LastPass, You’re Making Security Worse

Apparently the free tier for the LastPass password manager is taking away the ability to use both the desktop and mobile apps. If you want your passwords to be available on both your phone and your computer, you’ll have to start paying. Which I don’t think is a good thing overall. So, I’m going to use this opportunity to scream into the void at LastPass* and pretend they’ll notice, let alone care.

Look, LastPass, I get it. Until we finally usher in the glory that is Fully Automated Luxury Gay Space Communism, you’ll still need to pay your employees so that they can keep themselves in craft beer and fancy pizza. But yanking away features like that unless people pay you isn’t good for anyone long-term. Not if you’re removing those features from a password manager.

We both know that these days, if you don’t have a password manager, you’re interneting wrong. The ability to easily generate new passwords without needing to memorize them is a very good one to have, especially given that password reuse has been a danger to end users for so long that XKCD did a comic about it back in 2010. Remember 2010? America had a black president, people were going on about double rainbows on YouTube, South Africa had discovered a way to give the World Cup a bigger nemesis than FIFA, and people actually congregated in large groups without masks.

Point is, if you’re making a password manager, you don’t want to intentionally make it more annoying for people to use. If people stop using your password manager, the best case is that they switch to a new one. The worst case is that they go back to just trying to memorize hundreds of passwords before giving up and using a single password for everything. Which never ends well.

On the plus side, rather than abandoning password managers entirely, people who don’t want to pay LastPass so seem to be looking for replacement password managers. I wish them the best of luck in doing so; I’m not going to recommend anything specific, but that’s because I use a combination of KeePass and SyncThing. It’s free, and it works well for me, but it’s not a solution I’d recommend to the average user.

But even one person giving up on password managers because of this is too many. If LastPass wants to reduce the free tier’s features, this is really the sort of thing that should be grandfathered in to the existing accounts. The last thing we need is someone using the same complex password for their bank and email as they do for whatever website is showing up on HaveIBeenPwned this month.

*Yes, I know LogMeIn owns LastPass. No, I don’t care. Not for purposes of this blog post, at least.