* They still don't have access to my raw passwords. Everything's already encrypted before it gets to them, and they don't have the key. They just store the encrypted data.
* They however do control access to the account. This means there's a point where they get all sorts of data on me, and while I personally don't mind, I must admit I felt a bit safer when I thought it was a smaller, purpose-built company managing things.
* Then again, LastPass hasn't had the greatest user experience lately. A mixture of simply not doing the data entry on some sites, and having a poorly designed UI for mobile that feels like little more than an extension of the desktop experience(which doesn't work very smoothly on mobile- it needs to be rethought from the ground up) means that perhaps the new things LastPass could do with this funding would make it more usable.
But at its core, this is a security company to me. Probably the only one I pay for directly. I love change and expansion in so many other industries, but I suppose I'm just not used to it here- perhaps that gut response of "I want my security to be utterly solid because of how bad it could be if it goes wrong".
This isn't quite a reason to jump ship for me yet, but I'll certainly be duplicating work to other services(which so far, I've found to be quite inferior).
Did you try 1Password (which works with Dropbox, Wifi sync, etc.)? Not affiliated with them, just a happy customer.
1. 1Password is SUPER expensive for what it is. You really pay for the fact that it looks nice and integrates well with mac.
2. It has no enterprise level features (This is for my organization) such as user management, access logging and fine grained roles and sharing.
1Password might be good for an individual or a small team, but it's too simple for anything beyond that.
Aren't those exactly the kind of things I'd want to pay for-- rather than opting for a cheaper solution that doesn't have those features?
I routinely use both a Ubuntu Linux laptop and a MacBook. Unfortunately 1Password does not support Linux.
And while I do use Dropbox, I like having the flexibility of switching to Google Drive. Speaking of look & feel, on Android the 1Password interface is the ugly duckling that doesn't use material design.
And back to price. At home I also have a Windows box that I sometimes use for media. My phone is an Android, but I also have an iPad. So 1Password would set me back $42 for OS X + Windows (includes the discount), about $7 for Android and another $7 for iOS. That would be $56 with the discount, or $84 without the discount. And that is expensive, I mean that's almost the price of an IntelliJ IDEA upgrade.
It's not terrible, I mean it does provide value and the price is sort of justified. But careful on the wanting to pay for things, as that's not how the world works. Do you know what happens to the farmers that invested money in the latest tractors and the seeds with the highest yield? Most are near bankruptcy, choked by loans and surviving on government subsidies. Just saying, wanting to pay for things is a sign that you've got more money than ability to spend, which is cool, but life is surprising and things change.
The lack of enterprise features is a killer though. We currently use 1Password at work, but we're evaluating LastPass and Meldium as options to switch to purely for the password sharing, access control,etc. We don't want to switch, but it's not clear there's any option if you want to manage passwords reasonably smartly among a small team.
Its auditing and logging features are excellent.
LastPass costs (or used to cost) $12/year while 1Password is $29, so if you intent to use a password manage for more than two years it's cheaper to buy 1Password than keep paying for LastPass.
And just a side note, I bought my 1Password for Windows, currently I'm using it on Windows, Linux, Mac and iOS and they all work fine. My OS X says that it's trial has expired, but it still works just fine, I can create new passwords and encrypt the old ones just fine. Maybe there are some pro features I'm not getting, but it's doing what I need it to do.
But someone suggested Wine and I guess it works better, but this works just fine for my needs.
I don't know about that. LastPass wants $12/yr for their premium service. 1Password charged me $60 for the Windows + Mac bundle back in 2011. Other than the fact that you have to pay up front, the price seems similar.
Allowing any third party access to sensitive passwords sounds like a bad idea.
I would just like to clarify that AgileBits never gets access to your data or your Master Password. It is either stored locally on the user's machine or network or in his/her own Dropbox or iCloud account.
I'm really not keen on Dropbox syncing as there is no need for a copy to exist on the cloud
However, it would be nice to have official iOS 1Password support since I believe 1Password can leverage BTSync via API much like Dropbox for a much more seamless experience.
IE: your company makes a vault in a dropbox directory shared with employees, and multiple people just add that as a secondary vault?
conflicting changes are probably an issue though...
I'm sure you're getting a lot of new users today. Good luck! :)
My name is Eva Schweber and I work for AgileBits, the folks who make 1Password.
That's a great suggestion, thank you. And thank also for the good wishes. It has certainly been a busy day!
I just bought 1password, switching from LastPass - one feature I really liked in LastPass was the ability to save the master password (I keep important passwords in my head and a password manager for less important things). Is there any chance this functionality will be provided? As it stands if I want to keep using 1Password I'll downgrade my Master Password strength (because it's a real pain to type it every time I reboot, especially on my phone) and that makes me feel more uncomfortable than knowing if someone knows my system login password they could compromise my vault...
LastPass did guard this functionality with a big "your security will be seriously compromised, are you absolutely sure?" prompt which I think is fair enough
But, as I said, I don't use password managers for passwords that are really important, I use them for the bulk of online services where I'd like to use a different random username/e-mail & password for each.
Do you have any plans to integrate with Google Drive or iCloud drive in the near future?
We have had many requests to integrate GoogleDrive and it is certainly something we are looking into. Our Mac App Store app does allow iCloud syncing through Cloudkit.
Just to be clear who I am, I am repeating that I am Eva Schweber and I work for AgileBits, the folks who make 1Password.
And to answer your question, yes. We have put all of our apps (including our in-app purchases) on sale for 40% off.
Awesome! Glad to hear it.
They're doing a new "Windows Modern" (or whatever it's called) version, I need to give that a try sometime.
I've been a huge fan of the technical capabilities of Lastpass in general - I have many desktops and syncing generated passwords works great.
But it's never been something I could push to my business customers because it's never worked reliably under IE. When I've bought this up in other forums, I only get the "oh.. using IE is dumb" sort of response, which is completely unhelpful for your average business. But it's an attitude I've often wondered if Lastpass had, based on their regular release cycles being heavily skewed away from IE.
0,1 and 2 are easily replicated in my environments:
It's really not that expensive for what you're trusting it with.
Edit: not affiliated, but it has to be my #1 favorite application on any platform.
I have all those features plus a proper web extension for $12/year.
My name is Eva Schweber and I work for AgileBits, the makers of 1Password. I just wanted to thank you for sharing your love of 1Password! We love our customers and with folks like you, is it any wonder why?
While it is true that we think it is important for our potential customers to know that we may charge for a future version of 1Password, we have only done this once in the 9 years that 1Password has been available. And that was after a significant upgrade from 1Password 3 to 1Password 4 when we rewrote the entire app from scratch.
Customers who purchased 1Password 4 for iOS have received free upgrades (including Pro Features) to 1Password 5 and 1Password 6. The same is true for our 1Password 4 for Mac customers, who received 1Password 5 (our current version) for free.
For Windows you are eligible for an existing customer discount. Just go to our store at http://agilebits.com/store and click on the Upgrade button under the license you are wanting to purchase. You will be prompted to enter your 1 Password 3 license code and then you will see the discounted prices you are eligible for.
We have also changed our sharing policies to match Apple's Family Sharing plan. Now a family living in a single household can have up to 6 users on a single 1Password for Mac or Windows license.
As far as Android goes, we have put the in-app purchase on sale for 40% off.
To answer your question, yes it does.
And, until the surprising 40% sale, the OS/Windows bundle was $69, if I add the pro Android app, it was $80.
With the 40% sale it is now $48, full 4 years of lastpass subscription
1Password is not a subscription service. Instead we charge a one-time fee to purchase the app. That license remains valid for the duration of that version's lifetime.
Thank you so much for the endorsement. Way to make my day!
I just wanted to thank you for your kind words.
You do not need the iOS app's Pro Features for looking up or entering Logins. But you can read much more about what you do get for purchasing the Pro Features here: https://support.1password.com/guides/ios/pro-features.html
Thanks so much for the complements! Our designers and developers work really hard and it great to see their efforts being so well appreciated!
I don't know what version of Android you are on, but if you are running Android 4.0 or higher, you can use our snazzy Filling feature so you don't have to copy and paste Logins anymore. You will find more details here:
Question for you and others who have migrated from LastPass to 1Password:
Were there any sticking points? How did you go about moving over your password database?
Switching to 1Password was extremely easy. It offered simple instructions on how to import from LastPass and the pricing model (pay once for the piece of software) was a lot more compelling to me. As an added bonus, the app is super well developed and designed. It _just_ works, and works the way you expect it to. 100% satisfied.
I'm so glad to hear that the transition was and easy one and that you are so satisfied with our product! I will certainly share your kind words with our designers and developers.
You will find the users manuals for all of our platforms at http://support.1password.com and if you have any questions about specific features, please feel free to ask one of our support jedis at http://discussions.ahilebits.com.
Thanks so much for appreciating our dedication to our product. Security is incredibly important to us and we take the quality of our work very seriously.
Eva - love your company and product, but you're spamming HN with this stuff. Update your profile to disclose your affiliation, up-vote the comments praising 1Password if you want, and answer questions candidly. Happy to see company reps participating in the conversation!
Just kill the "Hi so-in-so" and the boilerplate "I am Eva...". If all you have to say is thank you, upvote and leave it at that - your posts are taking up like 50% of the article commentary...
A good guideline is just "does this add useful/interesting content to the discussion?"; if not, think very hard before adding it.
Plus from the HN guidelines: Please don't sign comments; they're already signed with your username. If other users want to learn more about you, they can click on it to see your profile.
All that said, welcome to HN!
I've never really understood the appeal of account-based password managers. It was a startup and it needed a business model, sure, so from the company's perspective it makes sense. But from a customer's perspective you're accepting a new type of risk that you don't have to worry about if you use a glorified encrypted list (e.g. KeePass) to manage passwords. The payoff is convenience, but personally no amount of convenience is enough to make me comfortable with storing all of my encrypted passwords on a single server somewhere and hoping that there are no exploitable security vulnerabilities (or malicious insiders who might seek to profit from finding or introducing them). Having an offline password manager that never uploads data to a server provides defense in depth, though it's less convenient.
Check out http://keepass.info/plugins.html (I use PassIFox and ChromeIPass via KeePassHttp)
Group credentials and secure keys for production environments, among other things, can be shared using LastPass.
Never mind sensitive stuff -- we get lots of use out of LastPass for managing the list of test and demo users on our site. We setup sandbox accounts (with various types of users) for potential customers. Each time the main logins to into LastPass, so if they run into problems, anyone on the dev team can help them out (with no other coordination required).
I've not been terribly impressed by LP's usability, honestly; but for quite a while they've seemed to be the only mature product in this space.
I've noticed Dashlane seems to be catching up here; I'm keeping an eye on them.
Maybe this has changed since I last checked but this and many other things seemed highly questionable on KeePass.
iOS (MiniKeyPass): https://itunes.apple.com/us/app/minikeepass-secure-password/...
I don't have a BlackBerry anymore, though. Now might be the time to jump ship.
Lastpass can detect logins from new IP adresses and throttle requests, send warning mails etc.
But sure, once their servers are cracked and their plugin is infected with master-password-stealing code it's all game over.
This, Duo integration and Linux support are the features that are making finding an alternative to LastPass difficult for me.
It's true for any level of password management. KeePass is less secure but more convenient than simply memorizing each of your long, secure passwords. Choosing less secure passwords or repeating passwords is more convenient than memorizing long, unique passwords.
Finding the right balance of convenience & security is critical for securing the myriad accounts of the "masses." We know that the average person isn't going to bother memorizing long unique passwords - even the most security conscious person won't do that (except for maybe a handful of super-critical passwords).
Sure, a local password manager like Keepass could provide a new version that posted my p/w, key file, and DB up to a server somewhere, but I would have to manually install it, and it would have to get around a local program executable-firewall. No such challenges with auto-updating extensions and/or JS served from their server (or MITM.)
I don't know if the acquisition makes them more secure or less, but having worked at large companies, I tend to agree with:
> I must admit I felt a bit safer when I thought it was a smaller, purpose-built company managing things.
Though really in an organisation you'd probably pay for one of those other solutions (Secret Server?)
So how come they don't have your raw passwords? Because of their web centric approach, I doubt that they are encrypting it locally. And regardless, LastPass is a proprietary thing, so you can consider your passwords to be compromised anyway.
Nowhere in the payload that gets sent to them is your key. The only way you could consider your passwords compromised is if you think there's already a rainbow table out there to decrypt everything, which is ludicrous.
I'm blown away, I've been a fan since day one because of it's simplicity and availability.
I am torn between waiting to see what happens and giving them the benefit of the doubt and just changing all my passwords before Logmein can f--- me.
Are they just bad at running a company or are you scared they will sell your data or similar?
When you complain to LogMeIn and give them the details of the scammer, they couldn't give a rat's arse and just ignore you. Those kind of ethics do not belong with the owners of a password vault.
Source: Experience trying to report a bad actor.
Edit: I read some of the comments on https://news.ycombinator.com/item?id=10359491 and most of them have bad things to say about LogMeIn.
I'm happy for the LastPass team that they were able to profit off their hard work, but I'm leery of what this means, not only for the hundreds of my passwords and notes LastPass has in its vault, but what sorts of "features" LogMeIn will want to forcibly integrate into the product--and then charge 50x my lowly $1 a month contribution.
"KeeFox connects Firefox to KeePass Password Safe"
gratuitous- uncalled for; lacking good reason; unwarranted.
I feel that my comment falls into what I consider a fair statement about the severity of the situation. They have my passwords and could easily hike up their rates. This change may add features I didn't know I wanted, but thus far I'm happy with the way LastPass has been operating and I don't want a change.
I won't be doing that.
I'll tell you what I think. I was right; he was too negative; and folks feel threatened by that. Fits the data here pretty well.
If there's one business I REALLY do not want to be moving about, and I want as little churn as possible for, it's a password manager.
The thing I liked about LastPass was that it seemed like the highly geeky, less startupy approach to password managers, more likely to be run for the long-term, less likely to be at risk of an acquisition.
Going to look into Dashlane.
Of course there is the argument that since it's open source it's safe since someone has "audited" it, but many times that's not true.
And even then unless you spend a lot of time trying to break it so you understand it completely you are way better off just writing your own solution, but that takes time and effort
I'm basically preparing to bail on lastpass with this news but need to have all my bases covered.
There are multiple KeePass clients on iOS and just about all of them support things like Dropbox sync.
A curses-based CLI for KeePass, KeePassC was just recently on HN: http://raymontag.github.io/keepassc/
I'll look at some of this tonight thanks!
I just save+sync passwords in Firefox and use a strong master password. I (usually) only need to paste the password from Keepass once unless I elect to not save it (such as with financial logins).
> does it work on ios?
Google seems to return lots of results for iOS Keepass apps. You'll want to vet them on your own. I use KeePassDroid on Android and like it well enough.
I forgot about my nexus tablet but android is the other thing to have a look into.
 - https://www.duosecurity.com/blog/breaking-down-the-probable-...
 - https://www.dashlane.com/password-generator
 - http://www.themooltipass.com/
It is more expensive than Lastpass, but this news suggests Lastpass was underpriced for a long time.
Big fan of Dashlane's 2FA with Authy. Really easy to share passwords securely around my organization too.
Not having a Linux client is a real miss though, I also kept Lastpass because the Linux integration is seamless.
Highly useful to be able to have access groups like "team" (everyone, things like Zendesk) "team-secure" (stuff with CC's, like Amazon), "dev" (general dev accounts), and "dev-secure" (compose.io access and the like).
Makes it way faster to onboard new folks, and when people leave, to cleanly strip access and change passwords.
The open source tools don't solve for those kinds of use cases, as far as I know. Just "I have one computer, and want to store my passwords on that one computer."
The server and the chrome/firefox extensions that are opensource (https://github.com/WeAreWizards/passopolis-server, https://github.com/WeAreWizards/passopolis-extensions).
Right now it's mostly for us and other mitro escapees to continue using it so we didn't bother with the site design or the mobile apps.
The exact feature you mention would be the first one to be done if we decide to monetize it though ! It would say opensource as well.
I've yet to find any open source software that does team management. Even multiple open source tools that work together to create this functionality would be great.
Also, no way I would do anything important on my phone. These things seem to be about as secure as sieves.
For me, I use a plaintext file in a Truecrypt archive because I'm a massive dweeb.
My company has used Logmein Central for remote access to hundreds of PCs for years. The core software is great, reliable, and has been ever since we started using it.
The problem is that Logmein the company knows they're on top of the heap when it comes to remote management. They have no reason to innovate or improve where they can.
They added 2FA but otherwise we haven't seen a single new feature that we've taken advantage of in a very long time. Any features they do add hint at them wanting to be a RMM service but you'd have to be an idiot to trust them with more responsibility of your networks. Also a lot of those features require Logmein Pro which adds an insane amount of cost depending on how many systems you're managing.
Meanwhile there are bugs that have been around literally since we started using the software. For instance copy/paste while in a session will randomly break. The Logmein client software is very buggy on OSX, crashes often, search will randomly break.
Their support is basically non-existent, although I haven't tried in a while if you opened a ticket it would take days if not longer for a response and they'd usually just direct you to some unrelated KB or tell you post on the forums.
We use Lastpass as well so this should be interesting. I've yet to see a merger that actually improved things from our end as a MSP. Cisco bought Meraki, Dell bought SonicWALL, at this point I assume any time we see a merger that its time to find a new vendor.
After reading the article (and then reading it again) I'm not left feeling confident that this is in any way positive for me as a LastPass Premium and Xmarks customer.
In particular the vague line about, "As we become part of the LogMeIn family over the next several months, we’ll be releasing updates to LastPass, introducing new features..." To me, LastPass is feature complete. So either I'm going to have a mind blowing, I never knew I needed that, moment, or more likely some sort of bloated crap is going to get shoe horned into LastPass.
I hope they don't ruin LastPass also, but from here on out I'll be intensely skeptical.
Also does a lot of other things, and is evolving into a full-fledged SDN layer. If you don't want to use the pretty GUI they give you to create/manage networks you can run your own 'network controller' -- see READMEs in GitHub.
You're reading Hacker News. You know what "exit" means.
I also agree with colinplamondon's comment "The thing I liked about LastPass was that it seemed like the highly geeky, less startupy approach to password managers, more likely to be run for the long-term, less likely to be at risk of an acquisition."
So the thought of them seeking an exit never crossed my mind.
Logmein is still in business, and buying companies. At first blush it seems like they'd be a good company to have a stake in.
Also, the valuation also seems low to me. Maybe LastPass was having trouble generating recurring revenue. It seems like going public would be a better route for security companies but maybe the revenue wasn't there for an IPO.
I've had a paid subscription for years and used their enterprise service for 2 different startups. Hopefully the service doesn't start to suck. I'm already scouting alternatives.
Mitro's owner being really nice, they open-sourced the browser extensions, server and mobile applications so we used them to run our own: https://passopolis.com/
We plan to keep the code open-source and we're working hard at the moment to introduce the organisation feature useful for start-ups. We plan to make the organisation feature a premium service so we can justify running and improving Passopolis for as long as it stays useful.
From the LogMeIn investor release
Under the terms of the transaction, LogMeIn will pay $110 million in cash upon close for all outstanding equity interests in LastPass, with up to an additional $15 million in cash payable in contingent payments which are expected to be paid to equity holders and key employees of LastPass upon the achievement of certain milestone and retention targets over the two-year period following the closing of the transaction.
I would caution, then, that any interviews given by any staffer to the effect of "LastPass is not changing, your data is perfectly safe with LogMeIn, the prices will not skyrocket, etc." over the next few months should be taken with a grain of salt, since they quite literally have $15 million riding on you not leaving.
My first reaction was to chuckle. I wonder how LastPass will change given the new ownership. We switched over to this at work almost a year ago, after trying to determine a password management strategy for years, and it's worked fairly well, although it hasn't sold me on switching from Keepass for personal use.
I'll be interested in what the Hacker News community thinks about this.
Pass feels simple but it is actually elegant.
They tell of good fortune for the owners of the thing that has been sold, but never tell the users what's in it for them. And that's usually because there is nothing in it for them.
What am I supposed to be happy about?
Second, why do they owe you anything? Either you are a free user, at which point you don't really have a whole lot of say in what they do with their own company, or you are paying $12 for a stellar password manager, which I would say is definitely worth it.
I am not exactly a fan of LogMeIn, and I do really like LastPass and use it every day, but if they chose to sell their company and cash out, good for them. If the service somehow becomes bad, I will move onto one of many alternatives, though this time probably an open source one.
Because I not only paid US$12,00 to them, but I have also invested time and thought in building habits and procedures based on their service.
If they their service becomes unworthy or cumbersome, or if I have any reason to distrust them, I'll have to look elsewhere, not only costing me time, but also giving me uncertainty and possibly having to choose a new service. And, if I have chosen Lastpass, is because I believe other services are not worth as much.
In short, while this change to LastPass might not be good for you (or me) in the long run, I don't see why they'd have any responsibility to consult you or me about whether to sell to LogMeIn. We are customers, not shareholders.
I don't understand the point you're trying to make here. Their product is SaaS; by definition to use the product requires consuming their computing resources--that's what they're selling! Unless you're honestly of the mentality that companies have moral standing to tell you to eff-off once they have your money. But I don't think you are, so please clarify.
To answer your question, LastPass's popularity is largely due to word-of-mouth. People used LastPass because they liked it, they liked its ease of use, they liked what they perceived to be the honest nature of the company. Because people like the average user on HN, who are likely the "Tech guy" for all of their immediate friends and family, tell their families to use LastPass and help them set it up. When you piss off the guys who evangelized your product, you're not just losing his business; you're potentially losing the business of everyone whom they recommended it to.
Case in point, I convinced my girlfriend to start using it (she fortunately got 6 months for free via a student email and hence will suffer no monetary loss if we decide to switch) and was considering telling my family about it, but now I'm having second thoughts. And considering this is, again, a subscription model, the "Haha, we already have your money!" model only works for one year. The projected revenue based on the expectation of renewals, however, goes out the window.
Of course this sale to LogMeIn might mean the end of LastPass as a reliable and easy to use password manager. Of course it might cause you and me to spend time looking for an alternative solution, setting it up, etc. I am saying that none of that is LastPass's team's problem and I don't think that even a paid subscription for their service buys us the right to be consulted on their corporate strategy.
Right now lastpass encrypts in the browser and the company only saves a binary blob that they can't access. So your data is safe. But they said, "As we become part of the LogMeIn family over the next several months, we’ll be releasing updates to LastPass, introducing new features.." that makes me nervous.
The comments here have lots of suggestions like keepass, but none of them really compare with the Lasspass Android support where it will automatically log you into apps.
I understand why the users might have concerns with "LogMeIn", but well one should've expected (at least on this forum) that this is going to happen.
I know this isn't the most popular comment.
But, what the heck, be happy for the LastPass team, they've worked their ass off. That's what this forum is for, isn't it ?
We(hackers) are all in the same boat.
So hooray to the LastPass team and condolences to the LastPass customers.
I knew a lot of people who used it regularly. Now I can't think of any.
It's certainly possible that LogMeIn stays hands-off and LastPass continues all operations exactly as they did before, but then why would LastPass sell?
LogMeIn paid $x money for LastPass, and they intend to make $x + $y money for it, by doing things that LastPass was either unable or unwilling to do (otherwise, LastPass wouldn't have sold).
Usually this means that LogMeIn is going to try to "extract more value" from the customer.
Additionally, LastPass did good job in disclosure of security incidents in the past. I'm pretty sure this won't happen now that they are tied with this big brand name which thinks that publishing security incidents is bad for its PR.
Bottom line - It's a matter of trust for me, and I don't trust them.
The "AutoFill" option of LastPass was turned on. I was browsing my profile settings on Mendeley. Somehow LastPass automatically commenced the account removal action, filled in my password, and confirmed the prompt. My account was gone.
I did NOT EVEN NOTICE when it happened. The only reason I know it now is because I managed to reproduce this behavior with a new account. I reproduced it one month later, after exchanging multiple nervous emails with Mendeley Support.
The potential for abuse of LastPass is huge. The hope is that LastPass will get better after this acquisition.
I could grumble for awhile, but I do see one positive change I think will be made quite soon - Lastpass Enterprise did struggle to pass passwords through remote sessions (to a client server, for example). We played with using Thycotic Secret Server, but Lastpass Enterprise is better in so many other ways that we dealt with copy/pasting passwords into the remote session. If Logmein can bring Lastpass integration through their remote tools I'll be really happy, and I think it will drive people back to Logmein who left over the past few years price gouging.
That all said... Logmein was really really terrible about grabbing the clipboard of any user who had recently connected and hanging onto it. 'Pasting' into a session often splooged some other guys clipboard contents (funny jokes, personal password, embarassing URL)...
We're also not building a company around it, we've absorbed the work of keeping it running as our agency (wearewizards.io).
If we start charging it's going to be for some actually new feature, not for the current product.
For everyone else, I hope they don't butcher the free version like they did with LogMeIn.
Now they also seem to be notorious for price hikes, although I have no first-hand experience. I'm a LastPass Premium subscriber and have enjoyed using it, but I'm worried about what the future holds now.
We then went down to the 'Central' version of LogMeIn, as it still provided remote access capabilities (which was all we wanted) and were able to save a bit of money. Well, two months later they billed us the full renewal price of the old product ($2499) and it took us 6 months of back and forth with them to refund that.
Commonkey is another great program and is free for teams of three.
I didn't want to have my passwords stored on any servers from external companies. Instead I use tarsnap to backup my passwords.
But it doesn't appear to have anything like Lasspass's autofill on android that supports the fingerprint reader.
Here it is:
My devices - Linux Desktop, Laptop, Windows 7, 8 and 10 Machines at work, Android Phone, iPad (Work)
Lastpass worked on all of them. The only alternative I could find was Keeper https://keepersecurity.com that worked with all of my devices.
Anyone have experience with Keeper Security?
Wondered if people have experience with them.
So for me that is $20 for iPad and Android BUT my iPad is a company product that is likely to switch on me shorty with an upgrade.
So this might not work if it is $20 per platform per personal and business use.
And I've already got spider sense tingles about them... lack of SSL cert for a security company? No pricing info? No "About Company"?
I hear a lot of good things about 1Password, which seems to work for my iPhone/MacBook. Anyone know if there's a reasonable option for using it on Windows?
They also have bundled licenses for both platforms.
(There's an official Android client too, which wasn't mentioned above)
Even with LastPass offering 2FA, its just that, authentication, its not used as part of the encryption/decryption process (I did read somewhere it helps with your local cached copy, but it doesn't effect the copy stored on their servers)
If you wanted to use your YubiKey with 1Password, you could set a static password and 'split' your master password (half you remember, the other half is keyed in by the YubiKey)
Why doesn't makes sense in a mobile device?
> Even with LastPass offering 2FA, its just that, authentication,
And if you really have to pick a proprietary thing, then 1Password has always been better because it doesn't have an online component, syncs with Dropbox only if you want it to and whatever happens with the app, the Dropbox sync includes an HTML/JS interface that can read the dumped passwords, plus the format is documented.
My hope now is that LastPass won't go down the same path as Meldium, after they were acquired by logmein; the product went downhill very quickly.
In the case of Meldium, it seems they were trying to improve the UI by improving the design at the expense of functionality. It feels like LastPass is in a similar position now.
They don't plan to ever do auto-fill for security reasons, which I'll admit disappoints me.
The zip contains
* payload, a folder containing subfolders, password text files and other personal information.
To "unlock", extract the zip.
To "lock", run encrypt.sh.
Make sure that the extracted data won't get backed-up at any time. I just came up with this a few days ago. Let me know if you have any concerns about this.
Here's the encrypt.sh:
I trust GNU zip, but can I trust MiniKeePass? Can I trust iZip?
Open/edit works seamlessly in Emacs.
Then again, it's currently good enough that we are paying them a pretty large yearly sum, so perhaps there is no business case for spending the resources to improve it.
We have developers, and regular ol' employees who use this of varying levels of computer comfort. We need to be able to share passwords org-wide and team-wide.
And on a personal note, I need to be able to manage my own passwords and my partner's and we share from time to time.
Have you considered Okta [http://www.okta.com] for your enterprise needs?
As for XMarks, I'm torn. It has nice potential, but I feel like the company has basically let it stagnate warts and all. Some seemingly-obvious features like tracking changes to saved bookmarks (diffs, not checking the content of the URL) don't exist, and the ways to get archival data out to do it yourself are clunky and manual. What made me start wanting that was a browser going funky and losing a chunk of bookmarks - I had to kind of ballpark when that was, go back, dump a backup, find them in the HTML dump backup file then recreate and I'm not certain I ended up getting them all.
Yeah, I'm going to be switching password managers.
What gets me down about this is the trust I had for the service LastPass provided. I appreciated their open and pre-emptive communication. They were willing to dive into the details of a possible issue and explain everything about it.
I've been using LastPass since 2011 and have been really happy with it (other than the slightly opaque UI and design from the 90's).
I'm hopeful about the acquisition, maybe logmein can give some UI/UX guidance to the LastPass team, while the LastPass team can help expand and grow to help more people to use a password manager.
If not, there are plenty of other password managers out there, I suppose.
I occasionally use 1Password for the iPhone, but still mostly rely on the built-in OS X Keychain app. 1Password is too expensive for the Mac and all the other managers don't seem to place much emphasis on UX.
This class of application is quite poor to use overall. Even as nice as 1Password is, its syncing story is not very good.
- Zunächst, we (LogMeIn/LastPass) have no plans ...
- Zweitens, this acquisition provides us ...
- Seitdem, LastPass has grown by leaps ...
Overall it's probably a good thing that the product is transferring to a more financially stable company with healthy enterprise sales. I'd rather it head in that direction than struggle for a long period of time and put my data at risk. The worst thing that could have happened with this product would have been a spiral of neglect
Something I can serve from a VPS that works on most platforms.
Were they to change their minds LogMeIn could in all likelihood sue both LastPass and the owners of LastPass, personally and severally, for breach of contract and for a number of other things.
No government will interfere either, as few if any governments will assert that they know both a business's business and the needs of that business's customers better than the business itself - not to mention because of the precedent it could set and uncertainty it could engender.
The best response of concerned customers is one, research, and two, should the research so indicate, voting with their feet and either saying put or moving to another service.
How are these services that people mention in the comments, better at doing the same?
Is there a better way someone has come up with to manage passwords where you don't have to rely on these services?
On my Android phone I use a keepass app that includes a keyboard, which integrates typing in username/password.
Also supports 2fa totp, which feels to me like poking holes in the whole idea, but if you want to use it it's there.
I'm a Keepass user and I didn't know it had support for 2fa. Why do you feel it's poking holes in the idea?
- Excel has larger attack surface than purpose-built password managers. Have you checked Excel doesn't leave behind recovery copies of your passwords file in c:\windows\temp ?
The cost, of course, is in the data being remote, and you generally have to trust the company and processes around their handling of your data.
Is there something remotely as good as 1Password for Linux?
Nevermind, I remembered how to Google... http://www.howtogeek.com/202825/what’s-the-difference-betwee...
And I literally just migrated all of my stuff from KeePass to LastPass like two weeks ago.
Back to the drawing board, I suppose.
1)Pen & Paper
2)Protected word doc saved in dropbox under an unassuming title like "Low fat, low calorie, totally un-appetizing vegan meals"
That's a major red flag for me and I've been keeping my eye out for an alternative for a while now.