[updated Feb 25, 2021 – see below]
As you know, I’ve been using and recommending LastPass for years. It’s my favorite password manager – a tool we all need and should be using. But for some reason I can’t fathom, LastPass has decided to remove functionality from their free tier.
Specifically, this is what they’re telling their users:
We’re making changes to how Free users access LastPass across device types. LastPass offers access across two device types – computers (including all browsers running on desktops and laptops) or mobile devices (including mobile phones, smart watches, and tablets). Starting March 16th, 2021, LastPass Free will only include access on unlimited devices of one type.
As a Free user, your first login on or after March 16th will set your active device type. You’ll have three opportunities to switch your active device type to explore what’s right for you. Please note, that all of your devices sync automatically, so you’ll never lose access to anything stored in your vault or be locked out of your account, regardless of whether you use computer or mobile devices to access LastPass.
You will also lose access to email support and be forced to use their “knowledge library”. (Note that if you’re paying for their Premium or Families plans, you won’t be affected at all by this change.)
Classic Marketing Mistake
This breaks a cardinal rule of marketing: you don’t take something away. If you want people to pay money (or pay more money), you add new service tiers or add new benefits and give people a compelling reason to upgrade. When your customers have gotten used to using something, it’s really going top piss them off if you suddenly remove the functionality.
You can tell this is a bad idea because of all the articles that have been published lately about how to switch to another password manager. Look at some of these headlines:
- LastPass password manager is making some devastating changes to LastPass Free next month
- LastPass’s free password manager is about to become a lot less useful
- Time to Bail on LastPass? Free Version of Password Manager Gets a Serious Restriction
I’m frankly hoping that LogMeIn (who owns LastPass) will read the room and walk this back. They should at least offer a cheaper tier with all the current functionality, say $1/month or $10/year. But with bad PR like this, the damage may already be done.
A Better Free Alternative
Personally, I still love LastPass and will happily pay the meager $48 a year for my entire family (it’s $36/year for the one-person Premium plan). It’s totally worth it to me and I’m happy to support good services like this. But if you don’t want to pay for what used to be free, I can’t blame you.
My updated recommendation for a free password manager is BitWarden. It’s free tier is quite good and their higher tiers are very reasonably priced. It’s also completely open source, which I like. You can even import all your LastPass passwords so you won’t be starting from scratch (see this helpful article).
I will personally stay with LastPass. But if they keep doing stuff like this, I may end up moving to BitWarden, myself.
Strike Two (and Maybe Still Out)
[Update on this story.] The Register just released a report showing that the LastPass Android app contains several trackers. When confronted about this, a spokesperson from LastPass just basically said “trust us, it’s not personal info, just aggregated data – and you can always opt out”. Wrong answer.
I have to say this truly saddens me. I was worried when LogMeIn bought LastPass a while back, but then everything seemed to be okay. Now I’m starting to think that’s no longer the case. We’ll see how they respond to all of this negative press. Maybe they’ll rediscover their commitment to privacy and walk back their pending changes to the free tier. But I’m going to start looking hard a switching myself to BitWarden or 1Password.
But the PR damage may already be done. This could end up being another WhatsApp mass exodus.
Need practical security tips?
Sign up to receive Carey's favorite security tips + the first chapter of his book, Firewalls Don't Stop Dragons.
Don't get caught with your drawbridge down!