LastPass, a password manager I have been recommending for years due to its ease of use and compatibility with pretty much everything, was bought out by LogMeIn. Based on what I’ve read on Twitter, Ars Technica, and Reddit LogMeIn is not a well liked company. In my experience acquisitions usually end up badly for users of the product being acquired. The fact that LogMeIn is viewed so negatively by a huge portion of the Internet further exacerbates my concerns that his acquisition is not good news for LastPass users.
I believe password managers are one of the easiest ways for the average person to improve their security. Due to this acquisition I can’t as confidently recommend LastPass as I have been previously doing. While I’m not going to go so far as to say you shouldn’t use LastPass, as the future is not known, I want to have other recommendations available if things go south.
To that end I’m going to recommend two products. The first is KeePassX. KeePassX is a free password manager that’s available for Windows, Linux, and OS X. It’s an open source product and seems to be well respected amongst users. Unfortunately syncing isn’t available out of the box (there are ways you can setup syncing though), which limits its utility for people who commonly use multiple devices. For many people this could be seen as a feature though as having your passwords, even in an encrypted formate, stored on a third-party server creates more opportunities for compromise. There also seems to be an absence of decent mobile clients.
The second password manager I’m going to recommend, and it’s the one I’m not using, is 1Password. 1Password was the runner up when I was first choosing a password manager. The two reasons I chose LastPass over it were price, LastPass Premium is much cheaper than 1Password, and the fact 1Password isn’t compatible with Linux. It is, however, compatible with OS X, Windows, iOS, and Android. Since I only use Linux and Windows in virtual machines the fact I don’t have password manager for those platforms isn’t that big of a deal (in fact I’ve never used LastPass on either platform outside of initial testing). 1Password can also sync your passwords across your devices with iCloud, Dropbox, or on your local network (although the last option only works between a single Mac and iOS devices so it’s severely limited). Right now the price is pretty reasonable as the developers are having a 40% off sale that is totally because of Cybersecurity Awareness Month and not at all because LastPass’s customers are pretty unhappy right now (it’s just a coincidence the sale start shortly after the news of LastPass’s acquisition broke).
It’s too early to panic over the LastPass acquisition. LogMeIn is promising to keep LastPass’s currently business model in place although those promises don’t seem to be well received due to the company’s history. I switched immediately because the writing on the wall isn’t to my liking and because I want to be familiar with an alternative in case things go south. If you’re happy with LastPass and the acquisition isn’t a concern for you (and let’s be honestly, it won’t be a concern for anybody for a while as it takes some time for the consequences of company acquisitions to manifest) keep using it.
I use Intuitive Password online password manager. It’s a web-based password manager and your data is securely stored in the datacenter. With Intuitive Password, you can easily access your data at any time, any where. It works on all devices without installation.
I haven’t heard of that password manager before and did a cursory glance into it. The first thing that I noticed that really strikes me as a bad idea is that two-factor authentication is only offered on the two highest tiered payment options. Limited the free tier is understandable, especially if it’s mostly acting as a free sample, but greatly reducing the security of the free tier and the cheapest pay option is bad. In fact it’s a practice that disqualifies the product from my recommendation list immediately.
As a user I would encourage you to tell the developers to enable two-factor authentication for all tiers. After all, with the limitation of ten passwords the free tier has it’s already limited enough to encourage customers to choose a paid tier.