LastPass changes


  • Service Provider

    So, my LastPass subscription needs to be renewed in the next few days and I still have not found a good replacement.

    Then today I get an email about version 4. So I go check it out and do not see anything I really care about.

    While on the site (not signed in), I click around thew premium and see this list.
    I have more than 1 shared folder now, is this a new change does anyone know?

    88VZCjq.jpg



  • @JaredBusch Why do you want to replace it?



  • Security Now 529: Joe Siegrist of LastPass

    Youtube Video

    https://www.grc.com/sn/sn-529.htm

    JOE: Well, I mean, I understand that people fear change, honestly. And change is a reality, though. We have to deal with it ourselves here at LastPass, too. Like every app is changing. The landscape is changing. How identity is evolving is changing. And when we look around and try to understand where to take this forward, certainly having more resources was a key to being able to kind of dominate the space. And that's what we want to do. We want to keep making the product better, and we want to increase the amount of people working on this, increase the amount of resources that we have to make the product better.

    And I know people are kind of fearing that something is fundamentally going to change. But I'm here to say that that's not going to happen. I'm here to continue working on this, to keep pushing forward the vision that I've been working on for the last seven and a half years. I'm not just going to allow that to change. I really want to keep pushing it forward. And I really saw this as kind of the next step. I think, you know, a lot of the people that are complaining are very vocal because something that they had for free was taken away, and people don't like that.

    Leo: I'm going to disagree with you, Joe. That's not the issue.

    JOE: Oh, yeah?

    Leo: The issue is LogMeIn, and I think a lot of people burned by LogMeIn in the past, by what LogMeIn did to Hamachi, what they did to their free product, I think there's a real feeling that LogMeIn is not going to be a good custodian of the great legacy that you've created with LastPass. Have they given you any assurances that you'll have autonomy, and you'll be able to continue to operate as you have in the past?
    JOE: Yeah, absolutely. Just today the incoming CEO, Bill Wagner, was here, telling me that, look, you have the ability to say no. It's your vision. It's your team. We're putting resources behind that to drive it forward. And this is the largest acquisition by LogMeIn by more than six times; right? So they are going to naturally have to treat this differently than some of those other products.
    And Hamachi is an interesting thing that you brought up because I was talking about that today as a product I used to use, and one that I think should be brought back and could really have a new life breathed into it when you consider you can tie it into some of the other initiatives that we have with identity and have it folded in, potentially, as an additional product. But I think just the size and scale and scope makes that different. And the people behind it, like this office is staying, all the people here are staying, everybody that was part of LastPass is coming onboard.



  • oh yeah that's a good reason to get rid of it. I do not trust LMI at all.


  • Service Provider

    @anonymous said:

    @JaredBusch Why do you want to replace it?

    Because I do not trust their new owners. Simple as that.

    I have been a LastPass Premium subscriber since 2009 when I got a smart phone.



  • While I don't trust LMI to leave the free product free - I have no reason not to trust their paid product - other than they might increase the price.

    I consider this more or less a non issue, since I'm not a free user.



  • interesting... FireFox had an update to LP waiting for me to restart the browser...



  • @Dashrender Yup, version 4 was just released :D


  • Service Provider

    @Dashrender said:

    While I don't trust LMI to leave the free product free - I have no reason not to trust their paid product - other than they might increase the price.

    I consider this more or less a non issue, since I'm not a free user.

    I don't trust their integrity. And that, simply, means I can't trust them. It's not about free being free.


  • Service Provider

    @Dashrender said:

    I consider this more or less a non issue, since I'm not a free user.

    I don't understand how that makes a difference. If you can't trust them, you can't trust them. It's about trusting that they stick to their agreements

    Like their agreements not to decrypt your data, they agreement to take backups, their agreement to your privacy, etc.



  • @scottalanmiller said:

    @Dashrender said:

    I consider this more or less a non issue, since I'm not a free user.

    I don't understand how that makes a difference. If you can't trust them, you can't trust them. It's about trusting that they stick to their agreements

    Like their agreements not to decrypt your data, they agreement to take backups, their agreement to your privacy, etc.

    I don't consider this situation on par with Lenovo. Did they tell us LMI would be free forever, then take it back? yeah. Does that rise to the level of Lenovo's breaking of the public trust, not in my mind.



  • El Reg just did a piece on the new changes:

    http://www.theregister.co.uk/2016/01/05/lastpass_revamp/


  • Service Provider

    @Dashrender said:

    @scottalanmiller said:

    @Dashrender said:

    I consider this more or less a non issue, since I'm not a free user.

    I don't understand how that makes a difference. If you can't trust them, you can't trust them. It's about trusting that they stick to their agreements

    Like their agreements not to decrypt your data, they agreement to take backups, their agreement to your privacy, etc.

    I don't consider this situation on par with Lenovo. Did they tell us LMI would be free forever, then take it back? yeah. Does that rise to the level of Lenovo's breaking of the public trust, not in my mind.

    Why would it have to even approach the same level? Loss of trust is loss of trust. LMI, every day, decides to keep breaking the trust. Is it the same as having tried to steal data? Not at all. Can we trust them? Clearly not. No one suggested a similar level and I'm unclear why you feel it would need to be that bad before you would not hand over your passwords to someone that lies to you and treats you badly.



  • I switched over to Dashlane after LastPass' LMI acquisition and have been evaluating them since. I really like their interface and how easy it is to use, though having their program start with Windows took getting used to.

    They provide easy ways to import data from other password managers - exporting my LastPass passwords was easy, and there's an option to import KeePass data as well which I have yet to try. They also have apps for iOS and Android so you can access your passwords on mobile if you'd like. Their browser plugins also seem to be a little more seamless than LastPass' IMO.

    I ended up buying Dashlane Premium with no regrets so far. At this point I'm grateful for LMI's acquisition as it gave me the chance to evaluate other options :)



  • I've heard good things about Dashlane too.



  • I am still using keepass (for about 10 years). I use a master password and a key file. I have the encrypted DB file synced across all my systems and mobile devices using dropbox. Being that it is encrypted prior to being synced and stored "in the cloud", does this present a problem?


  • Service Provider

    @WingCreative said:

    I switched over to Dashlane after LastPass' LMI acquisition and have been evaluating them since. I really like their interface and how easy it is to use, though having their program start with Windows took getting used to.

    They provide easy ways to import data from other password managers - exporting my LastPass passwords was easy, and there's an option to import KeePass data as well which I have yet to try. They also have apps for iOS and Android so you can access your passwords on mobile if you'd like. Their browser plugins also seem to be a little more seamless than LastPass' IMO.

    I ended up buying Dashlane Premium with no regrets so far. At this point I'm grateful for LMI's acquisition as it gave me the chance to evaluate other options :)

    Dashlane is more than 3 times the cost of LastPass though.


  • Service Provider

    @wrx7m said:

    I am still using keepass (for about 10 years). I use a master password and a key file. I have the encrypted DB file synced across all my systems and mobile devices using dropbox. Being that it is encrypted prior to being synced and stored "in the cloud", does this present a problem?

    That is not any different than how Dashlan or LastPass work at a general level.



  • Right, but presumably, there is less risk associated with me having the control over decryption capability, would that be correct or am I missing something?



  • @wrx7m said:

    Right, but presumably, there is less risk associated with me having the control over decryption capability, would that be correct or am I missing something?

    Why do you think you have more control. Lastpass also does all encryption locally before sending any data to LP. Only an encrypted blob is sent to LP.

    If you're on a computer that's never used LP before, the javascript that's in the page does local checking/verifying of your username/password before the blob is downloaded to you, and once it's there, it's decrypted only locally.



  • @Dashrender I thought it was managed on the back end on their site. Guess not. That's why I asked. :)



  • @wrx7m said:

    @Dashrender I thought it was managed on the back end on their site. Guess not. That's why I asked. :)

    Nah - only reason I trust it was because they, LP, never had/have access to your data.



  • @Dashrender I guess I got confused when everyone was crapping on them due to the acquisition by LMI.



  • @wrx7m

    @scottalanmiller did say
    "Like their agreements not to decrypt your data, they agreement to take backups, their agreement to your privacy, etc."

    So it could be implied they could in the future.



  • @BRRABill said:

    @wrx7m

    @scottalanmiller did say
    "Like their agreements not to decrypt your data, they agreement to take backups, their agreement to your privacy, etc."

    So it could be implied they could in the future.

    Yes - it could - but that seems very unlikely - Scott, myself and may other are pissed at LMI because they put a noticed that LMI free would be Free forever - and then they canceled the product less than a year later.

    While this does suck, but that's not the same as them deciding that they are going to break security they have to weaken or defeat it. I think they would disappear quickly if they actually were found to be doing that.


  • Service Provider

    @Dashrender said:

    @BRRABill said:

    @wrx7m

    @scottalanmiller did say
    "Like their agreements not to decrypt your data, they agreement to take backups, their agreement to your privacy, etc."

    So it could be implied they could in the future.

    Yes - it could - but that seems very unlikely - Scott, myself and may other are pissed at LMI because they put a noticed that LMI free would be Free forever - and then they canceled the product less than a year later.

    While this does suck, but that's not the same as them deciding that they are going to break security they have to weaken or defeat it. I think they would disappear quickly if they actually were found to be doing that.

    To YOU it is not the same, but I don't see why you think so. In both cases we are talking about a commitment that they go back on. In both cases it is about not being able to trust them. Why do you feel that lacking faith and trust in them is okay when it is your passwords but not okay when it is just a free service? The thing that sucks is the lack of trust and integrity, not that they don't offer the free service anymore. Talking about the lack of free distracts from the issue of trust.


  • Service Provider

    If this was real life and you had a person in your town that was known for going back on their work and not being trustworthy. But then they offered to keep your data safe for you. Would you go "well they never lies about THIS issue" or "their general issues with integrity have never been around passwords before" and then trust them with your data?

    Hell no. People you can't trust are people you can't trust. You don't get magical lines like this. Just because the data is critical and worth way more money doesn't mean that you can suddenly trust them when before you couldn't. It doesn't work that way.


  • Service Provider

    Or let's try this conversation as an example...

    CEO: "Who has access to our secure data?"

    You: "Us and, of course, LMI."

    CEO: "Ah yes, LMI, our security vendor. We can trust them with the keys to our company data?"

    You: "Sure we can. I mean, they've been untrustworthy before and we have no reason to feel that they could be trusted now. They don't have a good track record or anything and they have general issues with integrity. But, you know, that was before we gave them our data so I'm sure we can trust them THIS TIME."

    Suddenly it doesn't sound so unrelated, right?



  • The question begs to be asked... Whom do you now trust as an alternative to LMI for remote support for remote users?


  • Service Provider

    @wrx7m said:

    The question begs to be asked... Whom do you now trust as an alternative to LMI for remote support for remote users?

    There are many choices. We [NTG] moved to ScreenConnect. We were an non-free LMI customer before that, but they went nuts and we won't do business with them now. It had nothing with it being free or not, it was that they weren't a good company anymore.


Log in to reply
 

Looks like your connection to MangoLassi was lost, please wait while we try to reconnect.