Hacker News new | past | comments | ask | show | jobs | submit login
LogMeIn Acquired by Private Equity (techcrunch.com)
380 points by AznHisoka 36 days ago | hide | past | web | favorite | 289 comments



My old company used Logmein professionally to remotely manage 100s of computers for many years before switching to ConnectWise.

They had a great product for a long time but some of the worse licensing decisions I've ever seen. It went from being completely free to several thousand dollars overnight without any additional features, support, etc being offered. And meanwhile development was stagnant with only weird changes to the UI and punitive changes to free users being rolled out.

We would have been more than willing to pay for licensing. Even in the end it was the one product we found that could do some really cool stuff remotely (like recover a frozen Windows system and reboot it into safe mode). But they just handled the business side of things like complete idiots.


A customer of mine had LogMeIn Pro just to access a single pc from a couple of phones every now and then. One day it suddenly stopped working. As it turned out, in the three years they had been using it, the price had hiked from about 100 EUR to over 350 EUR. Having no idea who charged them that much and what for, they reversed the credit card transaction. Since then, they've moved on to RealVNC. It's 1/10th of the price and works just as well if not better. Don't let the name discourage you; the product has very little to do with the old and inefficient VNC protocol anymore. I was hesitant to try it, but it's been a very positive experience.


I'd recommend that your customer checks out [Chrome Remote Desktop](https://remotedesktop.google.com/). It's completely free, simple to set up, and seems to perform way better than VNC. Plus no need to open firewall ports or worry about encryption and security – that's all handled for you.


Just for the record, you don't need to worry about any of that with RealVNC either, and the protocol seems way more efficient than any other VNC I've used. Frankly, I think the product should be renamed to get rid of this bad association. It's way more similar to LogMeIn Pro than TightVNC, for example.


It’s a terrible user experience for anything other than clicking on things. Can’t use a lot of keyboard shortcuts because they trigger browser behaviours. An issue that didn’t exist when they had a chrome app. The website always breaks in some form. Is laggy. If you’re using windows and the lock screen happens and you come back. Copy/paste stops working.

The chrome app was awesome. The website sucks.


If it's free, you are the product. It's by Google for crying out loud.


I'd really like to use this but without a Google account. Hopefully this will be possible one day.


What's still in it for Google then?


I think that’s the point.


> Don't let the name discourage you; the product has very little to do with the old and inefficient VNC protocol anymore.

But RealVNC's products are all built on that same VNC protocol...? At least I see many things referencing it and nothing indicating that they don't use it.


That's the question I have; can you access the remote login screen with realvnc? My understanding was you couldn't do that with vnc on windows, have to use rdp.


No need to pay for RealVNC, when TightVNC is FLOSS. Can confirm the login screen is accesible in global service mode.


If it's still based on VNC, for sure it's much more efficient (and user-friendlier packaged) than any of the open source competition I've experienced over the years. So much that I think that still using the name VNC does them more harm than good.


I think perhaps you're unfamiliar with the open source competition. Most of the open source VNC servers support something like H.264 which while a little dated, is still quite efficient, especially for the low-latency streaming needed for remote desktop applications.

The only novel-looking thing I see on RealVNC's website is adaptive bitrate, which I don't think I've seen in the open source servers.


You know, I might be. In that case, please enlighten me with a counterexample. Anyway, the point isn't to pick on the competition. I'm merely saying that RealVNC is a fine, fairly priced product with a rather bad name. Many people, myself included, have a dismissive initial reaction based on memories of old-fashioned (slow, hard to set up over the internet) VNC. At least with RealVNC, it's nothing like that anymore, whereas with TightVNC for one, it still pretty much is. I use the latter as well, but only for light usage on local networks—acceptable and better than it once used to be, yet a completely different experience.


I agree. I have around 500 computers under management, finally left them for Teamviewer after LMI's price tripled and their features halved (or worse). I ran it mostly from Linux, which they seemed to be withdrawing support for.


I wish Teamviewer has a small business pricing model. I love their product. However, I only have ~ 70 clients I need to support at a 501c3 school. Their cost are still too high for us.


https://www.techsoup.org/teamviewer

$10 to TechSoup gets you 60% off list price for TeamViewer. Your license pays for simultaneous controlling sessions, so our plan that would have cost $200/mo. is $80.

We've had access to TechSoup forever, but we keep forgetting to take advantage of it. We were able to make our money go a lot farther than it would have this year because we started looking through their catalog again.


Hi. I’m a developer on Jump Desktop. If you’re interested, we have a similar product with no computer limits and it’s very reasonably priced ($9/user/month): https://jumpdesktop.com/#teams .


You may be able to get a discounted TeamViewer license through the school via Techsoup.org.


At the time I loved their product and installed it on parents machines. It was great. I was happy to pay 100 or 200 a year but they wanted way more. Stopped using it and never found an equivalent.


I use copilot when I need to remotely help my parents.

https://www.copilot.com/Pricing


Why not use Chrome Remote Desktop Remotedesktop.google.com which is free for family support? It's much easier than it used to be


For what it's worth, ConnectWise is also owned by private equity (Thoma Bravo). TB seems to be supporting the growth of the company.


My current employer was formerly owned by Thoma Bravo. They "supported growth" on the surface. Under that veneer was really juicing up the company to make us more attractive for their exit - short term decisions that have resulted in a lot of employee burnout and have put us in a bad place under our new ownership.

I hope to not have to work for a PE-owned company in the future, as their goals (to position for their exit, usually 3-5 years after initial purchase) often result in short-term oriented choices that hurt a company's long term potential


So the quarterly goals of public companies are better? Many companies sell to sponsors in order to be able to make long term strategic decisions.


> TB seems to be supporting the growth of the company.

PE "support growth" for forcing loans on the company with expectation they'll be paid back, which makes the company operate very differently than a VC-backed growth startup.


An interesting approach. When I worked at a university and had 100+ machines to handle (back in the WinXP days), we just used udpcast + sysprep to do full disk cloning. We never bothered with individual machines, if anything ever went wrong we just wiped the whole thing and re-cloned it.

Keeping 100+ machines up and running, and caring for individual ones sounds like a whole lot of work. Admittedly we got away with it because those were lab computers used by students, and data persistence did not matter as much (each student had a samba share mounted, which was on a central server and had backups)

I do wonder if full disk cloning + sysprep is still an option with newer versions of windows.


In my own experience sysprep is not necessary anymore. In fact, we abandoned it because it seemed never to quite work properly anymore which leads me to believe that MS forgot it existed and broke it in some Win 10 update (Thanks guys! [I hate you]).

On modern networks and storage hardware, reimaging a PC from scratch is sometimes faster than rebooting Windows after an update (and always faster than a "feature" update).

Anyone looking into mass image deployment should check out Fog[0], because it is free and works pretty well.

[0] https://fogproject.org


Microsoft definitely didn't forget that sysprep exists, there's a decent sized group in azure that cares just about windows image creation and associated technologies. I think most of sysprep is simply considered "done".


We managed a bunch of small businesses, with sometimes completely different hardware, Windows versions etc. So unfortunately a lot of the larger scale/same local/VPN network IT management solutions wouldn't work for us.


My second job out of high school was at my school district as a PC Tech. I had the highest successful case closures of any technician because they all tried to fix the problem. I just moved the user's local docs to their network share, re-imaged the PC in 5-10 minutes, and copied their local docs back to their local folder. I had ~1000 desktops under my management between my 3 K-9 schools.

Worst job I have ever had though. The amount of politics that go on in a public school is ridiculous.


I thought most k12 were running stuff like Deep Freeze.

https://en.m.wikipedia.org/wiki/Deep_Freeze_%28software%29


This was 15 years ago. We had just rolled out Deep Freeze to a handful of labs across our district, but not to the teachers (who had local documents) and the 4 student PCs in the classrooms - yes each class had 5 PCs total.

Our problem with Deep Freeze was getting it to work nice with our locally installed software mixed our custom Novell stack that pushed software dynamically based on logged in users. So we relegated it to computer labs that had no local software.


Those were the days. Windows XP really was the sweet spot when it came to reliability and hackability. Sure, Windows 7 was more stable, but also much more opaque. Although I never cloned machines, I did automate the hell out of installs. When it finally worked, it felt like a miracle. Boot from PXE and enjoy the show. I was happy to discover that the most important tool I used back then can still be found on the internet: http://unattended.sourceforge.net.


It does sound like they could have handled the switch better but.....going from completely free to paid...maybe they had mispriced the product and you had benefited from years of their hardwork at no cost? If they ended generating more revenue than they lost then it should be a net win for them. There's the reputational risk to consider by making this price transistion.


Great product, hundreds of computers for professional purposes, and "several thousand dollars" is a sticking point? Why?


(Not parent but I have experience from both sides: I regularly purchase five-figure software licenses for my clients, and help clients optimize their own pricing.)

It's about trust and expectations.

If a software company blindsides me with a 1,000% price increase overnight (or ∞%) without advance warning, then how can I trust them to warn me in advance about other major changes in the future? If they don't have the decency to give advance notice about that, can I trust them to give me advance warning before they change major features, or plan to have downtime, or plan to shut down--which becomes a real concern if they're fumbling around with pricing changes.

SSO and access management services are things I want to have zero nagging concerns or doubts about. Anything that shakes my trust in those services is enough to make me consider other options.


Its this, it was a trust thing. Logmein as a company always behaved very strangely. They were very opaque about their roadmap, upcoming pricing changes etc. Where-as other companies have slowly transitioned free users to paid it was extremely sudden with Logmein. We did actually stick with them when it first moved away from being 100% free but then a year later they really ratcheted up the cost, again with no warning.


I think the 'overnight' part is key here. I can easily get approval for 20k-100k in necessary software but the approval process can take 1-3 months. If a free service suddenly goes paid without notice, it is much more disruptive than waiting 2mo to start with a new paid service.


Exactly. Big companies move slowly. A small, well-funded company may be able to approve an X-thousand-dollar payment in a matter of days, but a large company just can't react that fast. There are too many layers of process and approvals and vetting and negotiation to wade through.


Companies will pay money for software, but they are risk adverse and being inconsistent (e.g. large immediate price increase) will make them switch unless they are currently stuck with your product (e.g. Oracle).

No one likes going into another budget meeting because some vendor didn't give you warning and you need to adjust in the current fiscal year. Your company will be remembered and not in a good way. If you sell software to businesses you really, really need to understand corporate budgeting and the process they go through. Heck, if you sell to Federal (US) entities you better know the significance of October and schedule accordingly.


Windows itself costs $200 or so. LogMeIn isn't worth 5 times as much as the operating system. At that price, it very quickly becomes cheaper to investigate alternatives like just using a Linux machine where remote management is a breeze, and there are tons of high-quality, free tools (with optional paid support contracts that are very inexpensive by comparison.)


Although I agree with your statement of value, it should be noted that Windows does not cost companies $200. Microsoft has a much lower per seat number that most companies pay.


Take a look at the pricing for Jetbrains products. 500€ for the first year only. I'm sure it has some features above "vim with syntax highlighting" but I can't tell which one costs 500.


JetBrains's ReSharper and their Rider IDE are both excellent products and do a ton more than just "vim with syntax highlighting".

ReSharper alone would easily save me that much per year in productivity gains.

I moved over to Ubuntu from Windows, so picking up Rider as my replacement for Visual Studio was well worth it - and at about 1/3 of the price of Visual Studio alone (and having the ReSharper features built in) it was a bargain.


The nice thing about their pricing is that it gets cheaper in the the second year and then again the third year. So from the third year on it's only 389 euro/year for the toolbox bundle that includes all products, so you'll be set for tools tools for any mainstream language.


Yeah, 900€ just for two years is nothing. And this is just for the IntelliJ IDEA, not the whole pack. The standalone Office suite is 650€ for life. Photoshop from Adobe is quite a lot cheaper (some variant goes for $120/yr).


Sometimes "free" is the maximum the budget will allow. Sometimes it's just about feeling you're been ripped off with a bait & switch.


they're infamous on /r/sysadmin for having a relatively normal price, then suddenly going up 3-400% with little notice. It's not easy to lift and shift this quickly so some companies have been forced into getting hosed for a year.


Because people never like to pay more for something that was free... Also makes accounting mad


I always assume that something free might go away or become unfree at any moment. Doesn’t seem too surprising to me.


Bitwarden is a nice alternative. And you can self-host the server part if you want.

edit: LastPass is owned by LogMeIn, that's why I mention this alternative.


I'm a +1 on BitWarden, I moved over pretty early on (paid account is only $10/yr) due to their fantastic migration page telling me point blank "LastPass may screw up special characters exporting your data" and lo and behold, my initial export had a bunch of HTML entities injected just like they said. That disclosure/warning sold me right then and there: https://help.bitwarden.com/article/import-from-lastpass/


>moved over pretty early on (paid account is only $10/yr)

LastPass started as $1/month, which I thought was a great deal. I started using it in 2011, and never really paid attention to the fee.

Then, it got bought by LogMeIn, and in 2017 they upped the price to $2/month. Last year they upped it to $3/month ($39..that's when I noticed the charge). That's right: for 6 years it was one price, which tripled in 2 years without any enhancements as far as I could tell.

Needless to say, this will be my last year with their product. I'm using KeePass2 locally on my devices, and it seems to do what I need.


If anything the price increase came with an enormously slower plugin. I switched because it just pissed me off.


They also made mobile device access free when they raised the price to $2, making the premium version less necessary though.


How are you sure that your keepass 2 DB doesn't get corrupted while syncing it across devices?


I have a few access keys in my LastPass account that contain quotation marks as part of the secret.

Their web interface won't present the textarea field for me to copy the key for use. I'd have to resort to the export options to get the plaintext and Ctrl+F for the key.

They're AWS keys, so LogMeIn's own staff should've had the same gripes I have, but it's just not fixed yet.

I'm going to take a look at BitWarden and see if I can move over as a winter break task.


"I'm going to take a look at BitWarden and see if I can move over as a winter break task."

I did it in 20 minutes this morning, would highly recommend!


I self hosted with bitwarden_rs a slimmed down version of the API server that runs fast. I found some tutorials online there are lots) and host it on a very small cloud instance. (google cloud f1-micro)

All in all, it took me an hour of time, and 13 dollars to buy a domain since I didn't already have one.

Now I need to permanently move my wife off of lastpass to bitwarden, so I can see how the shared folders work, etc.


1Password is also very good, and has native apps compared to Bitwarden's Electron-based ones.


Unfortunately 1password is the only one that doesn't give me headaches while using it cross-platform. I wish I could use an open alternative with an equal UX.


Heads up: I work for 1Password

Any reason why you'd say unfortunately there? I see it as a pretty big perk rather than an unfortunately. But I would also like to understand a bit more so I can pass along any necessary feedback to our team.

Thanks!

Kyle

1Password Security Team


Not the OP, but I dropped 1Password when it became clear you're forcing folks to cloud storage. I was sort of hoping the carefully chosen weasel-words about that used at the time meant you'd reconsider if enough of us made noise, but later releases made it clear where you're headed.

It bummed me out - I really like 1pw. And I still don't have my password situation back to the same level of ease-of-use yet, but I switched to control the timing. Storing my password DB on other people's computers is simply not going to happen.


+1 for this.

The only reason I ever got onto 1Password in the first place was because I didn't have to use any cloud storage, and could use wifi sync between my devices.

I was extremely disappointed as that started to change. It was an absolute nightmare having to retrain all family members in the nuanced differences in how Bitwarden works compared to 1Password. I hope I don't end up having to eat that cost a second time.


It seems really self-centered to retrain non-technical family on new software to satisfy your own philosophical needs that they may not share.

There is nothing about “being a cloud service” that makes 1Password unusable for your family other than your own objections. On the contrary, it probably protects your family against their own incompetence compared to messing with local files, or depending on you to run a server for them (what happens if you’re hit by a bus?)

Obviously that doesn’t mean that Bitwarden isn’t a superior solution, but that’s not why you switched them over.


Presumably they 1) haven't enslaved their family and 2) aren't charging them for tech support

If 1) is true then the family doesn't have to do what they say. They choose to do what they say because they value their technical expertise. Part of which is a preference for non-cloud solutions. That they don't share it seems irrelevant if they've already decided oarsinsync knows better. If they're like the average person then they probably don't value any password manager much at all beyond oarsinsync saying to use one.

If 2) is true then it's generally accepted for the free help giver to make decisions that make their life easier that they might otherwise not for a paid client. Your chef dad doesn't go to the same effort to plate food at home as they do at work. Your mechanic brother might pop a beer and ask you to hold the light while they fix something wrong with your motor. And yeah, the family computer nerd will put the free help receivers on to the same software they use so they're familiar with any problems that might occur. If oursinsync moves over to bitwarden themselves but leaves their family on 1Password and something goes wrong with 1Password in the future, what is the non self-centered move? Are they stuck relearning whatever changes 1Password has made since then? Should they refer their family to customer service?


What a weird, accusatory, windmill-tilting comment.

to satisfy your own philosophical needs that they may not share

They are, presumably, adults who could reject the suggestion to change if they had strong feelings about it.

but that’s not why you switched them over

If you think cloud services are bad, then Bitwarden not using cloud services is what makes it a superior solution, and then would be why you switched them over.

There is nothing about “being a cloud service” that makes 1Password unusable for your family other than your own objections.

But you could say that about every tech decision every tech person makes on behalf of other people. 2015 LastPass was hacked and user details stolen, 2017 OneLogin was hacked and they accessed "user data, apps and various types of keys" and they "cannot rule out the possibility that the threat actor also obtained the ability to decrypt data"; "I don't trust (or don't want to have to trust) cloud services" is a reasonable choice to make.


> There is nothing about “being a cloud service” that makes 1Password unusable

As the meme goes, the cloud is just somebody else's computer.

> what happens if you’re hit by a bus?

I've already thought about this, and there are dead man's handles already in place to handover control to a person I trust, who is also a user of some of my hosted services (although not password management, because they also choose to host their own).

> It seems really self-centered to retrain non-technical family on new software to satisfy your own philosophical needs that they may not share.

They are welcome to use whatever they want. None of them think password managers (or backups!) are things that are worth paying for, so I pay for and support my chosen solutions. I don't have the time or interest in supporting multiple products for people who don't value any of the solutions in the first place, so I do the best I can to ensure they have something.


Thanks for the feedback.

I won't pretend that we're the password manager for everyone. If we're not the right one for you then hopefully one of the dozens of others out there fit the bill.

I appreciate you taking the time to respond and let me know your opinion on this though. Thanks!

Kyle

1Password Security Team


I assume you have numbers showing the total number of whiners like me are an acceptable loss, but I find dropping that feature inexplicable, honestly.


To be clear, we haven't dropped anything.

We still sell licenses.

We still provide local vaults, in fact you can use them via a license (that we still sell) AND you can use them with a subscription.

Want to buy a license?

On the Mac app for instance, open it on a fresh installation. Goto the welcome screen that pops up on first launch, from the list of options choose the "Create a new Local Vault" option in the list. This will take you down the path of buying a license.

Or if you sign up for a subscription, goto advanced options and enable the option to create local vaults. You can sync these to Dropbox or iCloud if you wish, same as you always have been.

There's similar options for Windows. Though it only includes Dropbox syncing and not iCloud.

Hope that helps.

Kyle

1Password Security Team


I know you haven't dropped anything yet.

The Windows release and the choices your firm made about how to talk about the change have made it pretty clear where this is headed.


Sorry to say I don't think any words I'm going to say will help here. You'll just have to keep an eye on what we do I guess.

I've said elsewhere but we won't pretend to be the single password manager that works for everyone and I'm sorry if we end up being one that doesn't work for you. Hopefully one of the dozens of others out there work for you if we don't though.

Thanks for the feedback though! I certainly appreciate it and will pass along the information I've gleaned from this thread to the various people that need to see them.

Kyle

1Password Security Team


From running a service, I assume the calculation they did was simply "number of people that whine to us because they lost their self-hosted files > number of people that whine to us because we don't allow them to self-host their files".


I think this is probably the better way to look at it.

We seen a lot more "I can't access my data anymore" emails before we had our own service. Those seem to have dropped a lot, at least based on my own experience when doing support, since introducing 1Password.com.

At the end of the day, our 1Password.com solution is also more secure thanks to the Secret Key being used as well. Our local vaults are certainly secure, but 1Password.com is even more secure.

No matter what we do we will have people who don't agree with us. The best answer we can have is be able to logically explain why we have chosen to do something the way we have. Whether the user agrees or not is up to them, but we try to be able to at least explain why we chose to go a direction and hope that the explanation makes the most sense for the most people. We don't always get it right, but we certainly try our best.

Kyle

1Password Security Team


Yeah, that makes sense, though I might have kept the self-hosting feature hidden behind a wall of "you're REALLY not going to get ANY support for this" text. Then again, the maintenance might not even be worth it.


We still sell licenses, it's not super easy to find but it's there. Open the app on a new machine, on the welcome screen of options there's a "Create A New Local Vault" option, which takes you down the path of purchasing a license if one doesn't already exist.

Those on subscriptions can also still create local vaults as well. You'd have a subscription plus the option of local vaults.

So options haven't disappeared, they're all there.

That said, providing an option without support is kind of bad form. We pride ourselves on providing the best technical support we can for our users. Selling a license and then not supporting it would just not be within what we consider good business or, well, being a good developer.

So whatever we sell, we have to support.

Kyle

1Password Security Team


Hmm yeah, that's fair.


There's a good argument that a subscription-based cloud-stored passwords isn't a good password manager for anybody.


I still use 1password because local storage and wifi sync still works but the minute that stops I'll look for another alternative.


>> Storing my password DB on other people's computers is simply not going to happen.

What is the risk scenario you're worried about?


A situation where the remote datastore is compromised and now with it, all of my passwords.

Or if I was to buy into 1Password's worldview, all of my credit cards, bank accounts, ID cards, everything I want to keep a secure digital copy of, is at risk.

Having a sense of control is a huge part of the way we think. Despite the greater risk of death in a car compared to an aeroplane, there's less concerns about car travel because there's a sense of control. Similarly, having the data under my control may be less secure, but that's still within my control rather than dependent on someone else doing the right thing.


I think you may want to take a closer look at how 1Password works. I'll give a quick rundown here, but our security white paper goes into much greater detail: https://1pw.ca/whitepaper

Your data is encrypted locally on your devices, it is never available in a decrypted form on any of our servers. A compromise of our servers would result in the attacker getting gibberish (encrypted data).

To decrypt that data the attacker will need both your Master Password and your Secret Key. A Secret Key is a 128-bit key generated locally on your device, your Master Password is a passphrase set by you. These two keys are combined and, to simplify greatly, used to decrypt your data.

The only way an attacker is going to acquire your Master Password and Secret Key are from your devices. Those are the only places those keys really exist.

Guessing both the Secret Key and a strong Master Password are effectively going to cost such a significant amount of money, or due to time and processing constraints, be infeasible.

An attack would have to be highly targeted. In other words, you would have to be a specific target to make any attack be worthwhile. If you believe you are likely to be the target of such a very specific attack you probably have a team of security personnel working for you who could better advise you than I could.

I'd really suggest looking into how we do things. The only feasible attack on your data would be through your devices, and any other password manager that stores data locally on your devices will be impacted the same exact way in this case.

Hope that helps but if you have questions please let me know and I'll do my best to help get you answers.

Kyle

1Password Security Team

Edit: apparently markdown isn't a thing here.


> Edit: apparently markdown isn't a thing here.

Extremely satisfied 1Password customer here. You're correct about lack of Markdown, and for the details: https://news.ycombinator.com/formatdoc


Hey thanks! I guess I've never had reason to use Markdown here until now and just discovered that after years of posting here.

Kyle


While what you are saying seems technically sound it implies that you do everything right when generating Secret Key. Let's imagine you have a bug and it fills Secret Key with zeros (or some fixed sequence) and it becomes known after quite some time, and in between your server is compromised. How much easier it makes for an attacker to decrypt data en masse? I would assume some people may not like that such attack vector even exists.


We can talk all day about bugs and mistakes. They're a fact of life and we are human.

It's also important to remember that your Master Password still plays a role and YOU provide that. If you use a weak Master Password, and we somehow introduced a bug that set the Secret Key to 0's, then your Master Password would be the only thing protecting you. In an ideal world you'd continue to use a strong Master Password.

Kyle

1Password Security Team


Thank you for your replies and giving a look into how 1Password handles security.

I've been looking to switch for a while now, as the UI of 1Password looks superior to LastPass and my wife needs a strong UI because else she won't understand her password manager :).

Few questions though; - Will you add support for the newer 2FA options anytime soon? I'd love to use a recent Yubikey when providing the second factor; the FIDO2 keys and NFC on iPhone. - Is there any roadmap on when the newer 1Password X becomes the default plugin for use in browsers? As a Linux user I believe my options to use 1Password are somewhat limited.


> Will you add support for the newer 2FA options anytime soon?

We've added Yubikey support for the web client and for 1Password for iOS.

We don't comment on future plans because they could change, but we would like to at least see feature parity here in all of the clients, but I can't comment on when that may happen.

2FA doesn't add the same level of security to 1Password as it may with other services so we need to be mindful of bordering into security theater.

> Is there any roadmap on when the newer 1Password X becomes the default plugin for use in browsers? As a Linux user I believe my options to use 1Password are somewhat limited.

I believe that's the direction we're heading but as I mentioned we don't generally comment on specifics. We've done the whole comment publicly and say "yes, it's coming soon" enough times and then had to backtrack and say "sorry, no can do" that we just don't say anything specific anymore for fear of upsetting users.

We always tell people buy for what the product is now, not what it may be in the future. And outlining future plans gets people to buy based on what it may be in the future, and those simply aren't promises we can always keep. So we do the typical under promise, over deliver when it comes to talking about future plans.

Hopefully this doesn't come across as pushing your questions off, that's not at all what I'm intending but clearer answers just aren't something we can comment on at this time.

If you do have any questions moving over though feel free to get in touch via our support page and I'll do my best to get you answers.

Kyle

1Password Security Team


"To decrypt that data the attacker will need both your Master Password and your Secret Key. A Secret Key is a 128-bit key generated locally on your device, your Master Password is a passphrase set by you. These two keys are combined and, to simplify greatly, used to decrypt your data."

I'm curious how syncing works, specifically in regards to the Secret Key. Seemingly, to me, if the process works as described; I'd need to copy that Secret Key to each device I want to sync, otherwise there'd be no way to decrypt the data on the new device.

What am I missing?


You are correct, you'd need to provide the key to each device.

To sign in on a new device you need:

1. Your email 2. Master Password 3. Secret Key 4. The URL for the server your data resides on

When signing in on a new device we offer a variety of ways to help you do this.

1. Your Emergency Kit, a PDF document, has a QR code that can be scanned on most clients. 2. There's also ways to show the same QR code, or a setup code, within the apps to scan on screen 3. For Apple products we do have a method that saves the Secret Key to the Keychain and can sync via iCloud to help facilitate adding the account to new devices 4. You can always do it manually as well

Hope that helps get a better idea of what has to be done there.

Kyle

1Password Security Team


Have a look at ‘Enrolling a new client’ in the white paper linked in the parent comment. The secret key is transmitted to the new device.


Replying to this as I can't reply to the other child comment: The secret key is emailed given to you when you enroll and is used, frequently, every time you enroll a new device. 1Password would have to screw up catastrophically to just not use it.

Obviously they _could_ screw up catastrophically, but if you don't trust them to operate their service with a basic level of competence you probably shouldn't be using them as a password manager to begin with.


The comment above says Secret Key is generated on my device, how can it be emailed anywhere? I don't quite understand how one can enroll other devices with local Secret Key, so I assume Secret Key has to leave my device and travel over the wire. Which raises even more questions, but even if it's not the way it's generated makes a big difference.


It is NOT emailed to you.

It is generated locally as I indicated, and as outlined in our white paper.

Where some users get confused, and perhaps rightfully, is that when you sign in you can generate a PDF called an Emergency Kit, that contains the Secret Key. This PDF is generated entirely in JS within the browser. It is not generated on our servers and then downloaded. Some users do get confused about that.

Our web client is effectively a client running in the browser, it's all local and communicates with our servers the same way that a native app would.

Kyle

1Password Security Team


If you have the DB, then bugs, malware, algorithm weaknesses, insider attacks on the code or operational failures on my part could compromise all my stored secrets.

If you don't have the DB, they can't.


I'm souring on 1password, for both personal and work (we have it company-wide), based on unexpected pricing and licensing model changes. I really liked being able to buy a version _and have it keep working_. I could get it set up for my parents and nothing significant changed because it wasn't a "SaaS" product. I don't need a subscription for a password manager.

So we're ditching 1password for our family, and are likely to do so for work, too.


Same. I'm holding out with a regular licence until they force me off but it's clear that they will, and that they'll probably use the mobile apps as the vehicle.

I've paid for every upgrade for myself and my family so I'm aggregately paying _more_ than I would have paid for the cloud service. But I don't want a cloud service


I tried setting my parents up with 1Password. I realized that for someone without decent technical understanding it’s easy to get into weird states. E.g new account creation has a lot more friction than I would hope for. I don’t understand why the “generate password” button is divorced from the flow of making a new login. This was before 1Pass X so maybe things have changed, but my parents were so frustrated I doubt I’ll get them to try it again for years.

My advice: if you don’t do this already take some time to get some older folk without a lot of technical experience using 1Pass effectively (real-life usecases too like shared vaults). Take their feedback seriously because solving for them will reduce mental overhead for more technical users too.


Thanks for the feedback.

We've been doing a lot of user testing recently, so I'll run this by the team that do those tests.

Really appreciate you taking the time to provide feedback here. You didn't have to but did anyway and it's appreciated.

Thanks!

Kyle

1Password Security Team


I’ll second the 50+ yr olduser testing request. I’m a very satisfied 1Password user/subscriber. It felt very intuitive to me until I setup my in-laws and other consulting clients who are small business owners.

The biggest pain point is creating a new login on iOS in safari. I understand the iOS limitations on browser hooks, but walking a user through creating a new login on iOS over the phone was a test of supernatural patience.

If they create the new login in the app instead of safari then they have to type a URL (or it won’t show up in safari) which for an older person who doesn’t really understand websites have addresses is like asking them to calculate the shortest superpermutation of n=7 “real quick”.

I believe the family plan for 1Password is fantastic. And a bunch of us have/will signup and put our aging parents on it. So a little user testing by older people where you are trying to help them over the phone would go a long way probably.


Thanks for your feedback!

Unfortunately, the iOS side is difficult. We've done the best we can there given the limitations and our imagination at this time. It's possible we drum up a better solution in the future but we haven't had any major breakthroughs in how best to present the UI for this.

We have filed feature requests with Apple to try to get better mechanisms for making this whole process better though. Hopefully we'll see improvements down the road that help us make a better user experience.

Kyle

1Password Security Team


Safe to say it's:

1) It's generally preferable that open-source solutions be as capable & usable as closed-source ones, and

2) having the best option be a subscription service is very, very "ugh", as has been constantly complained about here and elsewhere.


Re: 1. Got it.

Re: 2. It's not just subscription. Download the app (Mac or Windows) and in the options choose to create a new local vault. You'll be presented with a dialog to buy a license if you don't already have one.

I get the complaints about subscriptions, but there are certainly pieces of software I am willing to pay a subscription for. One that is actively improved, secured, and is used throughout my day is one of them. Your opinion on this may be different of course.

I really appreciate the input though. Thank you!

Kyle

1Password Security Team


Hey Kyle! Been a long time paying user. 1Password has helped me help my family use better passwords. We all have local vaults, but I often recommend and help onboard companies I consult with to the hosted service. Thanks for building an awesome app!


Hi Nathan!

Thanks for the kind words. I'll make sure to pass this along to our team. It's always great when we hear positives. Sometimes the negatives can overwhelm the positive in terms of feedback.

If I can do anything to help you with the consulting side please reach out via our support team and you're welcome to ask for me. If I can't help you then I'll get you in touch with someone that is able to do so.

Kyle

1Password Security Team


How would you regain access to the passwords in the local vault if the phone breaks or gets stolen and prevent them from being lost?

I chose not to use a local vault because I fear those scenarios more than the cloud sync via 1Password being compromised.


You can still make backups on all platforms. So it would be a matter of restoring a backup. Typically someone with local vaults also syncs (to either iCloud or Dropbox) so in theory as long as they still have access to that account they can sign in and access their 1Password data. I'd still suggest backups in addition to that, a sync file is constantly changing, and is not an actual backup.

Hope that helps though!

Kyle

1Password Security Team


As an ex-1Password user, y'all lost me when you released a new Windows client that didn't support local vaults and let the old client stagnate while pushing everyone to switch to a cloud subscription.

I waited and waited for local vault support to come back and finally migrated to something else. No other password manager is as good as 1Password but stringing that out for so long cost AgileBits my business, forever.


Sorry for the trouble.

We had a greater need for the 1Password.com support in the Windows client. So when we started our rewrite efforts it focused on that.

In general, we'd agree that it took longer than we wanted, and I'm sorry if that caused you to leave. In the end we were really doing the best we could given the demands we had and the time/resources available to do it. It sounds like in this case it wasn't enough.

Kyle

1Password Security Team


> but there are certainly pieces of software I am willing to pay a subscription for.

There shouldn't be.

> One that is actively improved, secured, and is used throughout my day is one of them.

Not when those problems are completely self-inflicted by injecting Cloud Bullshit into stuff that doesn't need it.


If there weren't pieces of software that people were willing to pay a subscription for, then software quality would be horrible. The reason why 1Password is so good is that the developers are paid to work on it, and some business needs (such as having really good quality stuff so you can get recommended to more potential customers, and so that your existing customers don't leave) push you towards higher quality software. When working on OSS for free, the need to survive pushes you to work at a job, and your OSS work is done in your spare time, often to get things you want done, but not to make an amazingly polished and very user-friendly work.

Subscriptions allow developers to keep improving their software. If you just pay for software once and keep using an older version, developers miss out on money that could keep them working and improving things. OSS is great, but money is important for developers to deliver quality and updates.


I don't remember software quality being a ton worse before software subscriptions became common. Operating systems and certain development practices (maybe, less certain about that one) have led to some noticeable improvements, but that mostly happened before the shift.


I really really don't like software subscriptions, but for a password manager there is obvious ongoing work just to keep it functioning.

It's one thing to use a standalone app like MS Money for 20 years with various hacks and compatibility modes to keep it working. Over the time I've used a password manager I've seen OS and browser updates break parts like plugins or syncing. I've transitioned to using passwords more on my phone (and phone APIs have changed).


The major difference you may be overlooking is that now everything is connected and online, and as a result the software we use day-to-day needs much more active maintenance than before.

When you had a computer sitting in your home that connected to the Internet via modem for 2 hours a day, your OS or apps could be riddled with hidden bugs and holes and it didn't matter as much.

Now we are constantly operating in insecure-by-default environments, and (responsible) companies have to spend much more to monitor, improve and maintain their applications over time, as devices change, underlying operating systems change, new threats are detected and published, etc..

Hence subscriptions..


Software quality was a lot higher before the Internet was a thing. What you shipped had to work, as shipping patches was non-trivial and expensive.

Most such software wasn't subscription based either.


*Citation needed


You introduced a feature without warning a while ago where 1Password would phone home for icons every time it is run (where previously users had the option of creating their own). When Little Snitch flagged this, I was very concerned that 1Password which I had entrusted with my secrets was phoning home without my consent. It took me a while to assure myself that 1Password was not uploading my data to the cloud. I don't see why a password manager needs to phone headquarters every time it is run. I have since blocked 1Password from phoning home using Little Snitch as a workaround.


You're certainly welcome to prevent that. We document every domain 1Password contacts here:

https://support.1password.com/ports-domains/

You can map things up pretty good here. However, note that Little Snitch may not provide the most accurate domains when it comes to CDN services. So do keep that in mind that it may reverse DNS incorrectly. I believe they document this on their own site as well. There's at least this that I could find:

https://forums.obdev.at/viewtopic.php?t=8859

We went so far as with the Mac application to provide a plist that documents each domain it contacts to give context within Little Snitch, but I suspect you're using 1Password X, which cannot provide the same feature.

There's also an open issue to be able to disable rich icons as a setting there. I was a little unhappy that we didn't provide an option for that feature in 1Password X, and I'll bring up again with that team that they need to provide the checkbox sooner rather than later.

Sorry you got bit by this though and thank you for the feedback!

Kyle

1Password Security Team


Not the original poster, but I could think of two possible reasons: 1) As a user, you are providing a lot of trust into a private company to hold some of your most sensitive information. 2) Often, "open alternative" is misinterpreted as free. At the very least, one would need a self-hosted server to gain the same UX 1password provides, which comes with additional overhead (cost and maintenance) for the user.


Thank you for confirming this. I thought LastPass was a LogMeIn entity but it's not mentioned anywhere in the press release.


It's on the products page.

https://www.logmeininc.com/products


It is. I’ve migrated from LastPass a few months ago. The only thing missing is being able to cycle between multiple accounts when auto-filling forms via keyboard shortcut. It’s capable of Custom fields too!


Another alternative is Abine Blur, which is privacy-centric and has some other features.


Does BitWarden do auto-fill on iOS?


No, but with some settings adjustments you can use it as your password manager and it becomes accessible from the keyboard.


Correct me if I’m wrong but this is the same for Lastpass on IOS. At least if LP does auto fill it’s never worked for me.

The keyboard shortcut to paste a password is better than autofill imo.


It does auto filling of username and password but as far as I'm aware, nothing but iOS itself can fill form fields like name and address.


Insofar that it works the same as any other third-party password manager on iOS, yes.

arsana 36 days ago [flagged]

LogMeIn is remote access software. The LogMeIn refers to a local machine,not a website.


Sorry, I should have been more clear and mention the LastPass relation.


I believe GP is referencing the fact that LogMeIn also owns Lastpass.

Edit: Looks like a million and one other people replied at the exact same time I did, sorry. :3


The company owns LastPass, so it’s several things, actually.


LogMeIn owns LastPass.


LogMeIn owns LastPass.


LogMeIn owns LastPass


This thread seems to be dominated by bitwarden recommendations, So I thought I would list some of the other reliable options that I'm considering.

- Keepass https://www.keepassx.org/ | https://keepassxc.org/

- Pass https://www.passwordstore.org/

- Dashlane https://www.dashlane.com/

- 1Password https://1password.com/

- Bitwardnen https://bitwarden.com/

- Lockwise https://www.mozilla.org/en-US/firefox/lockwise/

If you think there are other legit options out there please reply with links to the project / product.



Off-topic, but can anyone tell me of an instance whereby a software entity was acquired by a VC firm and things turned out great?


I don't think VCs often buy companies but PE firms sure do.

One example near me is NXP, a semicon business from Eindhoven (NL) where I live. Philips spun them out after loading them with debt,a PE firm bought them. Radical cost cutting, the usual, but they also accomplished a culture change (to some extent). As a former Philips department, the culture was very slow and bureaucratic, more akin to government than a for-profit business. The new owners made it very clear that from then on, money needed to be earned and anything that didn't contribute to that wasn't worth doing. The company became a fair bit more lean and agile as a result, pushing products and updates faster etc.


I’ve experienced a similar result. TPG bought a large stake in OnSemi. Initially they were going to flip it, so were focused on short term results. Eventually, they realized they had an opportunity to do more and loosened up the purse strings. ONNN bought LSIs fabs in Oregon and was able to refocus as a premium supplier rather than a race-to-the-bottom commodity provider.


Yeah, On Semi has really turned it around in the last 5 years or so. They were on track to be a jellybean competitor.


Others have pointed out the difference between VC and PE, but I think there's a crucial thing missing from your question: turned out great for whom?


I'm assuming they mean users/customers of the firm being aquired.


SOP for PE's is to come in, cut costs, and improve the bottom line without affecting revenue or service.

Customers typically aren't affected but employees are.


> SOP for PE's is to come in, cut costs, and improve the bottom line without affecting revenue or service.

This is fundamentally untrue. Large CAP ($1B+ valuations) is notorious for this, but there's about 5k PE deals per year and those deals are the exception, not the norm, in terms of shear volume. They're great for headlines though! (hello Toys 'R Us)

Most of them are about adding value through various means, one of those might be cutting unnecessary costs.


That's one 'kind' of PE, another is the one that will invest very large sums of money to repeat a play in new markets or to professionalize a company across the board and then use them as a cornerstone in a buy-and-build strategy.


That’s what’s in the news. No one publishes stories about companies who are bought by sponsors, grown and supported, and exited. They are often private the whole time as well.


As Skrebbel already mentioned VC firms rarely acquire companies outright, but it is typical that in such transactions VCs are on the selling side and PE parties are on the buying side.

So let's take it as read that you meant PE, in that case, it depends is the usual answer. There are quite a few examples of PE funds buying companies and letting them run as autonomous as possible with positive results and there are examples of PE funds buying a company outright or a controlling interest who then become 'backseat drivers' but without the relevant experience. In those cases - especially if the PE party consists mostly of accountants and financial people - it usually does not take long before the effects become visible. But there are a great many players and the majority of them is both well intentioned and ends up with positive results. The ones you hear and read about in the newspapers are not really representative for the PE market as a whole, that's just the news' habit of focusing on the trainwreck.

PE fund returns nX to their LPs versus PE fund buys controlling stake in struggling company and runs it into the ground after loading it up with debt. Which headline do you think will attract more eyeballs?


But I'm not talking about "headlines". I'm talking about declines or stagnation that I've seen firsthand. Qlik and ExtJS/Sencha (an Idera victim) all fall in the pattern of being acquired and falling from grace.


I realize, but those are the ones that you will hear about. The bulk of PE investments works out just fine, but quietly. You will find out about them in annual reports and such but because those companies are almost by definition now in private hands there are no reporting requirements in the same way that there are for listed companies or for venture backed companies that are trying their best to pump up their valuation.


I've worked with 100+ software companies who have been acquired by PE and I honestly can't name many that have stagnated/declined.


PE advisor here.

First, VC doesn't acquire businesses, PE does.

Second, I've seen NUMEROUS examples of entities acquired by financial sponsors (PE) that work out well.

If you look at Vista Equity, Thoma Bravo, Silverlake, TA Associates, Accel-KKR, etc. you'll find an incredible amount of wealth being generated.

PS - Depends on what you mean by "turned out great"...


Magento.

Note: am employee.


These guys must really be pessimistic about their future if they are accepting a deal of $86/share. Their 52 week high was $96/share, and as high as $120/share last year.


From 2017 to 2018 they nearly tripled revenue, probably a reflection of the price changes that many in this thread have complained about.

The problem is that since then their growth has completely stalled out and is projected to be under 5% for both this year and next year.

While their revenue tops out over $1B their net profit is pretty slim.

Post acquisition expect to see a lot of cuts to improve cash flow as operations are slashed across the board, and depending on how the acquisition is funded it won't be a surprise to see the company burdened with a bunch of debt.

Then PE will either try to return cash through net income, or more likely than not relist the company after two - five years when the restructuring is complete and the company has a more financially interesting profile, akin to what happened with Ping Identity.

In an ideal world they will also try to increase revenue growth as well, so I wouldn't be surprised to see some more price increases coming down the line as well.


They blindsided us with a 300% increase. I'm very much looking forward to getting off the service. They may have done very well in the short term, but they destroyed to long term business.


PE will continue to milk this cow like they've done before (eg Intuit, etc).


Revenue increased because they merged with the GoTo suite of software.

"On January 31, 2017, we completed our Merger with a wholly-owned subsidiary of Citrix, pursuant to which we combined with Citrix’s GoTo family of service offerings known as the GoTo Business. Following the completion of the Merger, our revenue grew to over $1 billion on an annualized basis in fiscal 2017 and we added over 1,600 employees." - https://q10k.com/LOGM


A 4.3 billion USD valuation at exit is not all bad news I'd say. Better a deal at 4.3 billion than none at 5.5. I'd be laughing all the way to the bank with an exit like that and not worry too much about what could have been.


LogMeIn is a public company. Almost 90% of anyone who bought shares between mid-2016 and early 2019 probably saw a negative return from this because $86/share is still below the price it was at during that time.

If this was a private company/startup, of course you'd be laughing all the way to the bank. Not so if you were a public investor in LogMeIn. Far from it.


I was mostly thinking from the perspective of a founder, not from a public investor.


That might be true though the founder most likely profited most of their money awhile back after the IPO.


The LastPass founder made his stash during the acquisition, it was for $100M or so in cash. But what about the LogMeIn founders the IPO was a decade ago but did they still have a position in the stock, and were they still with the company?


Wisdom. Valuations and multipliers are opinions and suggestions until the wire/fiat hits your account. Take the money and run.


Maybe that's reasonable in private markets, but Logmein was a public company (LOGM). Valuations and multipliers for public equities are the consensus of a set of investors who buy and sell the stock all day. Anyone who wanted to take the money and run could choose to do so between the hours of 9:30 and 4 EST for the last decade.


That depends on the size of their holdings and on how liquid the stock really was, it might take quite a while to liquidate a large holding and it would very likely depress the market, especially if all the execs decided to liquidate their complete holdings (assuming they would be even allowed to).

So the consensus is what it is given normal volume, likely a relatively small chunk of shares changing hands repeatedly rather than a really large block being sold once. The latter would almost certainly depress the price.


In other words, you get a discount for buying in bulk. :)


Yes, but this PE party actually paid slightly over market rate and up considerably from a week ago.


Is this really an “exit”? The stock was already publicly traded.


Doesn't mean the founders still had a bunch of it, is there any listing of the captable, how much of it was still owned by outsiders and how much by early investors/founders?


> Under the terms of the Agreement, LogMeIn shareholders will receive $86.05 in cash for each share of LogMeIn’s common stock they hold. This consideration represents a premium of approximately 25% to LogMeIn’s unaffected closing stock price on September 18, 2019, the last trading day before a media report was published speculating about a potential sale process. The Board of Directors of LogMeIn approved the Agreement and recommended that shareholders vote in favor of the transaction.

Looks like it was only $96/share because there was rumors of this sale.


looks like there was a sharp drop in late july 2018. what happened?


All tech stocks dropped then, see FB for example


They own GotoMeeting, Rescue Assist, LastPass and of course LogMeIn to name a few. I use their GotoWebinar product. Zoom.us has been eating their lunch lately ...


Ah, shoot, I didn't connect this to LastPass. Thanks for pointing that out.


I cancelled LogMeIn because every year they raised prices. Started at like $100 a year and over 5 years went up to over $1000 a year just to get into around 10 PCs.


We changed the URL from https://investor.logmeininc.com/about-us/investors/news/pres... to a third-party article with a bit more background.


LogMeIn Hamachi was a pretty great way of setting up a LAN over the internet for gaming. We used to play Minecraft on it all the time in college.


Hamachi was created by Alex Pankratov. Once LogMeIn purchased Hamachi, they ruined it with the following update (either purposefully or accidentally) by making it no longer work with a large handful of older games. That sanfu in combination with a more bloated UI, forced LogMeIn account, and a splattering of useless features made it obsolete within a few months. It was the fastest rise and fall of a piece of software I have ever personally witnessed. You can read about the original Hamachi on the author's website here: https://swapped.cc/#!/hamachi


Your recollection is off.

LMI bought Hamachi in 2006 and I was involved in the development until 2009. Through that time there were no known issues with older games. Nothing was broken. What was tunneled before was still tunneled the exact same way, including IPX, IP4 broadcasts and multicasts. We did rewrite the client, cleaning up all the cruft, separating the engine from the UI, adding compression support and what not. It still wasn't fully integrated with the LMI core and no LMI account was required. The UI was redesigned in-house, without my participation, and while I didn't like the result, the original look wasn't a pinnacle of design either :)

What happened after 2009 I have no idea. The devs I worked with were really good, so if things broke, most likely it wasn't accidental.


I remember the UI change being around the time most things broke for me, and there were other users in the product forum with their various games also having issues. Maybe those type of posts were always numerous, and I never visited the forums before. For me the games that broke were Starcraft, Red Alert, and a handful of non-internet games. Perhaps the forum/customer-support tickets didn't make it down to you, but something had definitely broke around the time the UI changed.

It's likely the issues were quickly fixed and I am remembering the gradual post-2009 decline more vividly and blaming it on the time when the UI changed, which was emotionally upsetting ;)

But thanks for posting your remembrance of the events, and creating Hamachi in the first place!


FWIW I didn't use it until 2011, which sounds like it was years after the acquisition. It's always sad to see a beloved product go downhill over time, but at that point it was still pretty great.


Definitely look at ZeroTier--it is a perfect drop-in replacement that can be self hosted and the free tier of their hosted version supports 100 devices on unlimited networks. You can easily self host the network controller on a small cloud VM. Clients for macOS/Windows/Linux/iOS/Android/openWRT.


Is there a current (preferably free, ideally open-source) replacement that is as easy to use as Hamachi was?


ZeroTier maybe.


Thank you, it looks very promising, and I like the host-it-yourself aspect.


Software Engineer here working on GotoMeeting (throwaway account). Not having gone through a private equity buyout in my career before, any ideas of what to expect/any recommendations of what to do now?


In their mind, they bought a $4.3 billion orange and expect to make more than $4.3 billion worth of orange juice from it.

If you want to find out what it feels like to be inside of an orange that’s being squeezed for $4.3 billion plus value, stick around.


Another LMI engineer here.

The deal itself would take place next year anyway. Any restructuring would be late 2020/early 2021 the earliest.

The deal provides an $86 exit for every single shareholder (including employees & managers who own shares).

Not saying no to such an offer makes sense, but it also implies that nobody is really convinced that these stocks will ever be worth, say, $100. All-time top was $120 in early 2018, since then the price plummeted and has been moving sideways.

If looking from this perspective - how does this PE firm plan to make money, especially that the deal implies that most shareholders don't expect this stock to rise by any means, which is a bad sign for any kind of publicly traded company?

These PEs would buy the company for ~$4bn. Last year's EBITDA is was just short of $400M - probably they don't want to wait 10+ years for their investment to pay back.

Maybe they will try to 'restructure' (i.e. cut expenses where possible, split the company into multiple companies along business units, deprecate some products), get as much profits as possible in the upcoming years and then try to sell the whole thing again to e.g. a tech company.

Of course this is just speculation, but keeping things 'as is' simply wouldn't generate enough returns to justify the all-cash investment.


Has any private equity buyout ever helped anybody other than the PE stakeholders?


Dell was saved that way. But this here is different of course.


They'll give you a shpiel how this is for the best and that brighter days are to come with new management. Maybe they'll entice folks with an incentive program that says "if profits are x much, you'll get a bonus in 2 years."

Then within 18 months, they'll reduce benefits (e.g. worse insurance plan, change the vacation policy), or maybe actually lay off people and shut down entire departments to boost numbers.

tl;dr - update your a resume and start interviewing to have a backup. If upper management thinks you're a top performer, you have a bit more leeway.


PE cares about value. If you bring a lot of value (e.g. work on revenue generating projects), you stand to do well.

Speculative R&D work is not highly valued, that's what VC does.

SG&A tends to get hit the hardest (HR/Finance/Legal etc.). Non core business functions get outsourced.

Look at the existing portfolio and see where you for in.


Serious question: how much will this impact LastPass? I get that a buy-out creates some risk for the company's future, but is migration really required in the next 6-12 months?


Private equity (PE) has a bad reputation for a good reason. I wouldn't jump to migration immediately, but you should keep an up to date export in a secure place. PE can take years to drive a company into the ground with debt.


I migrated to Bitwarden immediately and removed all content in LastPass and deleted my LastPass account. My experience seeing companies sell out to private equity firms leads me to believe I haven't made that rash of a decision. For me, trust is usually immediately lost once a company changes hands. And when it comes to password management like this, trust is everything.

Honestly, I would have supported Bitwarden before had I known about it prior to this HN post. I appreciate the content you and everyone else has provided in this thread.


Why are you automatically assuming their goal is to load the company with bad debt? That’s only the outcome if the acquisition and plan are unsuccessful...


LastPass recently started deleting a secure note of mine after I’d edit it. It’s been almost two weeks and their support team has done nothing but kick the can down the road. I wonder if the acquisition has anything to do with their very poor support quality.


A lot of discussion surrounding LastPass and alternatives, but what are some actual LogMeIn alternatives that people like?


I use RDP for work, and TeamViewer if I need to fix something for my parents. Chrome Remote Desktop is one other alternative I've used but not in anger.


I've dealt with just about every RAT in existence, and they all have their tradeoffs, and some were good and then got bought or changed to pricing that became prohibitive.

In DoD side, they tend to use DameWare. It was stagnant for a while but has gotten better and even has a linux client now. Think "ugly but powerful".

I've seen fly by night engineers hurdled by IT deps using TeamViewer way more than I would ever want to admit. It "just works" but doesnt have many of the management features.

I had an awesome experience with on-prem ScreenConnect, but then they changed their licensing and names and all kinds of other things. Nice featureset, writing plugins was easy. I still might consider it if I could get a decent deal.

Bomgar was pretty polished and has some interesting mobile/mdm stuff in the works last I tried it, but that was a long time ago.

GoToMyPC and LogMeIn both tend to be favorites of MSPs for some reason, I never really liked them mostly because of the management interfaces and constant license changes.

Citrix really seems more focused on real enterprise. Features are nice but the price reflects it, good support.

RDS/Terminal Services in the windows world is a staple, just have to watch for licensing violations which happen a lot. Lacks a lot of the management features other things have, but is built in.

Then you get into open source, which really comes down to some variant of VNC (choose your poison) which is really all just remote desktop with no management features. There is also noVNC and Spice which are pretty cool and used in more and more foss software (like proxmox for example).

There is Apache Guacamole which is like a gateway to access RDS/VNC et al instances, which is pretty cool.

So yeah, it really all depends on your use case and budget.


I use AnyDesk now as TeamViewer became annoying with their need to install and things like disconnects every x-minutes. Didn't look back since.


I switched from TeamViewer to AnyDesk too. Sensible licensing, protocol compatibility between versions, Linux versions _and_ repositories... Fantastic product!


https://www.cloudberrylab.com/remote-assistant.aspx Not only free, they don't even have a paid version.


If I can't understand the business model, I'm probably not going to use the software.


They primarily sell backup software, and they show the occasional ad to you in the app.


If the business model for a piece of software is ads I will not be using that software.


It's ads for their own products, not third party ads. (It's a little sidebar you can close).

Anyway, no one is forcing you to use it, but it seems a reasonable free choice for now (teamviewer and splashtop, for example, don't allow free commercial use...and commercial means connecting to your own work laptop, not just using it directly for money making activities like paid support.)


"It's ads for their own products, not third party ads. (It's a little sidebar you can close)."

Are these ads delivered over the internet, or served locally?


Don't know, I didn't try to break down the data being transferred. More likely than not internet, so yes, I assume they could change this to third party ads in the future. Or even if it's local, a update could change that. It's a sidebar you can fully close, so it's not annoying in any way...for now at least.

You can read a detailed breakdown here

https://medium.com/@chribonn/howto-use-of-msp360s-formerly-c...


Chrome Remote Desktop.


Teamviewer it the only reliable enterprise solution I've found so far


For just remotely logging in Splashtop is great and a lot cheaper.


ssh, RDP


What? How is a user supposed to show you and reproduce their problem when you're connected over SSH or RDP? Both run in a different session than the user's


Windows has a built-in remote assistance mode that uses RDP: https://support.microsoft.com/en-us/help/4026516/windows-use...

It's more of a pain than TeamViewer though.


I used to play cs 1.6 using hamachi, and it was unmatched at that time. Sad to see the gradual downfall of project.


Keepass; open source, can store the file wherever you wish, isn't liable to be acquired by a private entity since you can just build your own copy.

Use open source software wherever possible, it's just better that way.


Does it work to sync between Linux dev machine and iOS phone?


No syncing built in, it just works on a file and you can use whatever service you want to sync that file. Most of the dropbox-style services will work (although on mobile sandboxing can sometimes be an issue).

On Linux keepassxc is great, with strong browser integration and even has a good extension for integration with ssh-agent.

I don't use iOS myself, but a quick search shows Strongbox as a decent client. On Android I use Keepass DX which is very good by the sync support isn't there. Keepass2Android is better on that front, but has a much worse UI and no support for the new biometric auth process, only the old fingerprint-specific one.


KeePass + Syncthing fulfills all my needs and all without needing to use something like Dropbox or Google Drive for the syncing. You're still free to do so if you want to keep backups, but I manage those separately using a third tool (Duplicati)


I share my KeePass file using a Dropbox like service. I use Keepass2Android as I run android. Works really well. I run KeepassXC on Linux and Mac.


I switched from LastPass to Pass to KeepassXC about a year ago and it's the only one that hasn't given me problems cross-platform and it's also open source.

I use MacOS, Windows, Linux and iOS and it works perfectly between them.

On Window, Linux and MacOS I use KeepassXC with their browser extension on Firefox. On iOS I use Strongbox. I sync my password file using Nextcloud (self-hosted).

Syncing is pretty easy if you're using Nextcloud or Dropbox :) Tried Syncthing but I didn't like the idea of having to have a PC on all the time to make sure it synced.


I use KeePass kdbx file synced in my Linux computer and Android smartphone through Google Drive. For that I use Keepass2Android in my phone.

I just searched and there are also iOS applications that also provide easy cloud sync, one of such is KeePassium[1].

[1] https://keepassium.com/


I'd like to add that if you end up syncing the password database through a service like Google Drive then you should use a password and keyfile on the password database. Share the keyfile in a (more) secure way with your device and don't put it anywhere like Google Drive etc. This way even if somebody captures your password database and somehow gets your password they still can't open the password database because it requires the keyfile.


It's not a full service. It's an application.

It doesn't have any sync built in. It's just a way to save, open, and edit encrypted password files. You have to figure out a way to sync it yourself. There might be other tools that help you with that though.

Although I'm unsure which OSes are officially supported by the application.


>Although I'm unsure which OSes are officially supported by the application.

only windows/linux (mono). There are alternative clients though. see: https://keepass.info/download.html, under the "Contributed/Unofficial KeePass Ports" section.


Only with some manual intervention, which isn't really all that bad. You basically keep your keepass file on a cloud share. What sucks is when you forget to sync and you go on vacation or something. :)


I’ve got keepass set up so that any change to the kdbx file automatically triggers a second save to my Dropbox sync folder. That way any changes on my PC auto-push out, and I can always get them from my phone.

The downside is that my phone doesn’t easily sync back to my PC, but it’s vanishingly rare that I create a new account (and so kdbx update) on my phone these days.


The (IMO fantastic) Android app can pull your password file directly from Google Drive and other cloud providers. I'd assume the iOS app does the same.


Keepass2Android is the name and it supports WebDav (so easy integration with for example Nextcloud)


> KeePass Password Safe is a free and open-source password manager primarily for Windows

> LogMeIn, Inc. is a provider of software as a service and cloud-based remote connectivity services for collaboration, IT management and customer engagement

Totally separate products?


LogMeIn owns and runs LastPass.


LogMeIn owns LastPass, a password manager


LastPass has taken a huge dip in quality since the Logmein acquisition and I expect this will only make it worse.


In my experience, a private equity take over is the kiss of death.


It's easily the bottom of the barrel type recovery.

Although historically private equity has been a net gain for struggling businesses that would otherwise go out of business.

There was tons of anti PE stuff after the financial crisis and they received some of the earlier and harshest attacks from congress and other groups, but the data didn't support the idea they were some corporate raiding vultures and far more often turned around ventures in precarious positions.

But ultimately its not something you go to when they are going well. Unless there is some obvious value add consolidation scheme.


>Unless there is some obvious value add consolidation scheme.

The kiss of death works in mysterious ways, the synergy is palpable.


I would read this book


They could just as well be buying it as a platform for their portfolio, and look to buy more similar companies to consolidate. PE is more than just buying struggling companies, it’s often buying fairly valued companies in a fast growing sector, and then expanding them, or finding ways to cut costs.


I don't understand how HN can complain about Google sucking up data and rarely if ever mention LassPass's terms of service which basically flat out state they share your info to marketers. Effectively they appear to be making money by looking at all the sites you log into via LassPass. If you're using their browser plugin I can only guess, given their Terms of Service, that they're spying on all pages, not just pages you're getting a password via their service for. Though even selling the info of which services you're using is bad enough.

Sure, they have a free plan and so you are not the customer. Why do they get a pass?

Note: I have no proof they are spying. I only have the fact that their TOS points to their privacy policy and their privacy policy says they can collect pretty much anything you'd expect software to be able to collect and that they can share that info with whoever they decide to partner with.

Contrast to some other password managers that stay flat out, they don't collect your data and don't want to know it.

From their Privacy Policy

> 1. Information We Collect and Receive

> Service Data (including Session and Usage data):

> When you use our Services, we receive information generated through the use of the Service, either entered by you or others who use the Services with you (for example, schedules, attendee info, etc.), or from the Service infrastructure itself, (for example, duration of session, use of webcams, connection information, etc.) We may also collect usage and log data about how the services are accessed and used, including information about the device you are using the Services on, IP addresses, location information, language settings, what operating system you are using, unique device identifiers and other diagnostic data ...

> Third Party Data: We may receive information about you from other sources, including publicly available databases or third parties from whom we have purchased data, and combine this data with information we already have about you. We may also receive information from other affiliated companies that are a part of our corporate group. This helps us to update, expand and analyze our records, identify new prospects for marketing, and provide products and services that may be of interest to you.

> Location Information: We collect your location-based information for the purpose of providing and supporting the service and for fraud prevention and security monitoring. If you wish to opt-out of the collection and use of your collection information, you may do so by turning it off on your device settings.

> Device Information: When you use our Services, we automatically collect information on the type of device you use, operating system version, and the device identifier (or "UDID").

That's pretty much everything given they put an extension in your browser and can collect all of that info for every page you visit

> 4. Information Sharing

> ... We may share your personal information with (a) third party service providers; (b) business partners; (c) affiliated companies within our corporate structure

Why would anyone want a password manager with this privacy policy?


> Why would anyone want a password manager with this privacy policy?

Why would anyone want a cloud based, proprietary, non-free, non-oss password manager is what I really want to know.


> Why would anyone want a cloud based, proprietary, non-free, non-oss password manager is what I really want to know.

Former reputation and inertia. I use it, and when I started it seemed to have the best reputation for ease of use. I also recall that its security model was publicly endorsed by quite a few people who looked at it closely. I only use it for "less important" sites, which basically means everything that isn't a primary email account or an investment website. For those, I use 2FA whenever possible and memorize random passwords [1].

I've been interested in switching since LastPass was bought by LogMeIn, but it's never been a high enough priority for me to actually spend the time to search for another tool.

[1] when memorization gets to be too much, I split the passwords in half: a common half I memorize, and a unique half I write down on paper.


Because there's not a replacement that syncs well and is easy to teach your non-techie parents/spouse how to use to log into their shared accounts.


What's the problem with the built-in one in Firefox? It has optional syncing if you want it.


Firefox Lockwise is very new and quite frankly doesn't have very many features that people require such as import, export, etc. At this point I don't even know how to get all my password manager passwords into Lockwise even from a simple comma delimited file.

Right now, it's still impossible to switch to it for a lot of people.


Disclaimer, I work for 1Password

Here's our privacy policy for anyone that is curious:

https://1password.com/legal/privacy/

We also document for law enforcement what we may be able to provide:

https://1password.com/legal/law-enforcement/

I think we keep this all pretty readable by the average user as well instead of using crazy terminology that doesn't make sense.

But if anyone has questions around our privacy I'm happy to answer any questions as well.

Kyle

1Password Security Team


Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: