Password Manager LastPass to Debut New Family Plan Later This Summer

Interesting! Thanks for sharing this info. Is there a password manager you have found to be superior?

I have used 1Password since 2010 or so. In that window, there were some vulnerabilities, but not as grave and frequent as Lastpass. They have also isolated the browser extension from the actual password manager and use authentication.

https://support.1password.com/mini-extension-security/

That said, I strongly dislike their switch to a subscription model and cloud storage. You can still use 1Password with local vaults, but they have made it excessively complicated to purchase standalone licenses (you have to send an e-mail to them to come to some arrangement). I also didn't like the process, they went from offering subscriptions to as an alternative, to hiding the standalone version as much as possible, to making it impossible to directly purchase a license. But 'they did it all for the customer, because perpetual licenses and local vaults are complicated'.

I still don't understand how this is better than the numerous free options out there. Doesn't safari and chrome do all of this already? I swear there are dozens of free multiplatform apps that do all this already.

Up until a couple months ago, I'd have to remember all my (fairly simple and similar) passwords across many websites. Then I decided to look into a password manager, and over again I'd see LastPass as one of the top dogs in terms of security. Never once did I see 1Password. I use Chrome on Mac, and I've read the security of the password manager isn't top notch. Plus what if I need my passwords on a different device? Now I can login to any account, anywhere, with one master password. I figure the $12 a year is worth it. Works flawless on Chrome for Mac, and iOS.

http://www.pcmag.com/review/317692/lastpass-4-0-premium

Oh. So 1password is also a web browser? If you also have to launch a browser I'm not sure how you removed any steps.

are you talking about iOS or Mac?

regarding iOS:
you can either use 1password's built in browser or use the share extension in any other browser that supports share extensions to autofill. with Chrome, you're stuck using Chrome's browser and must rely on a separate google authenticator app to fill in the 2nd factor.

also many iOS apps natively support 1Password so you don't need to swap applications to find your app password. with chrome, you'll need to leave your app -> goto chrome -> find your app password -> copy -> go back to your app -> fill in username/password -> leave app -> goto google authenticator -> copy two factor -> paste into app.
with 1password it's literally: tap 1password icon -> select credentials -> done.

regarding Mac:
you can use 1password's safari extension to fill in everything. no need to launch 1password on the iphone to get the second factor code.
with chrome, you have to launch google authenticator on your phone then fill in on your mac manually.

Then I decided to look into a password manager, and over again I'd see LastPass as one of the top dogs in terms of security.

LastPass has a history of terrible vulnerabilities. Just last year, there was a vulnerability where any random webpage could read all your passwords from LastPass:

https://labs.detectify.com/2016/07/27/how-i-made-lastpass-give-me-all-your-passwords/

This year, there were also vulnerabilities that allowed attackers to extract passwords or to run arbitrary code on a victim's machine:

https://www.engadget.com/2017/03/22/critical-exploits-found-in-lastpass-on-chrome-firefox/

A former Lastpass engineers calls the Lastpass code 'neglected' and 'scary':

https://twitter.com/ejcx_/status/758081553712820225
[doublepost=1500445215][/doublepost]

Doesn't safari and chrome do all of this already?

The problem is that you are only one browser vulnerability away from exposing all your passwords. Good password managers separate the browser extension and password store into separate sandboxed processes. Moreover, they require mutual authentication between these two components. As a result, a compromised browser or extension cannot vacuum your passwords.

Edit: it might be the case that iCloud Keychain <-> Safari does such isolation.

What about iCloud Keychain it’s free and very useful

icloud keychain doesn't work in windows and doesn't store two factor.

safari doesn't do two factor and doesn't work on windows
google needs a separate app for two factor and doesn't play well with safari on iOS/iOS apps

With regard to the paid part-paid options allow devs to continue to develop and broaden the app's ability to other platforms. They have more resources to take advantage of iOS features (iCloud drive, build apps for all platforms, etc).

Then there is the password generators, auditing of your log-ins (duplicate passwords, old passwords that should changed), other misc data that does not fit into any kind of internet based item (WiFi passwords, app license info).

Those are just some additional thoughts