My hatred of using advertisements to fun “free” services is pretty well known at this point. However, it seems that a lot of people prefer the business model where they’re the product instead of the customer. Knowing that, and knowing that password reuse is still a significant security problem for most people, I feel the need to inform you that LastPass, which still remains a solid password manager despite being bought by LogMeIn, now has an ad supported “free” version:
I’m thrilled to announce that, starting today, you can use LastPass on any device, anywhere, for free. No matter where you need your passwords – on your desktop, laptop, tablet, or phone – you can rely on LastPass to sync them for you, for free. Anything you save to LastPass on one device is instantly available to you on any other device you use.
Anything that may convince more people to start using password managers is a win in my book. People who don’t utilize password managers tend to reuse the same credentials on multiple sites, which significantly increases the damage that a password database leak can cause. Furthermore, using a password manager lowers the hurdle for using strong passwords. Instead of having to use passwords that are memorizable a password manager also allows users to use long strings of pseudorandom characters, which means if a password database is breached the time it takes to unveil their password from its stored hash is significantly increased (because the attacker has to rely on brute force instead of a time saving method such as rainbow tables).
If money has been the only thing that has held you back from using a password manager you should take a look at LastPass’s “free” version. While ads are a potential vector for malware they can be blocked with an ad blocker and the risk of being infected through ads is significantly less than the risks involved in not using a password manager.