LastPass, the password manager owned by LogMeIn, is making a core component of its service free.

LastPass helps improve password security by allowing users to generate random passwords and storing them securely, so users don’t have to worry about password reuse leading to one of their accounts being breached.

The company’s payment model has always been sort of frustrating — users could access the the browser extension for free but had to pay an annual fee to take their passwords with them on mobile.
Top comments
2 Nov 16 15 #7
Storage location is irrelevant when they are using a one-way salted hash. Hash is always sent to verify, never your master password, not to mention its encrypted by 256bit AES before being stored. :smirk:
2 Nov 16 10 #4
I personally use keepass, been free from day one and i've never had any issues

Your text here
2 Nov 16 9 #5
Protect your passwords, put them on someone else's servers. :laughing:

Better off using Enpass..
2 Nov 16 4 #8
They all use 256bit AES protected databases and a master passwords.

Yeah lastpass is so secure that its been hacked, what twice now?

Id prefer to store my 256bit AES encrypted password on my own 256bit AES-NI HDDs for free.

In 365 days you will have a choice, subscribe to a premium package, hope for another free code or mess about and try to leave and export your database to another type of application or format that another app can support. Good luck with that!
All comments (64)
2 Nov 16 #1
Hot - submitted earlier but went missing!
2 Nov 16 #2
Nice spot thanks, already use last pass on my comps so mobile for free is great.
2 Nov 16 #3
that's a welcome news
2 Nov 16 10 #4
ukez to kas786
2 Nov 16 2 #6
Keepass is awesome, but Enpass is far better, with a really nice interface, Windows, MAC, IOS, Android support with apps, desktop software, browser plugins.

The Windows desktop version is free, the apps are free up to 20 passwords..

Plus you can store your encrypted database on your own servers or clouds of your choice from Dropbox, Google Drive, One Drive, Box, Folder, Webdav, Owncloud.
2 Nov 16 #9
Not seeing anywhere that this mentions a 1 year free subscription? The services is free across all devices for the life of the product, hence the post, and to be honest using any password manager will introduce exporting issues regardless.
2 Nov 16 2 #10
Are they free now then? Fair enough, but like I said they've already been compromised a couple of times in the past from what I've read.
2 Nov 16 #11
Is enpass opensource?
2 Nov 16 2 #12
Standard procedure I payed for the phone app subscription last month...
2 Nov 16 #13
Is it limited to a numbe of passwords? Asking because the app says it's £8.99 a year for premium.
msmyth to Predikuesi
2 Nov 16 #14
Nope I don't think so.

Premium includes
Everything in Free, plus:

Family Sharing - up to 5 users
Ad free
YubiKey & Sesame 2FA options
Priority tech support
LastPass for applications
Desktop fingerprint identification
1GB of encrypted file storage
2 Nov 16 #15
Interesting. When I use this I get my 60 day trial has ended.
2 Nov 16 1 #16
Nice for free :)Shame that they keep increasing the prices on their other products though.. been a loyal logmein user for 10 years but just too expensive now
2 Nov 16 3 #17
I'm not going to be sucked in. This company has form for taking free services people had relied on for a while and charging with next to no notice. Anyone else remember Hamachi before LogMeIn?

Plus, regardless of that I'm yet to be convinced that linking all your security to a single point of failure is a good idea.
freebiehunter to omgpleasespamme
2 Nov 16 #18
Hamachi is still free for up to 5 connections. I started off with logmein free and then logmein central when it was £250. My central renewal is £1999 plus vat so I've just moved to TeamViewer
2 Nov 16 3 #19
I'm using Roboform and although is on the whole useable, I'm surprised and worried that they never have made had any security breaches at all. All companies will get attacked, the larger the sooner, it is how they deal with it which gives them credibility. Look at Yahoo who tried to keep secret for years that hackers stole millions of email information from them. I'll no longer trust them nor use their services again. On the other hand, Lastpass have been open to their security breaches however minor, even when none of their users password database has actuallly been taken, and their swift counter-measures to hardened their systems against future attacks.

Haven't been a fan a yearly subscriptions so if this premium plan is now free I going to migrate my password data, goodbye Roboform.
Mr cool
2 Nov 16 #20
So this is the way forward then?
2 Nov 16 #21
This is great news. I love lastpass and have been using it now for around 6 months. but wasn't keen on paying extra for mobile. Off to set it up now! :-)
2 Nov 16 #23
No available for Windows phone whereas lastpass is!
2 Nov 16 #24
Does seem to suggest it is £8.99 per annum though
2 Nov 16 2 #25
er, no. the passwords have to be stored using reversible encryption - otherwise how can lastpass tell you your saved passwords.

it's the password controlling the encryption key that's stored after passing through a one-way-salted hash function so that it can be verified.
2 Nov 16 #26
Yes the premium add on is available, however the mobile version can now be used free, premium isn't required as it once was outside of desktop. It's all detailed in the main link. :smiley:
2 Nov 16 2 #27
No, when you login to LastPass, two things are generated from your Master Password using our code discussed previously before anything is sent to the server: the password hash and the decryption key. This is all done locally.

The password hash is sent to our servers to verify you. Once verified, we send back your encrypted Vault. We are only sent your hash, not your Master Password.
The decryption key, which NEVER leaves your computer, is then used to decrypt your Vault once it comes back.

^^^ covered in the FAQ I posted. Decryption key is stored by you, not LastPass.
2 Nov 16 1 #28
SafeInCloud sounds very much like an oxymoron to me.
2 Nov 16 #29
I've just checked my subscription and it's valid until December 2018. I'll cancel to the free version then. :sunglasses:
2 Nov 16 #30
​the way they've been compromised in the past is by phishing, people have created fake pop-ups on sites that look like last pass and get the user to enter their email and master pass
3 Nov 16 #31
That was lucky! My free 6 months expires very soon and was about to pay
3 Nov 16 #32
Great, I finally paid for this last week. I'm tired of being unlucky with this
3 Nov 16 3 #33
Whilst free is free, do yourself a favour and put some hard earned cash into 1Password. Simple, easy to sync and after using KeePass for years previously I love it. Well worth the money especially if you can get it in a bundle which frequently show up.
3 Nov 16 1 #34
safeincloud pro
3 Nov 16 #35
Using 1Password for years works great on all devices, they don't smother you in advertising like LastPASS, unfortunately even 1password now has a subscription. Complicated media editing apps having a subscription I can understand , a simple password manager asking for a sub is a rip off, unfortunately it's common now with software companies as they try this new money for nothing model, no way I'd ever pay for a sub from these companies..if it's free then brilliant but don't be tricked into getting a sub, you can purchase 1password as a single lifetime purchase.
3 Nov 16 2 #36
I agree with what others are saying, because LastPass is now owned by LogMeIn i wouldnt go anywhere near it.
You will spend years filling up your account with sensitive data, then one day you will get an email saying you have 1 week to move to a premium account or you will lose everything.
Thats what they pretty much did with loyal LogMeIn users, some people didnt even get the 7 day warning.
There a plenty of alternatives out there... avoid!!!

Remember when they said LogMeIn will always be free?
3 Nov 16 #37
The difference was that Hamachi's free tier can't connect to logged-off workstations, which it could before the change.
3 Nov 16 #38
Looks good, thanks op.
3 Nov 16 #39
Thanks OP. LastPass is great. And it has been hacked twice. Fortunately it will take a supercomputer a million years to un-encrypt the encrypted data that was stolen. And the hackers don't have a supercomputer. Or a million years.
3 Nov 16 #40
As opposed to Dropbox, OneDrive, Google Drive?

If you want your login credentials synced across multiple devices you are going to need a storage location accessible to your devices. LastPass servers are as good a place as any. Who cares if they've been hacked? Of course they have. They are a huge target for the hacker community.

Did any usable data get compromised? Nope.
3 Nov 16 #41
Thats really weird. My subscription expires in a few days.
3 Nov 16 1 #42
High security systems use 3 factor authentication (3FA):

1. Something you ARE (e.g. fingerprint or iris scan)
2. Something you KNOW (e.g. secret password)
3. Something you HAVE (e.g. authentication key such as a Yubikey)

2FA is gaining traction across much of the internet now (using something you KNOW and HAVE) but 3FA is now becoming possible in the consumer market thanks to technologies such as Microsoft Hello.

Internet security is a big part of my job and I advise all my family and friends to enable 2FA wherever possible.

Check out to see which websites support it.
3 Nov 16 #43
Enpass is based in India. Feeling secure in handing over all your passwords to a company in India? Think about the TalkTalk fiasco.
3 Nov 16 2 #44
Plus, you can further enhance security by following the below principles:

1. Using a sensible and memorable, yet complex password that means something only to you like a sentence you made up or using acronyms of that sentence. For example, either "Th1s is how I'm gonna secure my LastP@$$ account" or [email protected]!

2. Enable Two-factor authentication on your LastPass as passwords alone can't protect you.

3. Most importantly, don't write down your master password anywhere... this sounds basic but one would be surprised how many people do this, especially with complex passwords. This is another reason to follow rule number 1.

4. Never use on a public computer.

5. Always log out when finished using it on your device so you're forced to enter the password fairly regularly so you don't forget it.

6. For sites you do save in LastPass, enable two-factor authentication using an app like Google Authenticator, where available. That way, in the unlikely event your LastPass account gets compromised, the site with the password it protects will still be protected.

7. Use the "Security Challenge" feature often to check your password effectiveness and DO NOT REUSE passwords anywhere, especially your LastPass master password; that's the whole point of using LastPass.

8. Never use to store bank details or passwords for your email accounts, unless they're email accounts you use to remain relatively obscure when signing up for stuff on the Internet. Remember that your email addresses are usually used to reset passwords, hence why I said never store email accounts.
3 Nov 16 2 #45
It's never really a question of "if" a system will be compromised; it's "when". Furthermore, information security is not about completely preventing an attack; it's about deciding what level of risk you're willing to accept and mitigating risks in accordance with that risk appetite.

Every system will have failings; in most cases, it's the human aspect. If you use a tool to sync your passwords that stores data on Dropbox or another cloud platform so you can sync it, there is still an element of risk, even if small. You, the user, can still unwittingly weaken the security of such a system by your actions or lack thereof.

Unless you're really hardcore, I would hazard a guess that your own servers, if they have remote access enabled to allow password syncing are not as secure as LastPass'. Furthermore, Dropbox? Well, I don't need to tell you how often Dropbox has been compromised.

As I said before, the "system" or "tool" is important but, in the end, it's all about the risk you're willing to take and the steps you take to mitigate.
3 Nov 16 #46
Fantastic on Android, sucks on iPhone. Really emphasises how locked down Apple devices are when you try to get the same functionality as the Android version.

Superb app though, genuinely the first app I install on every device I own. Nice big 20-30 character master password and you're away.
3 Nov 16 1 #47
Absolutely. Don't bother messing around with special characters such as !?@#. They are easy to forget. Just make your master password long.

Easiest option is to make up a nonsense phrase unconnected to anything about you. Make sure it generates a clear picture in your mind so you can remember it. Something like "themidgetfarmercrashedhistractorintothevampiresheep".
3 Nov 16 1 #48
I have been a KeePass user for years and jumped to LastPass 3 years ago and what a difference that has made to my everyday life, simple, safe and hugely convenient.

I agree with Techbb.. So a little under two months ago the company that I work for advised us all that our previous payroll firm from 2004 had a disgruntled internal employee who apparently "accessed" the entire personal and banking information for over 280 large UK firms and was subsequently nabbed at a London airport.

So wear a tin foil hat, keep everything offline and yet somehow someone somewhere can so easily steal your data making you live in fear for the foreseeable ... technology is a wonderful thing however humans are the real security risk.
3 Nov 16 #49
Wow thanks for that, currently browsing your email account!
3 Nov 16 2 #50
In all seriousness:
3 Nov 16 1 #51
Installed on iOS and noticed under the Account settings it says "Trial expiration 1 Jan 2017"

Don't think I'm going to invest too much time setting this up if features expire at the end of the year.
3 Nov 16 2 #52
LogMeIn used to be free, then they started charging for it
ukez to cherriman
3 Nov 16 #54
Back in the good old days
3 Nov 16 #53
My offline encrypted HDD's are safer than anything else thanks; I'd say my mind but after a few drinks who knows, I'd probably give them up.

My reference to Dropbox, Box, Folder, Webdav and Owncloud were merely me explaining the additional methods that are available in Enpass over Lastpass. Some people will have different preferences, and some people may already be using them services which might suit them better.

Your wasting your time trying to explain to me...:laughing:
3 Nov 16 #55
Spot on, that's exactly what they said at a DEF CON conference.
3 Nov 16 #56
Freeware with a paid premium service, people have been mislead in this thread.
3 Nov 16 #57
I use dashlane and have for a long time.
3 Nov 16 #58
Your data file is backed up on Google Drive or a cloud server of your choosing.
3 Nov 16 #59
Doesn't sound like it's totally free. Just got email saying it's a 60 day trail. No thank you

Thank you for creating a LastPass account. LastPass is always free, but to help you get started we've also unlocked our Premium features for 60 days. Start saving, sharing, and autofilling passwords for every website today.
4 Nov 16 #60
Logmein, that summarily ended its free PC remote control service and more recently at short notice its free cloud storage service, Cubby. Twice bitten thrice shy.
4 Nov 16 #61
I get the impression, the 60 days is for the premium , however I suspect after the 60 days you revert to the free
4 Nov 16 #62
Thanks for this. just installed it on my phone also
4 Nov 16 #63
You know when you are asked to enter part of the password e.g. 3rd, 5th and final character? Does this software cope with this, or are there others that do?
4 Nov 16 #64
Is it totally free or 2 months trial?
