In a single stroke, one of the world’s most popular password tools has massively downgraded the attractiveness of its freemium version.
As of March 16, LastPass users on the free plan can no longer use the password manager on their mobile device and their desktop/laptop. They have to choose one type of device. For anyone who naturally flips between mobile and phone for different password-protected accounts (i.e. most of us), it’s a major practical headache.
Don’t get us wrong: switching up to the LastPass paid version gives you access to what is still a pretty formidable password manager. But of course, rather than automatically shelling out $36 per annum for the premium tier, now’s probably the ideal time to explore your options.
With this in mind, here’s a summary of what’s changed with LastPass, together with our recommendations for possible alternatives…
What’s changed with LastPass?
- Up until recently, the LastPass free tier offered virtually everything most users need from a password manager tool. This included a password generator, one-to-one sharing capabilities, basic support for multi-factor authentication and log-ins across unlimited devices. The level of functionality on this free version was akin to that offered by most other tools’ paid tiers.
- In an announcement earlier this year, LastPass confirmed that from March 16 2021, free users will no longer have access to their passwords across multiple devices.
- Free users now need to choose an “Active Device Type” between “Computers” (desktops and laptops) and “Mobile” (phones, tablets and smart watches). Once you’ve chosen, you can only access your data from your device type of choice. So for instance, if you prefer to manage your log-in credentials for your gaming accounts via your desktop, and your banking credentials from your phone, this will no longer be possible if you are only on the free tier.
- The premium tier costs $3 per-month. As well as allowing account access on all types of devices, levelling up to this premium account gives you the following benefits over the free version:
- One-to-many sharing: secure sharing of passwords (e.g. for streaming services) with multiple people.
- 1GB file storage: provides cloud-based ‘vault’ storage for critical documents such as store cards and passports.
- Security dashboard: allows you to keep a list of week and reused passwords, enabling you to spot areas in need of improvements. Also allows you to monitor accounts for possible data breaches.
- Dark web monitoring: sends you an alert if your information is compromised on the dark web.
- Advanced multi-factor authentication: includes YubiKey and fingerprint authentication.
- Email support: with the free package, you only get access to a self-help hub and the user community, whereas with Premium, you can actually email someone!
Why the change?
As the Financial Times points out, it’s a familiar story of a company with big user numbers being bought out, and the new owners seeking to ramp up the monetization strategy on their new purchase.
LogMeIn, the software group behind LastPass, was purchased by two investment firms last year. Presumably, by curtailing account access rights, the new owners hope to nudge sufficient users onto the premium tier to produce a healthy revenue boost.
Interestingly, one of the investment firms involved in the purchase, Elliott Management, has also recently bought a big stake in Twitter. Efforts to increase revenue from users are underway there too, with Twitter recently saying it is going to experiment with ‘exclusive content’ options.
Some alternatives to LastPass
Bitwarden
What is it?
An open-source password manager, Bitwarden’s level of functionality is similar to LastPass. However, unlike with LastPass, Bitwarden continues to give you access across all devices with the free version.
On the security front, both LastPass and Bitwarden use 256-bit AES encryption and offer two-factor authentication to confirm user identity. Also, neither tool has access to users’ passwords. However, unlike LastPass, Bitwarden offers self-hosting: this means that so long as you have the technical expertise to set it up, you can store your encrypted data on a private server as opposed to Bitwarden’s servers.
What we think
Bitwarden is not as strong as LastPass when it comes to ease of use, but has the edge on security and pricing.
Master Password
What is it?
Master Password is NOT a password manager. In fact, the whole idea of it is to avoid the need for storing your passwords in a ‘vault’ connected to someone else’s app. In essence, it’s a calculator that generates a unique cryptographic key for each of our accounts.
To log into a website, you unlock the Master Password app, enter your unique Master Password code, find your site and copy its key - and then enter the site by pasting the key into its password field.
What we think
With Master Password, nothing is stored. Passwords are generated on-demand from your name, the site and your master password. You get much less functionality over Lastpass and Bitwarden but for individuals and small businesses who want a password manager with the lowest attack surface, we highly recommend this tool.
Keepass
What is it?
A completely free, open-source, lightweight password manager. It was built as a Windows program, but versions are available for all platforms (macOS, iOS, Android and Linux).
With KeePass, passwords are not stored on a centralized database. You are the only person who holds the encryption keys to them. Syncing across your devices is achieved via true end-to-end encryption. For this, you create encrypted KeePass files that never leave the devices they are created on.
What we think
Unlike the slick, consumer-friendly services such as LastPass and Bitwarden, Keepass usage is somewhat more technical (although helpful community-based setup Wizards make it easier). Once you’re set up however, KeePass gives you an incredibly secure (and low attack surface) password management tool.
Find out more
Want to know how to select the best password manager to match your risk profile? Volume 2 of The Complete Cyber Security Course is designed to help you make the right choices. Access it here.
I haven’ used Lastpass and I’m happy with Bitwarden. So happy that I pay the $10/year also I don’t need the extras. Important for me is that Win/Mac/Linux/Android works and I think the usability is good (but again Lastpass might be better)
I’ve been using SafeInCloud for many years now and I’m very happy with it. Big bonus: once off purchase fee, with clients of desktop and mobiles.
Instead of Lastpass $3 per month, better alternative is to use 1Password for the same amount of money. Only pain is moving the data over to any other Password Manager. We have secure notes, credit cards, licenses, important documents etc…and there is no 100% direct way to move everything from Lastpass to any other password manager (or unless I am mistaken).
Why 1password?
I don’t have an issue paying for something I value. I have always paid for LastPass.
I don’t have a big need right now to pay for LastPass, but if I do, then I’m willing to pay the extra money to be able to keep myself secure. The deal already seems like a steal.
Curious and read the article, but I’m sticking with Bitwarden anyway. It was Bitwarden or Keepass when I was looking for a better way to store my passwords (instead of the browser) and Bitwarden won out for a lot of reasons – not the least of which is convenience. I know there always tends to be a trade off between security and convenience, but Bitwarden has served me well so far.
I don’t believe in storing passwords on someone else’s platform regardless of how secure they claim it is. I prefer a local pw manager and would recommend PasswordSafe, KeePass or StrongBox for Mac
i am using bitwarden, its awesome tool for saving passwords. completely i am comfort with bitwarden.
Yes, many people report this.
I really love Bitwarden. Since I’ve been using it, my life got easier by hardening my passwords and not even remembering.
I’m planning to pay for the $10 premium version. I don’t need that version, but this way they keep improving its service.
I tried using KeePassXC last week but I found syncing between devices quite a challenge. Moreover, if I want to access keepass in a new device I have to setup the program.
Decided to settle with Bitwarden as i find it to be a perfect balance between convenience and security.