KitGuru KitGuru.net – Tech News | Hardware News | Hardware Reviews | IOS | Mobile | Gaming | Graphics Cards
As we covered in yesterday’s ‘passwords do’s and don’ts’ article, password managers are often the easiest way to generate secure passwords and keep track of them all. However, a free user account will often only get you so far, with some features reserved for premium users or subscribers. With that in mind, a lot of people pay up for LastPass’s premium tier but today but some of those customers aren’t particularly pleased today, as the service has doubled its yearly prices.
LastPass is often considered to be one of the top picks for a password manager. I happen to use it myself. Unfortunately, the service is slightly less attractive to what it was, as monthly subscription and yearly subscription prices have doubled. The service is still cheap, but rather than paying $1 per month, you now need to pay $2 for premium. For the yearly sub, things have jumped from $12 to $24.
The price isn’t the only thing changing though. Previously, premium users could share an unlimited number of files through an online share folder. This has since been dropped in favour of a ‘one to many’ sharing feature, which presumably has a cap on it.
In response to the complaints about the price doubling, LastPass has said that it is making these changes to ‘reflect its investment in new features’. When we will see these features put in place still remains to be seen.
KitGuru Says: Even at $24 a year, LastPass is on the cheaper side of things. Still, it’s not necessarily a great move to jack up prices with no warning. Do many of you use LastPass? Do you pay for the premium tier?
How people justify saving their passwords on someone else’s server, completely trusting that their encryption works, that they will never get hacked, and that they will never be compromised by the 3 letter agencies of the world is beyond me. May as well post them in plain text on pastebin and assume no one will discover the url.
Lastpass does not store the key to unlock your password. Even if they get hacked, all the hacker would see is a bunch of encrypted passwords. This is one of their major selling points / features…
It’s a lesser of 2 evils compared to someone using the same password at 20 different websites including bank/cc and expecting every website/forum saving their password on someone else’s server, completely trusting that their encryption works, that they will never get hacked, and that they will never be compromised by the 3 letter agencies.
A better solution would be to use something opensource like KeePass. Use an encryption cypher plugin (or two), and then store the DB in an encrypted folder using a trusted program. Finally storing that on a cloud service. Most assuredly won’t save you from the 3 letter organizations of the world, but then little will if you want to use cloud storage.
Unfortunately this also requires you to have faith that the encryption and design isn’t complete trash, and that the whole system isn’t already compromised with a built-in back door for the powers that be. Once a hole/key is discovered, the devs have little option but to fall off the face of the earth to avoid litigation. Best option is to keep everything local. /2cents
If you understand how encryption works, and that the livelihood of these companies rely on keeping your information safe, it’s the best solution. The best services don’t save the salt (your password), meaning that even if they gave out their password database for free, it’s practically impossible to actually crack it, literally so if you have 2FA enabled.
It’s far more likely that your personal system is easy to hack than ones following leading industry security standards that go well beyond what anyone outside of the security industry knows.
Log112s
Even with the default OS protections in place, a single unknown source versus a visible and lucrative target is a level of security that these companies can’t provide by nature.
I still pay £0 a month. Doubling the cost and reducing features is a sure fire way to piss people off.
Security via obscurity is known to be one of the worst security measures possible as everyone is visible to someone – all you need is one compromised website and that “unknown” status disappears.
Agreed – it didn’t save Apple, but having your passwords anywhere but under your own control is simply bury-your-head thinking.
The massive mistake you’re making is presuming that your security is even in the same league as professional security. It’s the equivalent of hiding your money under your mattress instead of keeping it in a bank. Everyone knows about the bank, but they are incredibly difficult to break into. No one knows about your house, but if a burglar finds his way into your home, your money is as good as gone.
The massive assumption you are making is presuming that others know nothing about security. Keeping your money in a bank would actually leave you more vulnerable then hiding it under a mattress if you didn’t understand email scams – Theft, with no breaking in required. Trusting others is the biggest security flaw there is.
And if said person has a dodgy cleaner/builder/relative/neighbour the money is as good as gone, something that wouldn’t happen in a bank.
If you understand security basics (e.g. 2FA, phishing, malware threats) then unquestionably combining said knowledge with a good cloud password service is infinitely better than trying to replicate it yourself. You seem to forget that many people’s livelihoods relies on having not a good, but a bulletproof system. If LastPass or Dashlane would fail, hundreds would be out of a job, and potentially face legal action. 500 people dedicated to keeping your data as safe as is technically possible is going to be more effective than John Doe flying solo.
Once again your response is based on assumptions. You assume individuals know little and companies know best. You assume they tell the truth and believe integrity is more important than money. This is consumer mentality, programmed in over years of advertising and conditioning. You are welcome to it, but don’t assume others suffer the same affliction.
Well yes, I’m not paranoid. There is no reason to presume a professional company is lying about the security measures it implements, unless you don’t understand the concept of repeat custom, customer confidence and the law…It’s illegal to lie about a service you offer; it’s called fraud….
And yet companies do it everyday, just type fraud exposed into youtube and see what comes up. It’s not about being paranoid, it’s about being paranoid enough. http://lmgtfy.com/?q=lastpass+exploit
“Fraud exposed into youtube”. Sorry bud, that really isn’t exactly a useful statistic. As long as you’re not an idiot and instead choose a trusted provider, you’ll be better off then trying to MacGyver together your own solution.
Also to prove your “paranoid” point wrong, check out the lack of Dashlane exploits. You’re far more vulnerable doing password management locally as it entirely depends on the OS clipboard and off-the-shelf firewalls and anti-virus. In short, you’re unlikely to achieve all the ISO standards and best practice techniques which companies aim for as a minimum.
Not a statistic, a dose of reality since you seem to be ignorant of the fact that companies lie, constantly. The link was to provide proof that LastPass has been compromised, many times. In comparison, how many times have you been compromised? I’m betting it’s zero unless you’re a complete idiot.
So, go ahead and keep telling me how you are safer with an online company.
“A dose of reality” based on nothing but YouTube videos? I think a certain millennial needs to redefine his concept of “reality” 😉
Would you even know if you’ve been compromised? Do you have the necessary setup to detect an intrusion event, and then to analyse the intrusion? No, you don’t. But I’m the idiot because I don’t agree with you, or you’re just another snowflake who can’t handle not being better than everyone else including entire companies whose living revolves around password security.
I’m not sure if you’re trolling or just naive, but there are reputable shows on youtube. Many of the same ones you’ll find on cable such as programs from the History Channel. It’s not just for cat videos anymore.
Compromised? Yes, I would know – My bank account would be empty and I would be locked out of my accounts. That’s who go after your passwords, agencies don’t care about your Steam account or who you pretend to be on Reddit. They just want access to the whole DB in case it’s needed at some point.
The moment someone resorts to name calling, they’ve lost all reputability. I will leave you with your need to pay for services that have demonstrably failed to provide better security than you have provided yourself, and bid you good day.
And there are reputable password management companies. You can’t have it one way but not the other, or I could just scream “GOOGLE YOUTUBE FRAUD!”.
So the fact is you couldn’t detect an intrusion, just the aftermath of such an event, which already shows that you aren’t even close to being in the same league as password management firms.
“The moment someone resorts to name calling, they’ve lost all reputability.”
Actually, the moment you lost reputability is when you presumed to know better than security experts working at multi-million dollar firms. You clearly suffer from the backfire effect, so there’s no point in trying to be rational with someone who is being irrational.
Also to note, “bid you good day” is the calling card of Reddit kids; it’s neither polite or mature, it’s just ridiculous.