling my family about it,
but now I'm having second thoughts. And considering this is, again, a
subscription model, the "Haha, we already have your money!" model only works
for one year. The projected revenue based on the expectation of renewals,
however, goes out the window.

~~~
IgorPartola
My point is simply that LastPass has no responsibility to you and me to not
ruin their product by selling to someone that might. If we were shareholders
it'd be different, but as users we have very little say, and I think that's
for the most part a good thing. Imagine if you had to treat all your users as
shareholders.

Of course this sale to LogMeIn might mean the end of LastPass as a reliable
and easy to use password manager. Of course it might cause you and me to spend
time looking for an alternative solution, setting it up, etc. I am saying that
none of that is LastPass's team's problem and I don't think that even a paid
subscription for their service buys us the right to be consulted on their
corporate strategy.

------
pms
Some time ago LastPass automatically DELETED my five-year old account on
Mendeley.

The "AutoFill" option of LastPass was turned on. I was browsing my profile
settings on Mendeley. Somehow LastPass automatically commenced the account
removal action, filled in my password, and confirmed the prompt. My account
was gone.

I did NOT EVEN NOTICE when it happened. The only reason I know it now is
because I managed to reproduce this behavior with a new account. I reproduced
it one month later, after exchanging multiple nervous emails with Mendeley
Support.

The potential for abuse of LastPass is huge. The hope is that LastPass will
get better after this acquisition.

~~~
mc808
Out of curiosity, how did it go with Mendeley? Were they able to recover your
account?

~~~
pms
Not at all. I lost my account. I've used my offline local copy of the database
to reproduce most of it though.

------
AdmiralAsshat
Assuming your passwords are in a "stable" state (i.e. you're not constantly
adding new logins to your vault), it would probably be a good idea at this
point to make a backup of LastPass's database via the Export feature and hold
onto that backup. I know I'm on the paranoid end, but I have this sneaking
suspicion that the Export feature might "disappear" in the coming months to
try to curtail a mass exodus of users.

~~~
secabeen
I think that's unlikely, given how they handled the expiration of the Free
LogMeIn accounts.

~~~
AdmiralAsshat
How were they handled? I didn't have one.

------
zoner
[https://passopolis.com/](https://passopolis.com/) \- I'm using this (formerly
known as Mitro)

Open source

~~~
forgotpwtomain
I see a bunch of lame commits like changing logos and names and no actual work
on mitro -- not sure how encouraging that is, since you've already jumped at
changing the name and making a company around it.

~~~
Karunamon
Perhaps the original app was feature complete and not a lot of work needed to
be done on it? It's based on a third party password management service that
open sourced its code before shuttering, so this would naturally be step one
in relaunching something based on that code.

------
jmuguy
A lot of folks only have experience with Logmein from the horrible way they
handled transitioning users from the free to paid service.

My company has used Logmein Central for remote access to hundreds of PCs for
years. The core software is great, reliable, and has been ever since we
started using it.

The problem is that Logmein the company knows they're on top of the heap when
it comes to remote management. They have no reason to innovate or improve
where they can.

They added 2FA but otherwise we haven't seen a single new feature that we've
taken advantage of in a very long time. Any features they do add hint at them
wanting to be a RMM service but you'd have to be an idiot to trust them with
more responsibility of your networks. Also a lot of those features require
Logmein Pro which adds an insane amount of cost depending on how many systems
you're managing.

Meanwhile there are bugs that have been around literally since we started
using the software. For instance copy/paste while in a session will randomly
break. The Logmein client software is very buggy on OSX, crashes often, search
will randomly break.

Their support is basically non-existent, although I haven't tried in a while
if you opened a ticket it would take days if not longer for a response and
they'd usually just direct you to some unrelated KB or tell you post on the
forums.

We use Lastpass as well so this should be interesting. I've yet to see a
merger that actually improved things from our end as a MSP. Cisco bought
Meraki, Dell bought SonicWALL, at this point I assume any time we see a merger
that its time to find a new vendor.

~~~
nandhp
I also remember when LogMeIn changed the number of users allowed in the free
tier of Hamachi (a P2P VPN) -- it went from 10 to 5 with no notice, just
randomly disconnecting half of the peers.

------
yoshamano
My first reaction to reading the title was "why?"

After reading the article (and then reading it again) I'm not left feeling
confident that this is in any way positive for me as a LastPass Premium and
Xmarks customer.

In particular the vague line about, "As we become part of the LogMeIn family
over the next several months, we’ll be releasing updates to LastPass,
introducing new features..." To me, LastPass is feature complete. So either
I'm going to have a mind blowing, I never knew I needed that, moment, or more
likely some sort of bloated crap is going to get shoe horned into LastPass.

~~~
degenerate
LogMeIn purchased, and absolutely ruined, Hamachi back in 2006. That program
was the perfect lightweight virtual LAN client in existence with all the
necessary features. Within months of acquisition, Hamachi had several
"updates" and became bloated beyond recognition, slow, buggy, and downright
unreliable. I have the worst taste in my mouth from what LogMeIn did to a
perfectly working product and won't use anything they offer because of it.

~~~
cryoshon
Yeah, they really ruined Hamachi. There isn't really a suitable replacement
even now, to the best of my knowledge. I still resent them for that.

I hope they don't ruin LastPass also, but from here on out I'll be intensely
skeptical.

~~~
api
Suitable (and open source) replacement:

[https://github.com/zerotier/ZeroTierOne](https://github.com/zerotier/ZeroTierOne)

[https://www.zerotier.com/](https://www.zerotier.com/)

Also does a lot of other things, and is evolving into a full-fledged SDN
layer. If you don't want to use the pretty GUI they give you to create/manage
networks you can run your own 'network controller' \-- see READMEs in GitHub.

------
afaqurk
I just created a list this morning to help my family figure out an alternative
to LastPass.

Here it is: [http://afaqurk.github.io/lastpass-
alternatives/](http://afaqurk.github.io/lastpass-alternatives/)

------
bluedino
I cringed when we got this email since we use LogMeIn Pro at work.

For everyone else, I hope they don't butcher the free version like they did
with LogMeIn.

~~~
gtk40
As someone who has never used LogMeIn, could you explain what the problems
are? I use LastPass pretty extensively (and was thinking of buying a
subscription later this month), but have never used LogMeIn.

~~~
winsome
LogMeIn used to have a free product that they then took to Premium only. I
used to use them extensively until then.

Now they also seem to be notorious for price hikes, although I have no first-
hand experience. I'm a LastPass Premium subscriber and have enjoyed using it,
but I'm worried about what the future holds now.

------
switch007
Any suggestions for alternatives? I need yubikey support, Chrome & Firefox
plugins (Linux & OS X) and an Android app.

~~~
lectrick
So you absolutely must use Yubikey for 2factor auth instead of one of the many
alternatives?

~~~
lockes5hadow
Yes, unless you suggest another hardware token with NFC in the same price band
(sub $100).

------
colinbartlett
I'd really love for some objective person to weigh in about why all the
negative reaction to this. Is LogMeIn a terrible company? I have not used
either LogMeIn or LastPass.

~~~
Splines
IMO not all that LogMeIn is a good/bad company, it's that LastPass was sold.
Their (your) data is being moved from one company to another.

It's certainly possible that LogMeIn stays hands-off and LastPass continues
all operations exactly as they did before, but then why would LastPass sell?

LogMeIn paid $x money for LastPass, and they intend to make $x + $y money for
it, by doing things that LastPass was either unable or unwilling to do
(otherwise, LastPass wouldn't have sold).

Usually this means that LogMeIn is going to try to "extract more value" from
the customer.

------
bad_user
And this is precisely why I'm not using other people's (proprietary) password
managers.

And if you really have to pick a proprietary thing, then 1Password has always
been better because it doesn't have an online component, syncs with Dropbox
only if you want it to and whatever happens with the app, the Dropbox sync
includes an HTML/JS interface that can read the dumped passwords, plus the
format is documented.

------
hu_me
logmein has almost ruined my current favorite password manager Meldium. After
they acquired it the service has become gradually to the point it does not
work on half the sites stored in it. This week I finally decided to start
migrating to LastPass (a few clients use it and it appeared a more dependable
alternate). Guess will continue my search for alternates.

------
colinplamondon
This really rubs me the wrong way. Do not like the idea of my password manager
bouncing around owners. Or infrastructure changes that new owners often push
on the acquired company.

If there's one business I REALLY do not want to be moving about, and I want as
little churn as possible for, it's a password manager.

The thing I liked about LastPass was that it seemed like the highly geeky,
less startupy approach to password managers, more likely to be run for the
long-term, less likely to be at risk of an acquisition.

Going to look into Dashlane.

~~~
ntpeters
Dashlane looks really promising. Does anyone here have experience with it?
Does it work as smoothly everywhere as LastPass did?

~~~
quantumfoam
I'm not affiliated with Dashlane in any manner but I thought I'd chime in with
my experience as a user. I used to use LastPass but lost a bit of confidence
in them when they asked users to reset their master password [1] when an
anomaly was found present in network traffic from one of their DBs. Prior to
this I was looking at open source alternatives but the syncing and add-ons for
each browser (which made logging in and generating passwords easier offered by
Dashlane) really caught my attention. These features aren't unique to
Dashlane, I'm sure. New sign-ups reap the benefits of premium features for a
month or so, then you could send an invite to a friend and accrue 6 free
months of premium service when they sign up (which is what I did) for free.
They also offer a public password generator [2] page. They support the major
browsers (Safari, Chrome, Firefox). Dashlane also has a "security dashboard"
which keeps track of password expiration, reuse, and weak password usage, with
a base analysis score that gets presented to you when action on a site is
required. If you want something for offline use and that is hardware based,
I'd recommend checking out the Mooltipass [3]. I hope this helps.

[1] - [https://www.duosecurity.com/blog/breaking-down-the-
probable-...](https://www.duosecurity.com/blog/breaking-down-the-probable-
lastpass-breach) [2] - [https://www.dashlane.com/password-
generator](https://www.dashlane.com/password-generator) [3] -
[http://www.themooltipass.com/](http://www.themooltipass.com/)

~~~
fapjacks
I'm a happy user of Mooltipass! Definitely a great alternative.

------
onwardly
Price was $110M + $15M in contingency payments.

From the LogMeIn investor release[1]

Under the terms of the transaction, LogMeIn will pay $110 million in cash upon
close for all outstanding equity interests in LastPass, with up to an
additional $15 million in cash payable in contingent payments which are
expected to be paid to equity holders and key employees of LastPass upon the
achievement of certain milestone and retention targets over the two-year
period following the closing of the transaction.

1\. ([https://investor.logmeininc.com/about-
us/investors/news/pres...](https://investor.logmeininc.com/about-
us/investors/news/press-release-details/2015/LogMeIn-to-Acquire-Password-
Management-Leader-LastPass/default.aspx_)

~~~
flipp3r
You have some extra characters at the end of your link

[https://investor.logmeininc.com/about-
us/investors/news/pres...](https://investor.logmeininc.com/about-
us/investors/news/press-release-details/2015/LogMeIn-to-Acquire-Password-
Management-Leader-LastPass/default.aspx)

------
rwc
Some of these tools (1Password in particular) seem geared toward individual
password management. And LastPass wasn't exactly user-friendly. What are you
using for group/team password management?

~~~
gexos
I use keepassx, it will allow you to keep a local repository of all of your
passwords and sensitive information encrypted and accessible to all of your
team members.

Commonkey is another great program and is free for teams of three.

------
krupan
Encryptr is an alternative that I've had my eye on:

[https://encryptr.org/](https://encryptr.org/)

They don't plan to ever do auto-fill for security reasons, which I'll admit
disappoints me.

~~~
m1keil
I was curious about Encryptr as well. I hope the maintainer will change to
less purist approach and understand that for most of us, copy/paste of login
details is just no-go.

------
bargl
Well looks like I'm going to have to convince, my wife, family, extended
family, and friends that they all have to switch password managers now.

I'm blown away, I've been a fan since day one because of it's simplicity and
availability.

I am torn between waiting to see what happens and giving them the benefit of
the doubt and just changing all my passwords before Logmein can f--- me.

~~~
koyote
Having not used anything by Logmein or heard much about them, what's the
reasoning behind wanting to jump ship asap?

Are they just bad at running a company or are you scared they will sell your
data or similar?

~~~
h4waii
Because you can't buy trust through an acquisition. You build trust, you don't
transfer it through a merger.

~~~
MaxPower9
This is 100% spot on. And when it comes to password mgmt, trust is everything.

------
klausjensen
Are there any real alternatives to Lastpass, that has working browser plugins
and also work on Android devices?

~~~
vmuhonen
One option I've been meaning to look, but haven't had a reason to because of
LastPass is Encryptr [[https://encryptr.org/](https://encryptr.org/)], but now
I might need to. They have Android and Linux support, but not browser plugin I
think. Also, it comes from the same people as SpiderOak...

~~~
wscott
Encryptr is interesting and looks very nice. Includes source:
[https://github.com/devgeeks/Encryptr](https://github.com/devgeeks/Encryptr)

But it doesn't appear to have anything like Lasspass's autofill on android
that supports the fingerprint reader.

~~~
flurpitude
So you'll be using the clipboard to copy and paste passwords on Android, which
is (I believe) much less secure.

------
azmenak
First off, congrats to the LastPass team! You guys have built an awsrome
product and company.

My hope now is that LastPass won't go down the same path as Meldium, after
they were acquired by logmein; the product went downhill very quickly.

In the case of Meldium, it seems they were trying to improve the UI by
improving the design at the expense of functionality. It feels like LastPass
is in a similar position now.

~~~
borisjabes
I'm sorry you feel that way and will try to correct it. Can you send me
feedback on the functionality that's not working as well now in Meldium?
There's definitely some edges we're still working through and I'd love to make
sure we make it awesome for you asap. You can drop me an email as well (boris
at meldium dot com)

~~~
mderazon
I have to agree. The new interface is too much bells and whistles not so much
functionality. Another weird behavior is the chrome which doesn't open a new
tab immediately but hold for couple of seconds. This makes you wonder if you
should wait before you can switch to a different tab.

~~~
borisjabes
We'll work on fixing that. I think it's safe to say that particular tab
experiment hasn't worked out.

------
discreditable
Just one more reason why password management by a company is a bad idea. The
company may be good now, but companies can be acquired or evaporate on short
notice.

------
jscheel
I had to find out about this from HN. Never got an email, even being a premium
member.

~~~
jlgaddis
I got two of them, one at 1322 UTC and the other at 1454 UTC (two Premium
accounts).

------
electricblue
I'm thinking about going with KeePass. I don't want to deal with this again
with 1Password if/when they get bought.

~~~
danieldk
I think there is an important difference between LastPass and 1Password:
1Password stores data in a folder you point it to. It is never in any form
transferred to their servers.

~~~
npongratz
Are there open source "clients" that can access the 1Password data I store
locally?

~~~
reaperhulk
The file formats are extremely well documented
[https://support.1password.com/opvault-
design/](https://support.1password.com/opvault-design/) and many 3rd party
tools exist for reading the data.

------
fencepost
As a LastPass Premium customer for longer than they've owned XMarks and a
combined product customer since, this concerns me. I'm not planning to change
my LastPass usage until/unless they change how the product works, but I'm a
bit more leery of steering customers to the Enterprise product now and will be
investigating alternatives in that space.

As for XMarks, I'm torn. It has nice potential, but I feel like the company
has basically let it stagnate warts and all. Some seemingly-obvious features
like tracking changes to saved bookmarks (diffs, not checking the content of
the URL) don't exist, and the ways to get archival data out to do it yourself
are clunky and manual. What made me start wanting that was a browser going
funky and losing a chunk of bookmarks - I had to kind of ballpark when that
was, go back, dump a backup, find them in the HTML dump backup file then
recreate and I'm not certain I ended up getting them all.

------
grayfox
As someone who recently jumped from Lastpass to 1Password... I wish them the
best, but I feel I'm working with the far superior product. Especially on iOS
+ OS x.

~~~
ebilgenius
I've recently done the same, but the lack of support for Linux and their
lackluster Windows version kinda bums me out.

~~~
signal11
Why's the Windows version "lacklustre" compared to the Mac version? I thought
1Password 4 for Windows is at feature-parity with the Mac version, they even
have sync over wifi which was missing in 1Password 3.x for Windows.

------
fweespeech
After having to deal with LogMeIn for a company I used to consult for....

Yeah, I'm going to be switching password managers.

------
FabianBeiner
I upgraded my account _yesterday_ for five more years. ;-) But honestly, if
everything will keep working as it is, I really don't care about the name
behind it. If LastPass did as they said they do (everything is encrypted, they
don't have access), it doesn't matter.

------
pgrote
I have used LastPass Premium since they started.

What gets me down about this is the trust I had for the service LastPass
provided. I appreciated their open and pre-emptive communication. They were
willing to dive into the details of a possible issue and explain everything
about it.

------
niyazpk
LastPass was good while it lasted. As an FYI to anyone looking for other
options, I migrated to 1Password (based on reviews/suggestions in this
thread). It just took a few minutes to migrate. 1Password supports importing
LastPass export file.

------
sagawee
My homegrown alternative to password managers like LastPass and 1Password: An
encrypted zip file.

The zip contains

* encrypt.sh

* payload, a folder containing subfolders, password text files and other personal information.

To "unlock", extract the zip.

To "lock", run encrypt.sh.

Make sure that the extracted data won't get backed-up at any time. I just came
up with this a few days ago. Let me know if you have any concerns about this.

Here's the encrypt.sh:
[http://pastebin.com/DudVinms](http://pastebin.com/DudVinms)

~~~
Quiark
I would avoid using .zip file format encryption, who knows how safe that is.
PGP as encryptor would probably be a better choice.

~~~
sagawee
It depends on what you use to create the .zip file. The zip command uses the
insecure PKZIP algorithm. 7z supports AES-256 encryption.

------
joebasirico
My company uses join.me (a Logmein product) all the time for easy screen
sharing. It's one of the few quick screen sharing apps out there that doesn't
require a heavy download and is user friendly enough to be used by all of the
people in our company and all of our client.

I've been using LastPass since 2011 and have been really happy with it (other
than the slightly opaque UI and design from the 90's).

I'm hopeful about the acquisition, maybe logmein can give some UI/UX guidance
to the LastPass team, while the LastPass team can help expand and grow to help
more people to use a password manager.

If not, there are plenty of other password managers out there, I suppose.

------
draw_down
When I started my job I got a laptop with the extension for LastPass installed
to Safari. One of the first things I encountered was an error dialog, modal
for the entire Safari app, telling me of some nonsense problem with Lastpass,
which at that point I hadn't even _used_ yet! So I never started using it
after that.

I occasionally use 1Password for the iPhone, but still mostly rely on the
built-in OS X Keychain app. 1Password is too expensive for the Mac and all the
other managers don't seem to place much emphasis on UX.

This class of application is quite poor to use overall. Even as nice as
1Password is, its syncing story is not very good.

------
brento
One of the reasons I chose 1Password over LastPass is because you can choose
where to store your data (iCloud, Folder on your System, Dropbox). I don't
think you should trust your passwords to any company.

------
xbryanx
Do LogMeIn users have a feeling as to whether this is a good thing? Will they
bring any visual polish, or UX consistency to the jumble that is Last Pass?

~~~
tudborg
Paying LastPass user here. Not sure how this is going to go down. TBH I'm
hoping that nothing will change. Yes, the UX might not be the best in the
world, but to me, the important thing is availability and security (probably
not in that order). A browser extension and a decent android app is what I
need, and I already have that.

~~~
xbryanx
Paying LastPass (Enterprise) user here too. I hope the extension gets a
complete overhaul. I've experienced dataloss multiple times due to
inconsistent interface issues. Support just shrugs and points me to 3rd party
backup solutions. I see the UX problems as critical, but yes...just below
security.

~~~
tekromancr
Paying LP Enterprise user also. Totally agree. I spent 45 mins today just
explaining to new employees how to get everything set up. The UX something
that absolutely needs work

Then again, it's currently good enough that we are paying them a pretty large
yearly sum, so perhaps there is no business case for spending the resources to
improve it.

------
pinkano
Yes, so I'm switching over to a different one. LogMeIn is always a mess when
they acquire another company. So far Sticky Password seems like a decent
alternative with some servers saying they offer a great discount.
[http://heavy.com/tech/2015/10/lastpass-alternatives-
logmein-...](http://heavy.com/tech/2015/10/lastpass-alternatives-logmein-
acquired-replacements-password-manager-dashlane-keepass-1password-splikity-
shark-tank-encryptr-enpass/)

------
caroline223
If you are looking for an alternative password manager, take a look "Intuitive
Password" online password mansger (www.intuitivepassword.com). I have more
than 200 passwords and they are all different for each site, I use it
everyday. It works on all devices including smartphones, tablets, laptops and
desktop PCs without installation required. Intuitive Password provides a Data
Restore Points feature so you can't lose your data using their service.

------
gexos
What about Password Safe "Passwddsafe" I use it om my computer and android and
I'm very satisfied. And of course the fact that is designed by Bruce Schneier
is a plus for me.

------
ninjakeyboard
Everyone seems pretty unhappy about it via the comments on the article.

------
eigenvalue
This actually sounds like a smart deal for LogMeIn. Purchase price is $110mm
of cash with a $15mm earn-out-- seems reasonable considering LastPass has
millions of users and is a pretty sticky service (I've been a premium user for
the last couple of years, mostly to be able to use their iPhone app).

~~~
ilogik
_had_ million of users judging by the announcement comments

------
ejcx
Congrats to Bob and Joe and LastPass team. I'm a former LastPass employee and
will be forever empresses by their work ethicc that I saw. They definitely
deserve it.

------
BjoernKW
There's something really odd happening with i18n on that blog. It recognizes
my primary browser language as German and hence displays menue items and the
right side bar in German. So far so good. However, it also partially
translates the actual text into German, i.e. for some sentences the first word
is translated while the rest remains English:

\- Zunächst, we (LogMeIn/LastPass) have no plans ... \- Zweitens, this
acquisition provides us ... \- Seitdem, LastPass has grown by leaps ...

------
discreditable
Just one more reason why password management by a company is a bad idea. The
company may be good now, but companies can be acquired or evaporate on short
notice.

------
rwhitman
The stark reminder that your password manager can change hands is probably the
most bothersome part of this.

Overall it's probably a good thing that the product is transferring to a more
financially stable company with healthy enterprise sales. I'd rather it head
in that direction than struggle for a long period of time and put my data at
risk. The worst thing that could have happened with this product would have
been a spiral of neglect

------
rocky1138
Please don't fuck it up.

------
gammaray
What are best self-hosted password managers right now? The only one I know of
is KeePass2

Something I can serve from a VPS that works on _most_ platforms.

------
periferral
Looks like Dashlane ($40) and Sticky Password ($20) are viable alternatives.
Both are more expensive than Lastpass. Reading the reviews, these seem like
the best so far. Anyone with experience on either of these they can share?

~~~
pinkano
Yep, I'm switching to Sticky Password too. According to this they offer a
discount too: [http://heavy.com/tech/2015/10/lastpass-alternatives-
logmein-...](http://heavy.com/tech/2015/10/lastpass-alternatives-logmein-
acquired-replacements-password-manager-dashlane-keepass-1password-splikity-
shark-tank-encryptr-enpass/)

------
ddoran
I don't like the announcement and I hate how they've done it. Under the
signature on the blog announcement, they've added 13 paragraphs in the HTML
source to bury the comments off the page. On OSX Safari and Firefox, I see no
way to add new comments. Way to start as a new dawn. I wish I hadn't renewed
recently.

------
pinkano
So it seems that Sticky Password offers a 50% discount in regards to what
happened to Lastpass: [http://blogen.stickypassword.com/looking-for-an-
alternative-...](http://blogen.stickypassword.com/looking-for-an-alternative-
to-your-current-password-manager/)

------
johnwilliams123
Just in: Zoho Vault offers free migration to LastPass Users.

Link: [https://www.zoho.com/vault/logmein-lastpass-
acquisition.html](https://www.zoho.com/vault/logmein-lastpass-
acquisition.html)

------
mtw
I saw Passwordbox getting acquired by Intel, now this. I don't think I'm going
to switch to 1Password or another. I think they are just going to be acquired
one day by unknown big entity... better be safe and keep your passwords to
yourself

------
tiernano
Not sure if good or bad...

~~~
johnward
Me either. I was a big fan of logmein when they had a free version but it
wasn't something I was willing to pay for. LastPass is though.

------
rhabarba
As everyone is suggesting alternatives here, one more vote for KeePass with
Dropbox (giving you use 2-factor authentication with Dropbox), KeeFox +
KeePass2Android. Lovely, free, relatively secure.

------
jroovers
Call me naive, but I created a change.org petition to try and make the voice
of concerned users heard: [https://www.change.org/p/lastpass-leadership-
lastpass-stay-i...](https://www.change.org/p/lastpass-leadership-lastpass-
stay-independent)

~~~
PeterWhittaker
Even if this petition accumulates hundreds of thousands of signatures, what
should happen? The sale has been announced, which means that, but for
regulatory approval (if any), it is done: The owners of LastPass have agreed
to terms and have signed contracts indicating this, contracts that are
binding.

Were they to change their minds LogMeIn could in all likelihood sue both
LastPass and the owners of LastPass, personally and severally, for breach of
contract and for a number of other things.

No government will interfere either, as few if any governments will assert
that they know both a business's business and the needs of that business's
customers better than the business itself - not to mention because of the
precedent it could set and uncertainty it could engender.

The best response of concerned customers is one, research, and two, should the
research so indicate, voting with their feet and either saying put or moving
to another service.

------
Goronmon
Whew, glad this happened sooner rather than later. My subscription was up for
renewal in a month. At least it makes the renewal decision easy.

------
BadassFractal
I really hope the product continues to exist and get better. Their enterprise
offering works well enough and is very useful, even though the UX is a bit
ancient and awkward at times.

------
jonknee
Seems like a smart move for selling bulk licenses to large companies.

------
oneJob
I would just like to add my voice to the cacophony of others shouting into
this particular echo chamber: Peace out Lastpass

------
jordsmi
Time to switch back to KeePass. Lastpass is much more enjoyable to use but
LogMeIn seems to ruin everything they touch

------
AdmiralAsshat
_sigh_

And I literally just migrated all of my stuff from KeePass to LastPass like
two weeks ago.

Back to the drawing board, I suppose.

------
niels_olson
Xmarks goes with it, I assume?

------
homulilly
I dropped lastpass for dashlane awhile ago, it's much better at actually
filling out forms.

------
baldfat
Linux User - I am looking at Keeper
[https://keepersecurity.com](https://keepersecurity.com)

My devices - Linux Desktop, Laptop, Windows 7, 8 and 10 Machines at work,
Android Phone, iPad (Work)

Lastpass worked on all of them. The only alternative I could find was Keeper
[https://keepersecurity.com](https://keepersecurity.com) that worked with all
of my devices.

Anyone have experience with Keeper Security?

~~~
buro9
Likewise, I'm similarly cross-platform and just found
[http://enpass.io/](http://enpass.io/)

Wondered if people have experience with them.

~~~
thehoff
Am I blind? Where is the pricing for Enpass? It says free download free
updates but then in middle it says pay once use forever.

~~~
baldfat
*Free version can store upto 20 items only. Price for Life-time Pro ver is $9.99 per platform with no other server or subscription charges.

[http://enpass.io/apps/android/](http://enpass.io/apps/android/)

So for me that is $20 for iPad and Android BUT my iPad is a company product
that is likely to switch on me shorty with an upgrade.

So this might not work if it is $20 per platform per personal and business
use.

------
ciaranm
Wonder if now is the time to look at alternatives, before the service
potentially changes.

I hear a lot of good things about 1Password, which seems to work for my
iPhone/MacBook. Anyone know if there's a reasonable option for using it on
Windows?

~~~
ghshephard
I chose 1Password _because_ it works seamlessly across iPhone/MacBook/Windows.

[https://agilebits.com/onepassword/windows](https://agilebits.com/onepassword/windows)

~~~
baldfat
Linux?

~~~
resurge
They have browser extensions, so you can use it through that way on Linux it
seems.

[https://agilebits.com/onepassword/extensions/](https://agilebits.com/onepassword/extensions/)

~~~
martin-
"IMPORTANT: This extension requires 1Password 4 for Mac or Windows", so I
guess not.

------
bryang
Solution:

1)Pen & Paper

2)Protected word doc saved in dropbox under an unassuming title like "Low fat,
low calorie, totally un-appetizing vegan meals"

------
justinholmes
Anyone want to help keep Mitro up and running. I've got some spare racks.

------
jayonsoftware
I love Dashlane

~~~
stuffaandthings
I switched to LastPass from Dashlane recently. I do like Dashlane better, but
unfortunately no linux client was a deal breaker...

~~~
gkop
Not only do they not have a Linux client, but their web client is _super_
limited - it won't give you the passwords that have been shared with you, for
example, and you can't register an account through it (on Linux I literally
had to install the iOS app on my iPhone to create an account, have my
colleague add my account to the team, and then once I could finally log in to
the web app, even though it showed me on my team, it wouldn't give me any team
passwords).

------
WorldWideWayne
For anyone thinking about jumping to KeePass - consider the fact that they're
still hosted at SourceForge.

That's a major red flag for me and I've been keeping my eye out for an
alternative for a while now.

------
subliminalzen
Roboform: [http://roboform.com](http://roboform.com) has been excellent for
me. Not sure why I switched to LastPass, but I'm switching back.

------
aburan28
Just wait until the inevitable data breach and there gone

~~~
dtech
That already happened: [https://blog.lastpass.com/2015/06/lastpass-security-
notice.h...](https://blog.lastpass.com/2015/06/lastpass-security-notice.html/)

------
Justsignedup
Anyone aware of good alternatives? Primarily for enterprise customers who want
to share passwords between teams.

We have developers, and regular ol' employees who use this of varying levels
of computer comfort. We need to be able to share passwords org-wide and team-
wide.

And on a personal note, I need to be able to manage my own passwords and my
partner's and we share from time to time.

~~~
nsgi
Can anyone enlighten me on when sharing passwords between teams is necessary?
It seems to me as though it's always a bad idea because people leave and it's
generally possible for everyone to have their own account.

~~~
techdragon
Five words "demo accounts and test users"

------
iscrewyou
I've been using an excel workbook that is stored in an encrypted image as my
ways to manage passwords.

How are these services that people mention in the comments, better at doing
the same?

Is there a better way someone has come up with to manage passwords where you
don't have to rely on these services?

~~~
Splines
Local keepass database, synced with $yourpreferredcloudservice.

On my Android phone I use a keepass app that includes a keyboard, which
integrates typing in username/password.

Also supports 2fa totp, which feels to me like poking holes in the whole idea,
but if you want to use it it's there.

~~~
sundarurfriend
> Also supports 2fa totp, which feels to me like poking holes in the whole
> idea

I'm a Keepass user and I didn't know it had support for 2fa. Why do you feel
it's poking holes in the idea?

------
nullsocket
Queue REM: [https://youtu.be/Z0GFRcFm-aY](https://youtu.be/Z0GFRcFm-aY)

------
lectrick
Whew, I was on the fence between this and 1Password after Mitro shut down,
just a couple days ago... Glad I went with 1Password LOL

~~~
MrGando
Been using 1Password for years now... those guys are super committed to their
software, I really like their product.

~~~
saddestcatever
I've been a serious 1Password user for ~3 years. Love it. Mac OSX app, and
Chrome plugin are amazing. It's a little pricey, but I think it's worth it.
However - don't think about using 1Password if you're on a windows machine -
their windows app is really janky and works just enough to be usable

~~~
lectrick
Just for the sake of multiplatformability...

Is there something remotely as good as 1Password for Linux?

~~~
heinrich5991
LastPass works really good on Linux.

~~~
gkop
It's true. They have a little shell script that you run once and it adds their
plugin to all the installed Chromes, Chromiums, and Firefoxes on your machine.

~~~
lectrick
I've played with Linux and never figured this out- What's the difference
between Chrome and Chromium?

Nevermind, I remembered how to Google...
[http://www.howtogeek.com/202825/what’s-the-difference-
betwee...](http://www.howtogeek.com/202825/what’s-the-difference-between-
chromium-and-chrome/)

------
quaunaut
Huh. Gotta admit, I'm rather distressed by this, but I'm trying to think
through it logically.

* They still don't have access to my raw passwords. Everything's already encrypted before it gets to them, and they don't have the key. They just store the encrypted data.

* They however do control access to the account. This means there's a point where they get all sorts of data on me, and while I personally don't mind, I must admit I felt a bit safer when I thought it was a smaller, purpose-built company managing things.

* Then again, LastPass hasn't had the greatest user experience lately. A mixture of simply not doing the data entry on some sites, and having a poorly designed UI for mobile that feels like little more than an extension of the desktop experience(which doesn't work very smoothly on mobile- it needs to be rethought from the ground up) means that perhaps the new things LastPass could do with this funding would make it more usable.

But at its core, this is a security company to me. Probably the only one I pay
for directly. I love change and expansion in so many other industries, but I
suppose I'm just not used to it here- perhaps that gut response of "I want my
security to be utterly solid because of how bad it could be if it goes wrong".

This isn't quite a reason to jump ship for me yet, but I'll certainly be
duplicating work to other services(which so far, I've found to be quite
inferior).

~~~
danieldk
_This isn 't quite a reason to jump ship for me yet, but I'll certainly be
duplicating work to other services(which so far, I've found to be quite
inferior)._

Did you try 1Password (which works with Dropbox, Wifi sync, etc.)? Not
affiliated with them, just a happy customer.

~~~
shlant
I actually did an evaluation of password storage services recently and chose
LastPass over 1Password for a couple reasons:

1\. 1Password is SUPER expensive for what it is. You really pay for the fact
that it looks nice and integrates well with mac.

2\. It has no enterprise level features (This is for my organization) such as
user management, access logging and fine grained roles and sharing.

1Password might be good for an individual or a small team, but it's too simple
for anything beyond that.

~~~
paulcole
"You really pay for the fact that it looks nice and integrates well with mac."

Aren't those exactly the kind of things I'd want to pay for-- rather than
opting for a cheaper solution that doesn't have those features?

~~~
bad_user
For me look & feel and usability are nice, but not if it doesn't correspond to
my needs.

I routinely use both a Ubuntu Linux laptop and a MacBook. Unfortunately
1Password does not support Linux.

And while I do use Dropbox, I like having the flexibility of switching to
Google Drive. Speaking of look & feel, on Android the 1Password interface is
the ugly duckling that doesn't use material design.

And back to price. At home I also have a Windows box that I sometimes use for
media. My phone is an Android, but I also have an iPad. So 1Password would set
me back $42 for OS X + Windows (includes the discount), about $7 for Android
and another $7 for iOS. That would be $56 with the discount, or $84 without
the discount. And that is expensive, I mean that's almost the price of an
IntelliJ IDEA upgrade.

It's not terrible, I mean it does provide value and the price is sort of
justified. But careful on the _wanting to pay_ for things, as that's not how
the world works. Do you know what happens to the farmers that invested money
in the latest tractors and the seeds with the highest yield? Most are near
bankruptcy, choked by loans and surviving on government subsidies. Just
saying, wanting to pay for things is a sign that you've got more money than
ability to spend, which is cool, but life is surprising and things change.

