Huh. Gotta admit, I'm rather distressed by this, but I'm trying to think through it logically.<p>* They still don't have access to my raw passwords. Everything's already encrypted before it gets to them, and they don't have the key. They just store the encrypted data.<p>* They however do control access to the account. This means there's a point where they get all sorts of data on me, and while I personally don't mind, I must admit I felt a bit safer when I thought it was a smaller, purpose-built company managing things.<p>* Then again, LastPass hasn't had the greatest user experience lately. A mixture of simply not doing the data entry on some sites, and having a poorly designed UI for mobile that feels like little more than an extension of the desktop experience(which doesn't work very smoothly on mobile- it needs to be rethought from the ground up) means that perhaps the new things LastPass could do with this funding would make it more usable.<p>But at its core, this is a security company to me. Probably the only one I pay for directly. I love change and expansion in so many other industries, but I suppose I'm just not used to it here- perhaps that gut response of "I want my security to be utterly solid because of how bad it could be if it goes wrong".<p>This isn't quite a reason to jump ship for me yet, but I'll certainly be duplicating work to other services(which so far, I've found to be quite inferior).
Well looks like I'm going to have to convince, my wife, family, extended family, and friends that they all have to switch password managers now.<p>I'm blown away, I've been a fan since day one because of it's simplicity and availability.<p>I am torn between waiting to see what happens and giving them the benefit of the doubt and just changing all my passwords before Logmein can f--- me.
This really rubs me the wrong way. Do not like the idea of my password manager bouncing around owners. Or infrastructure changes that new owners often push on the acquired company.<p>If there's one business I REALLY do not want to be moving about, and I want as little churn as possible for, it's a password manager.<p>The thing I liked about LastPass was that it seemed like the highly geeky, less startupy approach to password managers, more likely to be run for the long-term, less likely to be at risk of an acquisition.<p>Going to look into Dashlane.
A lot of folks only have experience with Logmein from the horrible way they handled transitioning users from the free to paid service.<p>My company has used Logmein Central for remote access to hundreds of PCs for years. The core software is great, reliable, and has been ever since we started using it.<p>The problem is that Logmein the company knows they're on top of the heap when it comes to remote management. They have no reason to innovate or improve where they can.<p>They added 2FA but otherwise we haven't seen a single new feature that we've taken advantage of in a very long time. Any features they do add hint at them wanting to be a RMM service but you'd have to be an idiot to trust them with more responsibility of your networks. Also a lot of those features require Logmein Pro which adds an insane amount of cost depending on how many systems you're managing.<p>Meanwhile there are bugs that have been around literally since we started using the software. For instance copy/paste while in a session will randomly break. The Logmein client software is very buggy on OSX, crashes often, search will randomly break.<p>Their support is basically non-existent, although I haven't tried in a while if you opened a ticket it would take days if not longer for a response and they'd usually just direct you to some unrelated KB or tell you post on the forums.<p>We use Lastpass as well so this should be interesting. I've yet to see a merger that actually improved things from our end as a MSP. Cisco bought Meraki, Dell bought SonicWALL, at this point I assume any time we see a merger that its time to find a new vendor.
My first reaction to reading the title was "why?"<p>After reading the article (and then reading it again) I'm not left feeling confident that this is in any way positive for me as a LastPass Premium and Xmarks customer.<p>In particular the vague line about, "As we become part of the LogMeIn family over the next several months, we’ll be releasing updates to LastPass, introducing new features..." To me, LastPass is feature complete. So either I'm going to have a mind blowing, I never knew I needed that, moment, or more likely some sort of bloated crap is going to get shoe horned into LastPass.
This is pretty terrible news. It would have been need to see LastPass get acquired by a company like AWS but LogMeIn doesn't really have the reputation required to ask people to trust them with all their passwords.<p>Also, the valuation also seems low to me. Maybe LastPass was having trouble generating recurring revenue. It seems like going public would be a better route for security companies but maybe the revenue wasn't there for an IPO.<p>I've had a paid subscription for years and used their enterprise service for 2 different startups. Hopefully the service doesn't start to suck. I'm already scouting alternatives.
Honestly if you're a security / privacy company, can you please just not get acquired? You can't 'transfer' your customers' trust to a third party like you transfer cash.
Price was $110M + $15M in contingency payments.<p>From the LogMeIn investor release[1]<p>Under the terms of the transaction, LogMeIn will pay $110 million in cash upon close for all outstanding equity interests in LastPass, with up to an additional $15 million in cash payable in contingent payments which are expected to be paid to equity holders and key employees of LastPass upon the achievement of certain milestone and retention targets over the two-year period following the closing of the transaction.<p>1. <a href="https://investor.logmeininc.com/about-us/investors/news/press-release-details/2015/LogMeIn-to-Acquire-Password-Management-Leader-LastPass/default.aspx" rel="nofollow">https://investor.logmeininc.com/about-us/investors/news/pres...</a>
First comment on the blog so far: 'Oh no.'<p>My first reaction was to chuckle. I wonder how LastPass will change given the new ownership. We switched over to this at work almost a year ago, after trying to determine a password management strategy for years, and it's worked fairly well, although it hasn't sold me on switching from Keepass for personal use.<p>I'll be interested in what the Hacker News community thinks about this.
Congrats to Bob and Joe and LastPass team. I'm a former LastPass employee and will be forever empressed by their work ethic that I saw. They definitely deserve it.
If you're looking to change your password manager, I've been using `pass` [0] for years now, and it's one of he best open source project I have ever used. Everything works, it uses git for remote storage and gpg for encryption.
There is no fancy browser plugin, but a command line to get the password is enough, since browsers cache the password afterwards and most sites use long lived sessions through cookies. And the android app works well.<p>Pass feels simple but it is actually elegant.<p>[0]: <a href="http://www.passwordstore.org/" rel="nofollow">http://www.passwordstore.org/</a>
These acquisition announcements are always the same, and always get the same sort of comments.<p>They tell of good fortune for the owners of the thing that has been sold, but never tell the users what's in it for them. And that's usually because there is nothing in it for them.<p>What am I supposed to be happy about?
FWIW, regarding the ongoing complaints about the LP UI, they just released a beta update to their chrome extension a couple days ago. Still a ways to go, but they are/have been clearly working on the end user experience.<p><a href="https://chrome.google.com/webstore/detail/lastpass-prebuild-free-pa/debgaelkhoipmbjnhpoblmbacnmmgbeg?utm_source=chrome-app-launcher-info-dialog" rel="nofollow">https://chrome.google.com/webstore/detail/lastpass-prebuild-...</a>
Lastpass premium customer here. It was $12/yr. (that will probably change after the 2yr/$15M target is over)<p>Right now lastpass encrypts in the browser and the company only saves a binary blob that they can't access. So your data is safe. But they said, "As we become part of the LogMeIn family over the next several months, we’ll be releasing updates to LastPass, introducing new features.." that makes me nervous.<p>The comments here have lots of suggestions like keepass, but none of them really compare with the Lasspass Android support where it will automatically log you into apps.
Congrats to LastPass team for a successful exit :)<p>I understand why the users might have concerns with "LogMeIn", but well one should've expected (at least on this forum) that this is going to happen.<p>I know this isn't the most popular comment.
But, what the heck, be happy for the LastPass team, they've worked their ass off. That's what this forum is for, isn't it ?
We(hackers) are all in the same boat.
Hopefully they do better with this than when they bought Hamachi. It was a great piece of easy-config VPN software, and they just ruined it.<p>I knew a lot of people who used it regularly. Now I can't think of any.
I'd really love for some objective person to weigh in about why all the negative reaction to this. Is LogMeIn a terrible company? I have not used either LogMeIn or LastPass.
Some time ago LastPass automatically DELETED my five-year old account on Mendeley.<p>The "AutoFill" option of LastPass was turned on. I was browsing my profile settings on Mendeley. Somehow LastPass automatically commenced the account removal action, filled in my password, and confirmed the prompt. My account was gone.<p>I did NOT EVEN NOTICE when it happened. The only reason I know it now is because I managed to reproduce this behavior with a new account. I reproduced it one month later, after exchanging multiple nervous emails with Mendeley Support.<p>The potential for abuse of LastPass is huge. The hope is that LastPass will get better after this acquisition.
I'm also not pleased by this news, given the track record of Logmein and how they butchered Hamachi (mind you, that was years ago), the price gouging and increases to the Pro and Central customers, etc...<p>I could grumble for awhile, but I do see one positive change I think will be made quite soon - Lastpass Enterprise did struggle to pass passwords through remote sessions (to a client server, for example). We played with using Thycotic Secret Server, but Lastpass Enterprise is better in so many other ways that we dealt with copy/pasting passwords into the remote session. If Logmein can bring Lastpass integration through their remote tools I'll be really happy, and I think it will drive people back to Logmein who left over the past few years price gouging.<p>That all said... Logmein was really <i>really</i> terrible about grabbing the clipboard of any user who had recently connected and hanging onto it. 'Pasting' into a session often splooged some other guys clipboard contents (funny jokes, personal password, embarassing URL)...
<a href="https://passopolis.com/" rel="nofollow">https://passopolis.com/</a> - I'm using this (formerly known as Mitro)<p>Open source
I cringed when we got this email since we use LogMeIn Pro at work.<p>For everyone else, I hope they don't butcher the free version like they did with LogMeIn.
Assuming your passwords are in a "stable" state (i.e. you're not constantly adding new logins to your vault), it would probably be a good idea at this point to make a backup of LastPass's database via the Export feature and hold onto that backup. I know I'm on the paranoid end, but I have this sneaking suspicion that the Export feature might "disappear" in the coming months to try to curtail a mass exodus of users.
Some of these tools (1Password in particular) seem geared toward individual password management. And LastPass wasn't exactly user-friendly. What are you using for group/team password management?
I just created a list this morning to help my family figure out an alternative to LastPass.<p>Here it is:
<a href="http://afaqurk.github.io/lastpass-alternatives/" rel="nofollow">http://afaqurk.github.io/lastpass-alternatives/</a>
Linux User - I am looking at Keeper <a href="https://keepersecurity.com" rel="nofollow">https://keepersecurity.com</a><p>My devices - Linux Desktop, Laptop, Windows 7, 8 and 10 Machines at work, Android Phone, iPad (Work)<p>Lastpass worked on all of them. The only alternative I could find was Keeper <a href="https://keepersecurity.com" rel="nofollow">https://keepersecurity.com</a> that worked with all of my devices.<p>Anyone have experience with Keeper Security?
Wonder if now is the time to look at alternatives, before the service potentially changes.<p>I hear a lot of good things about 1Password, which seems to work for my iPhone/MacBook. Anyone know if there's a reasonable option for using it on Windows?
And this is precisely why I'm not using other people's (proprietary) password managers.<p>And if you really have to pick a proprietary thing, then 1Password has always been better because it doesn't have an online component, syncs with Dropbox only if you want it to and whatever happens with the app, the Dropbox sync includes an HTML/JS interface that can read the dumped passwords, plus the format is documented.
First off, congrats to the LastPass team! You guys have built an awsrome product and company.<p>My hope now is that LastPass won't go down the same path as Meldium, after they were acquired by logmein; the product went downhill very quickly.<p>In the case of Meldium, it seems they were trying to improve the UI by improving the design at the expense of functionality. It feels like LastPass is in a similar position now.
logmein has almost ruined my current favorite password manager Meldium. After they acquired it the service has become gradually to the point it does not work on half the sites stored in it. This week I finally decided to start migrating to LastPass (a few clients use it and it appeared a more dependable alternate). Guess will continue my search for alternates.
Price was $110M + $15M in contingency payments.<p>From the LogMeIn investor release[1]<p>Under the terms of the transaction, LogMeIn will pay $110 million in cash upon close for all outstanding equity interests in LastPass, with up to an additional $15 million in cash payable in contingent payments which are expected to be paid to equity holders and key employees of LastPass upon the achievement of certain milestone and retention targets over the two-year period following the closing of the transaction.<p>1. (<a href="https://investor.logmeininc.com/about-us/investors/news/press-release-details/2015/LogMeIn-to-Acquire-Password-Management-Leader-LastPass/default.aspx_" rel="nofollow">https://investor.logmeininc.com/about-us/investors/news/pres...</a>
Encryptr is an alternative that I've had my eye on:<p><a href="https://encryptr.org/" rel="nofollow">https://encryptr.org/</a><p>They don't plan to ever do auto-fill for security reasons, which I'll admit disappoints me.
My homegrown alternative to password managers like LastPass and 1Password: An encrypted zip file.<p>The zip contains<p>* encrypt.sh<p>* payload, a folder containing subfolders, password text files and other personal information.<p>To "unlock", extract the zip.<p>To "lock", run encrypt.sh.<p>Make sure that the extracted data won't get backed-up at any time. I just came up with this a few days ago. Let me know if you have any concerns about this.<p>Here's the encrypt.sh:
<a href="http://pastebin.com/DudVinms" rel="nofollow">http://pastebin.com/DudVinms</a>
As someone who recently jumped from Lastpass to 1Password... I wish them the best, but I feel I'm working with the far superior product. Especially on iOS + OS x.
Just one more reason why password management by a company is a bad idea. The company may be good now, but companies can be acquired or evaporate on short notice.
Do LogMeIn users have a feeling as to whether this is a good thing? Will they bring any visual polish, or UX consistency to the jumble that is Last Pass?
Anyone aware of good alternatives? Primarily for enterprise customers who want to share passwords between teams.<p>We have developers, and regular ol' employees who use this of varying levels of computer comfort. We need to be able to share passwords org-wide and team-wide.<p>And on a personal note, I need to be able to manage my own passwords and my partner's and we share from time to time.
As a LastPass Premium customer for longer than they've owned XMarks and a combined product customer since, this concerns me. I'm not planning to change my LastPass usage until/unless they change how the product works, but I'm a bit more leery of steering customers to the Enterprise product now and will be investigating alternatives in that space.<p>As for XMarks, I'm torn. It has nice potential, but I feel like the company has basically let it stagnate warts and all. Some seemingly-obvious features like tracking changes to saved bookmarks (diffs, not checking the content of the URL) don't exist, and the ways to get archival data out to do it yourself are clunky and manual. What made me start wanting that was a browser going funky and losing a chunk of bookmarks - I had to kind of ballpark when that was, go back, dump a backup, find them in the HTML dump backup file then recreate and I'm not certain I ended up getting them all.
This actually sounds like a smart deal for LogMeIn. Purchase price is $110mm of cash with a $15mm earn-out-- seems reasonable considering LastPass has millions of users and is a pretty sticky service (I've been a premium user for the last couple of years, mostly to be able to use their iPhone app).
I upgraded my account <i>yesterday</i> for five more years. ;-) But honestly, if everything will keep working as it is, I really don't care about the name behind it. If LastPass did as they said they do (everything is encrypted, they don't have access), it doesn't matter.
I have used LastPass Premium since they started.<p>What gets me down about this is the trust I had for the service LastPass provided. I appreciated their open and pre-emptive communication. They were willing to dive into the details of a possible issue and explain everything about it.
LastPass was good while it lasted. As an FYI to anyone looking for other options, I migrated to 1Password (based on reviews/suggestions in this thread). It just took a few minutes to migrate. 1Password supports importing LastPass export file.
My company uses join.me (a Logmein product) all the time for easy screen sharing. It's one of the few quick screen sharing apps out there that doesn't require a heavy download and is user friendly enough to be used by all of the people in our company and all of our client.<p>I've been using LastPass since 2011 and have been really happy with it (other than the slightly opaque UI and design from the 90's).<p>I'm hopeful about the acquisition, maybe logmein can give some UI/UX guidance to the LastPass team, while the LastPass team can help expand and grow to help more people to use a password manager.<p>If not, there are plenty of other password managers out there, I suppose.
When I started my job I got a laptop with the extension for LastPass installed to Safari. One of the first things I encountered was an error dialog, modal for the entire Safari app, telling me of some nonsense problem with Lastpass, which at that point I hadn't even <i>used</i> yet! So I never started using it after that.<p>I occasionally use 1Password for the iPhone, but still mostly rely on the built-in OS X Keychain app. 1Password is too expensive for the Mac and all the other managers don't seem to place much emphasis on UX.<p>This class of application is quite poor to use overall. Even as nice as 1Password is, its syncing story is not very good.
Looks like Dashlane ($40) and Sticky Password ($20) are viable alternatives. Both are more expensive than Lastpass. Reading the reviews, these seem like the best so far. Anyone with experience on either of these they can share?
One of the reasons I chose 1Password over LastPass is because you can choose where to store your data (iCloud, Folder on your System, Dropbox). I don't think you should trust your passwords to any company.
Yes, so I'm switching over to a different one. LogMeIn is always a mess when they acquire another company. So far Sticky Password seems like a decent alternative with some servers saying they offer a great discount. <a href="http://heavy.com/tech/2015/10/lastpass-alternatives-logmein-acquired-replacements-password-manager-dashlane-keepass-1password-splikity-shark-tank-encryptr-enpass/" rel="nofollow">http://heavy.com/tech/2015/10/lastpass-alternatives-logmein-...</a>
What about Password Safe "Passwddsafe" I use it om my computer and android and I'm very satisfied. And of course the fact that is designed by Bruce Schneier is a plus for me.
If you are looking for an alternative password manager, take a look "Intuitive Password" online password mansger (www.intuitivepassword.com). I have more than 200 passwords and they are all different for each site, I use it everyday. It works on all devices including smartphones, tablets, laptops and desktop PCs without installation required. Intuitive Password provides a Data Restore Points feature so you can't lose your data using their service.
There's something really odd happening with i18n on that blog. It recognizes my primary browser language as German and hence displays menue items and the right side bar in German. So far so good. However, it also partially translates the actual text into German, i.e. for some sentences the first word is translated while the rest remains English:<p>- Zunächst, we (LogMeIn/LastPass) have no plans ...
- Zweitens, this acquisition provides us ...
- Seitdem, LastPass has grown by leaps ...
Congrats to Bob and Joe and LastPass team. I'm a former LastPass employee and will be forever empresses by their work ethicc that I saw. They definitely deserve it.
The stark reminder that your password manager can change hands is probably the most bothersome part of this.<p>Overall it's probably a good thing that the product is transferring to a more financially stable company with healthy enterprise sales. I'd rather it head in that direction than struggle for a long period of time and put my data at risk. The worst thing that could have happened with this product would have been a spiral of neglect
Just one more reason why password management by a company is a bad idea. The company may be good now, but companies can be acquired or evaporate on short notice.
What are best self-hosted password managers right now? The only one I know of is KeePass2<p>Something I can serve from a VPS that works on <i>most</i> platforms.
I don't like the announcement and I hate how they've done it. Under the signature on the blog announcement, they've added 13 paragraphs in the HTML source to bury the comments off the page. On OSX Safari and Firefox, I see no way to add new comments. Way to start as a new dawn. I wish I hadn't renewed recently.
So it seems that Sticky Password offers a 50% discount in regards to what happened to Lastpass: <a href="http://blogen.stickypassword.com/looking-for-an-alternative-to-your-current-password-manager/" rel="nofollow">http://blogen.stickypassword.com/looking-for-an-alternative-...</a>
Call me naive, but I created a change.org petition to try and make the voice of concerned users heard:
<a href="https://www.change.org/p/lastpass-leadership-lastpass-stay-independent" rel="nofollow">https://www.change.org/p/lastpass-leadership-lastpass-stay-i...</a>
I've been using an excel workbook that is stored in an encrypted image as my ways to manage passwords.<p>How are these services that people mention in the comments, better at doing the same?<p>Is there a better way someone has come up with to manage passwords where you don't have to rely on these services?
I saw Passwordbox getting acquired by Intel, now this. I don't think I'm going to switch to 1Password or another. I think they are just going to be acquired one day by unknown big entity... better be safe and keep your passwords to yourself
As everyone is suggesting alternatives here, one more vote for KeePass with Dropbox (giving you use 2-factor authentication with Dropbox), KeeFox + KeePass2Android. Lovely, free, relatively secure.
I really hope the product continues to exist and get better. Their enterprise offering works well enough and is very useful, even though the UX is a bit ancient and awkward at times.
Solution:<p>1)Pen & Paper<p>2)Protected word doc saved in dropbox under an unassuming title like "Low fat, low calorie, totally un-appetizing vegan meals"
For anyone thinking about jumping to KeePass - consider the fact that they're still hosted at SourceForge.<p>That's a major red flag for me and I've been keeping my eye out for an alternative for a while now.
Roboform: <a href="http://roboform.com" rel="nofollow">http://roboform.com</a> has been excellent for me. Not sure why I switched to LastPass, but I'm switching back.