Thank you DCode, I appreciate the folder-naming tip, and the Emergency Access set-up info. I like the Family/Sharing feature as my wife is entrusted with employer and client-related log-in credentials, and I prefer to not have access to those, a firewall if you will, for our mutual protection.DCode wrote: ↑Thu Feb 25, 2021 12:42 pmI've been using LastPass for many years and have the family plan with my wife and two teenage boys using it also.
For sharing, I use shared folders (see Sharing Center in your vault) which makes it extremely simple to share passwords with other members of the family. We have folders named like "Shared-Wife-Me", "Shared-Son1-Mom-Dad", etc. When you save or edit the site and if you want to share it, you simply set the folder to the appropriate one. For example instead of having "Netflix" in the default or Entertainment folder, we put it in the Shared-Son1-Mom-Dad folder and we all have access to it.
We also have the Emergency Access set so others can get a copy of another family members vault in case of emergency. This is very flexible and you can set it to have them wait x number of hours or days until access is granted. We do have a wait period set since I can't think of anything where someone would need it immediately and it also is a safeguard in case an unauthorized person gains control of an account and tries to recover a trusted family members vault (ex. Son1's account is compromised and person tries to get emergency access to Dad's vault). From LastPass:
When your trusted contact requests Emergency Access, you can decline their request within the specified waiting period.
Changes to LastPass free
Re: Changes to LastPass free
a/69, retired, married, enjoy p/t employment. Three-fund portfolio, after decades of chasing active-managed fund performance.
- Bylo Selhi
- Posts: 1310
- Joined: Mon Feb 19, 2007 9:40 pm
- Location: Great White North
- Contact:
Re: Changes to LastPass free
1Password has none, KeePass has none... So why are there seven embedded trackers in the LastPass Android app?
2. Even though BitWarden is open source, these two trackers aren't. Even though these two trackers are from known companies Google and Microsoft, that's no guarantee that a bad actor couldn't get to BitWarden data via these trackers.
3. This report is only about the Android version of password managers. It's unclear how these revelations pertain to their desktop versions as well as the iOS versions of their phone apps.
1. Who are "AppsFlyer, MixPanel, and Segment," what are they doing with our data and why should we trust them?The Exodus report on LastPass shows seven trackers in the Android app, including four from Google for the purpose of analytics and crash reporting, as well as others from AppsFlyer, MixPanel, and Segment...
Even the app developers do not know what data is collected and transmitted to the third-party providers, said Kuketz, and the integration of proprietary code could introduce security risks and unexpected behaviour, as well as being a privacy risk. These things do not belong in password managers, which are security-critical, he said..
Kuketz recommended changing to a different password manager, such as the open-source KeePass.
Do all password apps contain such trackers? Not according to Exodus. 1Password has none. KeePass has none. The open-source Bitwarden has two for Google Firebase analytics and Microsoft Visual Studio crash reporting.
2. Even though BitWarden is open source, these two trackers aren't. Even though these two trackers are from known companies Google and Microsoft, that's no guarantee that a bad actor couldn't get to BitWarden data via these trackers.
3. This report is only about the Android version of password managers. It's unclear how these revelations pertain to their desktop versions as well as the iOS versions of their phone apps.
Re: Changes to LastPass free
Thanks for the info - another lock down setting in LP - don't send any crash reports to anyone! (advanced -> Privacy)Bylo Selhi wrote: ↑Fri Feb 26, 2021 9:15 am 1Password has none, KeePass has none... So why are there seven embedded trackers in the LastPass Android app?1. Who are "AppsFlyer, MixPanel, and Segment," what are they doing with our data and why should we trust them?The Exodus report on LastPass shows seven trackers in the Android app, including four from Google for the purpose of analytics and crash reporting, as well as others from AppsFlyer, MixPanel, and Segment...
Even the app developers do not know what data is collected and transmitted to the third-party providers, said Kuketz, and the integration of proprietary code could introduce security risks and unexpected behaviour, as well as being a privacy risk. These things do not belong in password managers, which are security-critical, he said..
Kuketz recommended changing to a different password manager, such as the open-source KeePass.
Do all password apps contain such trackers? Not according to Exodus. 1Password has none. KeePass has none. The open-source Bitwarden has two for Google Firebase analytics and Microsoft Visual Studio crash reporting.
2. Even though BitWarden is open source, these two trackers aren't. Even though these two trackers are from known companies Google and Microsoft, that's no guarantee that a bad actor couldn't get to BitWarden data via these trackers.
3. This report is only about the Android version of password managers. It's unclear how these revelations pertain to their desktop versions as well as the iOS versions of their phone apps.
- Bylo Selhi
- Posts: 1310
- Joined: Mon Feb 19, 2007 9:40 pm
- Location: Great White North
- Contact:
Re: Changes to LastPass free
I'm not overly concerned about sending crash reports to Google.
This LP setting doesn't seem to affect tracking by "AppsFlyer, MixPanel, and Segment." I am very concerned about who they are, what they track and how secure their code is.
-
- Posts: 4902
- Joined: Sat Oct 25, 2014 3:23 pm
Re: Changes to LastPass free
A reminder that if you aren’t a customer, you are probably the product. And in this case even paying customers are apparently also having certain data tracked and sold.
Re: Changes to LastPass free
I'm going to stay with lastpass, and pay the yearly fee for now. I have everything on my vault, so my life is over if it ever gets compromised. I'll look at bitwarden when I feel more comfortable.
Re: Changes to LastPass free
Your right - it is just callstack info - certainly not like they are sending a crash dump.Bylo Selhi wrote: ↑Fri Feb 26, 2021 10:15 amI'm not overly concerned about sending crash reports to Google.
This LP setting doesn't seem to affect tracking by "AppsFlyer, MixPanel, and Segment." I am very concerned about who they are, what they track and how secure their code is.
Re: Changes to LastPass free
While it seems possible to lock down the Lastpass tracking cookies, they don't seem like a best practice. The article notes, “There are solutions that do not permanently send data to third parties and record user behavior.”
https://www.theverge.com/2021/2/26/2230 ... ch-privacy
That's enough incentive for me to move to 1Password and avoid potential tracking from LastPass, Dashlane, and Bitwarden.
https://www.theverge.com/2021/2/26/2230 ... ch-privacy
That's enough incentive for me to move to 1Password and avoid potential tracking from LastPass, Dashlane, and Bitwarden.
"People sometimes fail to live because they are always preparing to live." - Alan Watts
Re: Changes to LastPass free
I don't understand - how are you not sharing passwords?dflaher wrote: ↑Thu Feb 25, 2021 5:05 pmI've just realized the same thing after being forced to think about it by the latest LastPass action. I upgraded my account to Premium, and now my wife will use mine. So for $36/year we will have it on all our devices. This also eliminates the need to share passwords across userIDs.
Re: Changes to LastPass free
So then what's this? https://www.reddit.com/r/Bitwarden/comm ... &context=3Invest4lt wrote: ↑Fri Feb 26, 2021 6:51 pm While it seems possible to lock down the Lastpass tracking cookies, they don't seem like a best practice. The article notes, “There are solutions that do not permanently send data to third parties and record user behavior.”
https://www.theverge.com/2021/2/26/2230 ... ch-privacy
That's enough incentive for me to move to 1Password and avoid potential tracking from LastPass, Dashlane, and Bitwarden.
Re: Changes to LastPass free
What is this? Good question, cacophony--I think the answer is "Confusing!" as the answer depends on Android vs iOS. The article you reference (theregister.com), however, reiterates that the LastPass Android app has SEVEN trackers and 1Password and KeePass has ZERO. The article continues: "Do all password apps contain such trackers? Not according to Exodus. 1Password has none. KeePass has none. The open-source Bitwarden has two for Google Firebase analytics and Microsoft Visual Studio crash reporting. Dashlane has four. LastPass does appear to have more than its rivals. "
Since app developers cannot guarantee what data is collected and transmitted to third parties, it makes sense to me to avoid the Lastpass issue entirely.
Since app developers cannot guarantee what data is collected and transmitted to third parties, it makes sense to me to avoid the Lastpass issue entirely.
"People sometimes fail to live because they are always preparing to live." - Alan Watts
Re: Changes to LastPass free
I should have been more clear, but I was pointing out that the 1Password app in iOS collects a fair amount of analytics info as shown in this screenshot: https://imgur.com/gallery/JnNQeN1Invest4lt wrote: ↑Fri Feb 26, 2021 9:25 pm What is this? Good question, cacophony--I think the answer is "Confusing!" as the answer depends on Android vs iOS. The article you reference (theregister.com), however, reiterates that the LastPass Android app has SEVEN trackers and 1Password and KeePass has ZERO. The article continues: "Do all password apps contain such trackers? Not according to Exodus. 1Password has none. KeePass has none. The open-source Bitwarden has two for Google Firebase analytics and Microsoft Visual Studio crash reporting. Dashlane has four. LastPass does appear to have more than its rivals. "
Since app developers cannot guarantee what data is collected and transmitted to third parties, it makes sense to me to avoid the Lastpass issue entirely.
Bitwarden actually has less identifiers than 1Password according to Apple: https://imgur.com/gallery/gxJNVvx
- Bylo Selhi
- Posts: 1310
- Joined: Mon Feb 19, 2007 9:40 pm
- Location: Great White North
- Contact:
Re: Changes to LastPass free
With BitWarden apparently the trackers on Android are Google's condition for listing in their Play store. BitWarden offers the Android app sans trackers on the independent F-Droid store. But that comes with a limitation of its own:
Bitwarden on F-Droid wrote: Since the Bitwarden F-Droid build does not include Firebase Messaging, push notifications for live sync updates of your vault will not work. Manual vault syncing is required.
Re: Changes to LastPass free
It's pretty good I switched from KeePass to Bitwarden and it is much more user friendly. It's been a while since I used LastPass but I found this link while googling:https://bitwarden.com/help/article/impo ... -lastpass/
Land/Real Estate:89.4% (Land/RE is Inheritance which will be recieved in 10-20 years) Equities:7.6% Fixed Income:1.7% Gold:0.8% Cryptocurrency:0.5%
- Peculiar_Investor
- Site Admin
- Posts: 2445
- Joined: Thu Oct 20, 2011 12:23 am
- Location: Calgary, AB 🇨🇦
- Contact:
Re: Changes to LastPass free
LastPass' blog attempts to address the concerns in LastPass’ Commitment to Privacy and User Experience - The LastPass BlogBylo Selhi wrote: ↑Fri Feb 26, 2021 9:15 am 1. Who are "AppsFlyer, MixPanel, and Segment," what are they doing with our data and why should we trust them?
3. This report is only about the Android version of password managers. It's unclear how these revelations pertain to their desktop versions as well as the iOS versions of their phone apps.
I have had a LastPass Premium subscription for years. I wasn't particularly happy when they jumped the price from $1/month to $3/month. But at the end of the day LastPass offers me (and my family members) good value at a relatively low cost and I plan to continue using it going forward. Low cost is good enough for me. The enemy of a good plan is the dream of a perfect plan.
Normal people… believe that if it ain’t broke, don’t fix it. Engineers believe that if it ain’t broke, it doesn’t have enough features yet. – Scott Adams
-
- Posts: 1968
- Joined: Sun May 25, 2014 5:55 pm
Re: Changes to LastPass free
I use the licensed version of 1Password, not the cloud version. As a result, my master password, my vault data, and my "high level user data" never go to 1Password's servers, even in encrypted formats. It is possible for me to install 1Password's iOS app on my iOS devices and export my vault data from my computer to 1Password's iOS app, but I do not do that.
I also use a MacOS app called Cookie on my computer that deletes all of my tracking cookies every time I close my browser.
-
- Posts: 1712
- Joined: Wed Nov 05, 2014 2:23 pm
Re: Changes to LastPass free
How do you handle family members getting your passwords?
I was a will and end of life instruction with all banking/financial/password info all in a safe. Is there a way to give someone access without giving them access while your alive?
I was a will and end of life instruction with all banking/financial/password info all in a safe. Is there a way to give someone access without giving them access while your alive?
Re: Changes to LastPass free
Sure....just give them the LastPass password (and log in instructions) in your end of life instructions.ddurrett896 wrote: ↑Sat Feb 27, 2021 8:19 am How do you handle family members getting your passwords?
I was a will and end of life instruction with all banking/financial/password info all in a safe. Is there a way to give someone access without giving them access while your alive?
-
- Posts: 1712
- Joined: Wed Nov 05, 2014 2:23 pm
Re: Changes to LastPass free
If they have access to the safe, what's the problem?ddurrett896 wrote: ↑Sat Feb 27, 2021 8:42 amProblem is that I leave that in my safe too since is contains all of my account number and personal info.
Or you can read above post on Emergency Access, although I'd think the safe is sufficient. viewtopic.php?p=5843529#p5843529
Re: Changes to LastPass free
I assume "safe deposit box" not "safe", and at least one person you're not commonly close to physically is authorized to access the contents of the safe deposit box. I believe it varies by state but in many states at least, an authorized user can access a safe deposit regardless of the death of the owner. In some states there may be a separate agreement you sign giving access to your box after death, allowing your designated authorized user to avoid having a court allow access. You would want to make sure that individual has a key to your safe deposit box.ddurrett896 wrote: ↑Sat Feb 27, 2021 8:42 amProblem is that I leave that in my safe too since is contains all of my account number and personal info.
If you mean that you have an actual safe and you haven't given anyone access to it, that's not really a problem since unlike with a bank, anybody who's interested can easily break into your safe and access the contents.
Re: Changes to LastPass free
Same here.Saving$ wrote: ↑Fri Feb 19, 2021 10:32 pmYes, my KP database is encrypted and uploaded to Google Drive. I can set it up to sync automatically with the phone or PC, or do it manually. The KP database requires a keyfile to access it, and the keyfile is NOT on the cloud - I store a copy of it on each device from which I access KP.Soon2BXProgrammer wrote: ↑Thu Feb 18, 2021 7:44 amwhat iphone and android app are you using specifically, since i see a couple of options... Also do any of them support having your keypass database on a cloud file storage option (google drive or microsoft onedrive, etc)
For Android I'm using KeePass2Android and VERY happy with it. I'm not currently using an Iphone version.
For Keepass on the computer, I use the 2xx version of the database, rather than the 1xx
A bit of setup involved but been using this for past several years and no subscription fees. Architecturally no different than LastPass
1.) Run KeePass (open source) on Windows https://keepass.info/download.html
2.) Use sync application from cloud drives such as onedrive/google drive to sync the KeePass password file to cloud.
3.) Run KeePass compatible app on mobile which will pull the password file from onedrive/google.
-
- Posts: 4382
- Joined: Sun Mar 08, 2009 8:01 am
Re: Changes to LastPass free
I've been meaning to set myself up with a password manager. If all my devices are Apple, is there any reason not to use "Keychain" for free?
I'm a little mystified because half the time I tell keychain to remember a password it doesn't work. Not sure what I'm doing wrong - so was tempted to try one of the pay services but don't want to if I don't need to.
I'm a little mystified because half the time I tell keychain to remember a password it doesn't work. Not sure what I'm doing wrong - so was tempted to try one of the pay services but don't want to if I don't need to.
- Go Blue 99
- Posts: 1119
- Joined: Thu Oct 09, 2008 3:42 pm
Re: Changes to LastPass free
I looked at that feature and they have a note saying "WARNING: This is currently an experimental feature. Use at your own risk."
Why such a stern warning?
Re: Changes to LastPass free
I was wondering about that as well. I assumed they were just not guaranteeing that it would work as expected everywhere, but that’s just a guess
- Bylo Selhi
- Posts: 1310
- Joined: Mon Feb 19, 2007 9:40 pm
- Location: Great White North
- Contact:
Re: Changes to LastPass free
That's probably their [lawyer's?] way of saying that they haven't yet finished testing it so if something breaks don't blame them
I've been using that feature for the past week or so without any problems. On some pages the auto-fill doesn't happen and I have to either do auto-fill manually using right-click or copy/paste the password.
Their Help page Browser Extension Auto-fill Options isn't as stern, "Auto-fill on Page Load is an experimental and opt-in feature offered by Bitwarden Browser Extensions."
Google's portfolio of apps is also chock full of "experimental" features that provide them an opportunity to beta test before release to the general user population.
-
- Posts: 3509
- Joined: Sun Jan 07, 2018 11:52 am
Re: Changes to LastPass free
OK, Switched to Bitwarden and I find it to be not as user friendly as LP. One of the things is that there are way too many clicks to autofill and I also miss the big icon display format in the Dashboard that makes it real easy. Otherwise it seems pretty good.
I will probably keep my LP account inactive for a while before I delete it for good.
I will probably keep my LP account inactive for a while before I delete it for good.
Re: Changes to LastPass free
I've found Bitwarden to be significantly more user friendly and less clunky than LastPass.stocknoob4111 wrote: ↑Tue Mar 02, 2021 7:37 pm OK, Switched to Bitwarden and I find it to be not as user friendly as LP. One of the things is that there are way too many clicks to autofill and I also miss the big icon display format in the Dashboard that makes it real easy. Otherwise it seems pretty good.
I will probably keep my LP account inactive for a while before I delete it for good.
For autofill I'd suggest doing the keyboard shortcut, which on Windows is CTRL-SHIFT-L. I've found that much quicker more convenient than what I used to do with LastPass.
-
- Posts: 3509
- Joined: Sun Jan 07, 2018 11:52 am
Re: Changes to LastPass free
I appreciate all the replies and helpful info.
Based on this thread I ended up switching from LastPass to BitWarden. The migration was relatively painless, and I find the functionality to be much the same as LastPass. On PC, the ctrl-shift-L shortcut is very easy to use. There's also a setting in the BitWarden browser addon that will autofill your user/password and even automatically log you in when you're signed into BitWarden - that's super convenient.
The only difference in functionality that I've noticed is that the BitWarden mobile app doesn't auto-fill other apps. For example, if I open my Chase mobile app, and tap the username or password field, LastPass will pop up with an "autofill with LastPass" option. I haven't been able to figure out how to get BitWarden to do this. However, it's not too difficult to just open the BitWarden app, copy the password, and paste it in the other app. So this is not a deal-breaker for me.
Overall I'm very happy with BitWarden so far and I'll stay with this as my password manager.
Based on this thread I ended up switching from LastPass to BitWarden. The migration was relatively painless, and I find the functionality to be much the same as LastPass. On PC, the ctrl-shift-L shortcut is very easy to use. There's also a setting in the BitWarden browser addon that will autofill your user/password and even automatically log you in when you're signed into BitWarden - that's super convenient.
The only difference in functionality that I've noticed is that the BitWarden mobile app doesn't auto-fill other apps. For example, if I open my Chase mobile app, and tap the username or password field, LastPass will pop up with an "autofill with LastPass" option. I haven't been able to figure out how to get BitWarden to do this. However, it's not too difficult to just open the BitWarden app, copy the password, and paste it in the other app. So this is not a deal-breaker for me.
Overall I'm very happy with BitWarden so far and I'll stay with this as my password manager.
- tuningfork
- Posts: 885
- Joined: Wed Oct 30, 2013 8:30 pm
Re: Changes to LastPass free
Here's a help article for getting autofill to work with Bitwarden on Android. There are multiple Bitwarden and OS settings you have to make. It seems to be working the same as Lastpass for me now.neuro84 wrote: ↑Thu Mar 04, 2021 7:06 am The only difference in functionality that I've noticed is that the BitWarden mobile app doesn't auto-fill other apps. For example, if I open my Chase mobile app, and tap the username or password field, LastPass will pop up with an "autofill with LastPass" option. I haven't been able to figure out how to get BitWarden to do this. However, it's not too difficult to just open the BitWarden app, copy the password, and paste it in the other app. So this is not a deal-breaker for me.
https://bitwarden.com/help/article/auto-fill-android/
Re: Changes to LastPass free
I stuck with lastpass for now, I don't mind paying the twenty something bucks. Everything I have is in LP. If that ever gets compromised, I'm screwed!
-
- Posts: 79
- Joined: Sat Oct 17, 2020 9:47 am
Re: Changes to LastPass free
One can also consider a layered approach to password management if we don't mind a little more complexity. Some of our passwords may have a high level of security (e.g. banks); whereas others are less important (e.g. walmart). There are local password managers, like KeePass, where our more sensitive passwords can be stored outside of the cloud and can benefit from additional layers of security, such as hardware token, bitlocker encryption and authentication and local access to our devices.
Re: Changes to LastPass free
One feature I've valued in LastPass is the one-time password. This has enabled me, for example, to get in to my vault if I'm using a public computer, without giving away my master password. Could also be useful to get into the vault if I forget my password (has never happened to me, but my wife lost all of her passwords once because she forgot her LastPass master password).
It doesn't appear as though BitWarden (free) has this feature... is there some approach people are using with BW to handle these scenarios? (public computer; master password loss)
It doesn't appear as though BitWarden (free) has this feature... is there some approach people are using with BW to handle these scenarios? (public computer; master password loss)
Re: Changes to LastPass free
I disabled this feature in my LastPass setup - It is a security risk and allows others to gain access to your Vault if it becomes necessary. I have my master password available if I need it - in a couple of secure places.FireAway wrote: ↑Fri Mar 05, 2021 6:15 pm One feature I've valued in LastPass is the one-time password. This has enabled me, for example, to get in to my vault if I'm using a public computer, without giving away my master password. Could also be useful to get into the vault if I forget my password (has never happened to me, but my wife lost all of her passwords once because she forgot her LastPass master password).
It doesn't appear as though BitWarden (free) has this feature... is there some approach people are using with BW to handle these scenarios? (public computer; master password loss)
Re: Changes to LastPass free
Nobody mentioned to me how much a pleasure it would be setting my wife up with LastPass on her IPhone - what a nightmare that was - I'm about to uninstall it.
Re: Changes to LastPass free
What is the risk? Simply that someone else may find it? Seems this is no different than having your master password 'available'. At least the one-time password is safe to use on a public device.
Re: Changes to LastPass free
One risk is the chance that some of your unencrypted site specific passwords are left in computer memory: https://security.stackexchange.com/ques ... d-managersFireAway wrote: ↑Fri Mar 05, 2021 10:12 pmWhat is the risk? Simply that someone else may find it? Seems this is no different than having your master password 'available'. At least the one-time password is safe to use on a public device.
The concept of the one-time use password is fine. It's logging into an important site from a public computer that's the risk. You have no idea what's running on a public computer and I wouldn't be surprised if nefarious software could obtain your entire unencrypted vault.
Re: Changes to LastPass free
It's only $2.50/month for a great service, but I can't believe the number of people prepared to ditch for a measly fee.AerialWombat wrote: ↑Wed Feb 17, 2021 12:29 am I think I pay $36 per year for LastPass. I'm surprised that a group that debates which $5,000 watch to buy is griping about such a miniscule fee for such an important service. I would expect such discussion on the Mr. Money Mustache forums, not Bogleheads.
"Don't trust everything you read on the Internet"- Abraham Lincoln
Re: Changes to LastPass free
I can't speak for others, but for me it had nothing to do with cost. The circumstances just presented an excuse to compare alternatives and I found bitwarden better. I abandoned four months of remaining LastPass premium subscription when I switched and I'm paying more for bitwarden now then I ever did for LastPass.denovo wrote: ↑Sat Mar 06, 2021 3:11 amIt's only $2.50/month for a great service, but I can't believe the number of people prepared to ditch for a measly fee.AerialWombat wrote: ↑Wed Feb 17, 2021 12:29 am I think I pay $36 per year for LastPass. I'm surprised that a group that debates which $5,000 watch to buy is griping about such a miniscule fee for such an important service. I would expect such discussion on the Mr. Money Mustache forums, not Bogleheads.
- Bylo Selhi
- Posts: 1310
- Joined: Mon Feb 19, 2007 9:40 pm
- Location: Great White North
- Contact:
Re: Changes to LastPass free
Had they reinstituted the $12/year fee they used to charge for Premium (and with it multi-platform support) I would have paid up without much thought. But they turned it into a cash grab. That caught my attention. It nudged me to look for alternatives. I found BitWarden. It took a few minutes to switch. Now I've paid BitWarden the $10 that would otherwise have gone to LP.
So far, I actually prefer BW to LP. That makes me wonder why I didn't make the switch earlier.
It seems to me that LP's greed may ultimately backfire on them.
Re: Changes to LastPass free
When I investigated LP in making my choice for a PW manager - I read up quite a bit on it.FireAway wrote: ↑Fri Mar 05, 2021 10:12 pmWhat is the risk? Simply that someone else may find it? Seems this is no different than having your master password 'available'. At least the one-time password is safe to use on a public device.
I'm sure you are fine using the OTP feature and I'm being over the top - but based on my investigation - I've decided - I don't need it. And by being available - my master password is very safe and offline. I'm not concerned.
I've done all I can do to lock down LP as much as I can.
This is one of such writeups that I've found useful.
https://palant.info/2018/07/09/is-your- ... ine-vault/
Thanks,
-
- Posts: 2748
- Joined: Thu Feb 15, 2018 6:31 pm
Re: Changes to LastPass free
The author is criticizing LP and promoting (sor-of) his own PFP
But if LP has vulnerability, others like PFP are not 100% safe. Common case is Malware installed on your computer (it could just read what you are typing).
From other BH threads, I understood that for more security you need Yubikey, using U2F (not OTP, that it's not secure enough). Lastpass only supports OTP. 1Password and bitwarden supports U2F.
But I guess the website itself (like www.vanguard.com) would need to support yubikey with U2F. Otherwise, the malware could intercept the password that 1PAssword/bitwarden 'types' into the browser.
I'm just learning a lot from more knowledgeable people on BH, so please correct me if I'm wrong on something.
But if LP has vulnerability, others like PFP are not 100% safe. Common case is Malware installed on your computer (it could just read what you are typing).
From other BH threads, I understood that for more security you need Yubikey, using U2F (not OTP, that it's not secure enough). Lastpass only supports OTP. 1Password and bitwarden supports U2F.
But I guess the website itself (like www.vanguard.com) would need to support yubikey with U2F. Otherwise, the malware could intercept the password that 1PAssword/bitwarden 'types' into the browser.
I'm just learning a lot from more knowledgeable people on BH, so please correct me if I'm wrong on something.
Re: Changes to LastPass free
I didn't get that from the author.international001 wrote: ↑Sat Mar 06, 2021 12:41 pm The author is criticizing LP and promoting (sor-of) his own PFP
But if LP has vulnerability, others like PFP are not 100% safe. Common case is Malware installed on your computer (it could just read what you are typing).
From other BH threads, I understood that for more security you need Yubikey, using U2F (not OTP, that it's not secure enough). Lastpass only supports OTP. 1Password and bitwarden supports U2F.
But I guess the website itself (like www.vanguard.com) would need to support yubikey with U2F. Otherwise, the malware could intercept the password that 1PAssword/bitwarden 'types' into the browser.
I'm just learning a lot from more knowledgeable people on BH, so please correct me if I'm wrong on something.
LP supports 2FA and Yubikey - I use the LP authenticator for 2FA.
Re: Changes to LastPass free
LP supports Yubikey 2FA but not Fido U2F. This covers the differences: https://www.yubico.com/blog/otp-vs-u2f- ... -stronger/rebellovw wrote: ↑Sat Mar 06, 2021 2:38 pmI didn't get that from the author.international001 wrote: ↑Sat Mar 06, 2021 12:41 pm The author is criticizing LP and promoting (sor-of) his own PFP
But if LP has vulnerability, others like PFP are not 100% safe. Common case is Malware installed on your computer (it could just read what you are typing).
From other BH threads, I understood that for more security you need Yubikey, using U2F (not OTP, that it's not secure enough). Lastpass only supports OTP. 1Password and bitwarden supports U2F.
But I guess the website itself (like www.vanguard.com) would need to support yubikey with U2F. Otherwise, the malware could intercept the password that 1PAssword/bitwarden 'types' into the browser.
I'm just learning a lot from more knowledgeable people on BH, so please correct me if I'm wrong on something.
LP supports 2FA and Yubikey - I use the LP authenticator for 2FA.
Re: Changes to LastPass free
Thanks - I took a look - seems great. I think I'm solid and absolutely secure with my locked down/work encrypted iPhone - and LP Authenticator 2FA.cacophony wrote: ↑Sat Mar 06, 2021 4:19 pmLP supports Yubikey 2FA but not Fido U2F. This covers the differences: https://www.yubico.com/blog/otp-vs-u2f- ... -stronger/rebellovw wrote: ↑Sat Mar 06, 2021 2:38 pmI didn't get that from the author.international001 wrote: ↑Sat Mar 06, 2021 12:41 pm The author is criticizing LP and promoting (sor-of) his own PFP
But if LP has vulnerability, others like PFP are not 100% safe. Common case is Malware installed on your computer (it could just read what you are typing).
From other BH threads, I understood that for more security you need Yubikey, using U2F (not OTP, that it's not secure enough). Lastpass only supports OTP. 1Password and bitwarden supports U2F.
But I guess the website itself (like www.vanguard.com) would need to support yubikey with U2F. Otherwise, the malware could intercept the password that 1PAssword/bitwarden 'types' into the browser.
I'm just learning a lot from more knowledgeable people on BH, so please correct me if I'm wrong on something.
LP supports 2FA and Yubikey - I use the LP authenticator for 2FA.
- Bylo Selhi
- Posts: 1310
- Joined: Mon Feb 19, 2007 9:40 pm
- Location: Great White North
- Contact:
Re: Changes to LastPass free
Some background on what led to LP's attempted cash grab and its effect on BW: Demand for fee to use password app LastPass sparks backlash
Experts say it is hard to know whether the new limitations on the free version of LastPass will encourage more paying users to sign up.
“Without the ability to sync, there’s very few users who will really be able to use [LastPass],” said Joseph Bonneau, a cryptography researcher and computer security expert at New York University. “They’re making the free version so difficult to use that most people will be forced to pay or use another solution.”
LastPass, which claimed more than 25 million users last year, said it had given 30 days’ notice of the change and was not deleting any user data. It added that the free version of LastPass still offered functions that rivals lacked, and that “a healthy number of users” had taken up its discounted subscription offers.
But one free password app, BitWarden, has registered a fivefold increase in new users since LastPass announced its more restrictive policy last month, according to Gary Orenstein, its chief customer officer. “We’re understandably thrilled,” he said.
Re: Changes to LastPass free
I'm not sure how you are defining master accounts versus individual accounts, but there may be couples who want to keep separate access to separate accounts in addition to shared access to other accounts. For example, a couple who marries later in life where one or both of them have premarital accounts that they wish to keep separate. Another example is inheritance or estate planning accounts...one spouse may receive an inheritance and want to keep the inherited account separate with separate access, or one spouse may be added as a joint account holder on a parent's account as an estate planning tool.
Re: Changes to LastPass free
I read that article too. Regarding “Without the ability to sync, there’s very few users who will really be able to use [LastPass]” apparently I’m one of the very few. I only use LP from my non-mobile devices. I just don’t access many sites (that require login) from my smartphone. The ones that I do (like bogleheads) I just look up the password from my computer, then stay logged in.Bylo Selhi wrote: ↑Tue Mar 09, 2021 5:43 am Some background on what led to LP's attempted cash grab and its effect on BW: Demand for fee to use password app LastPass sparks backlashExperts say it is hard to know whether the new limitations on the free version of LastPass will encourage more paying users to sign up.
“Without the ability to sync, there’s very few users who will really be able to use [LastPass],” said Joseph Bonneau, a cryptography researcher and computer security expert at New York University. “They’re making the free version so difficult to use that most people will be forced to pay or use another solution.”
LastPass, which claimed more than 25 million users last year, said it had given 30 days’ notice of the change and was not deleting any user data. It added that the free version of LastPass still offered functions that rivals lacked, and that “a healthy number of users” had taken up its discounted subscription offers.
But one free password app, BitWarden, has registered a fivefold increase in new users since LastPass announced its more restrictive policy last month, according to Gary Orenstein, its chief customer officer. “We’re understandably thrilled,” he said.
I wish they had provided some facts for the “very few users” statement.
- Bylo Selhi
- Posts: 1310
- Joined: Mon Feb 19, 2007 9:40 pm
- Location: Great White North
- Contact:
Re: Changes to LastPass free
Likewise many young people have only smartphones and tablets. They too would be able to use LP Free. So even if the number of desktop-only users is declining, they're being replaced by mobile-only users.
In any case, having migrated to BW and used it on multiple platforms, I have zero regrets. Also I'm much more comfortable with paying for an open source product like BW than being extorted by an opportunistic, cash grabbing private equity firm.