23 votes

LogMeIn (owner of LastPass, GoToMeeting, GoToWebinar, OpenVoice and join.me) is being acquired by private equity firms for $4.3 billion

29 comments

  1. [28]
    liGF8qkq
    Link
    Time to leave Lastpass. Best alternative?

    Time to leave Lastpass. Best alternative?

    9 votes
    1. [4]
      Deimos
      Link Parent
      I left it for Bitwarden a few years ago (when they were acquired by LogMeIn in the first place), and have been happy with it. It will probably depend if there are certain capabilities you need,...

      I left it for Bitwarden a few years ago (when they were acquired by LogMeIn in the first place), and have been happy with it. It will probably depend if there are certain capabilities you need, but Bitwarden's been great for me.

      20 votes
      1. VoidOutput
        Link Parent
        I've switched from Lastpass to Bitwarden as well, about a month ago. Better compatibility with some apps on Android, better website (IMO).

        I've switched from Lastpass to Bitwarden as well, about a month ago. Better compatibility with some apps on Android, better website (IMO).

        5 votes
      2. zptc
        Link Parent
        Also chiming in for Bitwarden. I'm not a super power user, so my needs are pretty basic, but it's worked fine for me.

        Also chiming in for Bitwarden. I'm not a super power user, so my needs are pretty basic, but it's worked fine for me.

        4 votes
      3. mian
        Link Parent
        Same here. Bitwarden's been great.

        Same here. Bitwarden's been great.

        1 vote
    2. seizethegoddamngap
      Link Parent
      A self-hosted KeePass database, synced to/between devices by Nextcloud or syncthing.

      A self-hosted KeePass database, synced to/between devices by Nextcloud or syncthing.

      13 votes
    3. whbboyd
      Link Parent
      I use zx2c4 pass, together with passff for browser integration, replicated through a private self-hosted git repo. This is free software, self-administered, and based 100% on open formats and...

      I use zx2c4 pass, together with passff for browser integration, replicated through a private self-hosted git repo.

      This is free software, self-administered, and based 100% on open formats and protocols, and I love it; but it's not a drop-in replacement for one of the commercial password managers. The integrations are not as tight, interfaces not as shiny (though in most cases significantly more powerful), and you will have to administer it yourself; but if all that sounds fine to you, I'd highly recommend taking a look.

      10 votes
    4. NaraVara
      Link Parent
      I switched to 1Password. Unfortunately it has a monthly fee, but it's handy to be able to protect accounts for my whole family and functionally act as household sysadmin. Once I habituate the...

      I switched to 1Password. Unfortunately it has a monthly fee, but it's handy to be able to protect accounts for my whole family and functionally act as household sysadmin. Once I habituate the family to using a password manager I might transition us to BitWarden and save myself some money. $10 a year sounds way better than $5 a month.

      7 votes
    5. [17]
      Keegan
      Link Parent
      There's probably no real need to leave. At worst the biggest impact this will have on LastPass would probably be an increase in price for new customers, and existing ones will probably be...

      There's probably no real need to leave. At worst the biggest impact this will have on LastPass would probably be an increase in price for new customers, and existing ones will probably be grandfathered in.

      1 vote
      1. [2]
        milkbones_4_bigelow
        Link Parent
        Even still, a great FOSS alternative is Bitwarden.

        Even still, a great FOSS alternative is Bitwarden.

        4 votes
        1. Keegan
          Link Parent
          Yeah true. It's easier to trust something when it's open source.

          Yeah true. It's easier to trust something when it's open source.

          3 votes
      2. [14]
        ubergeek
        Link Parent
        And selling your data to the highest bidder after they've gutted the assets from logmein, and saddling it with debt before liquidating

        And selling your data to the highest bidder after they've gutted the assets from logmein, and saddling it with debt before liquidating

        2 votes
        1. [13]
          Keegan
          Link Parent
          I don't think they would sell passwords. That would be a huge scandal that would cause lots of lawsuits.

          I don't think they would sell passwords. That would be a huge scandal that would cause lots of lawsuits.

          1 vote
          1. [12]
            ubergeek
            Link Parent
            Right, suing a bankrupt business that went under will be successful.

            Right, suing a bankrupt business that went under will be successful.

            1. [11]
              Keegan
              Link Parent
              No need to be rude about it. Wouldn't GDPR and other things prevent that scenario anyways? I'm sure flat out sale of passwords is illegal.

              No need to be rude about it. Wouldn't GDPR and other things prevent that scenario anyways? I'm sure flat out sale of passwords is illegal.

              3 votes
              1. [6]
                cfabbro
                (edited )
                Link Parent
                Not only that, but it shouldn't even technically be possible for them to do anyways, since they only store the salted hash of your master password + your already encrypted vault data, and the rest...

                Not only that, but it shouldn't even technically be possible for them to do anyways, since they only store the salted hash of your master password + your already encrypted vault data, and the rest of the operation is one-way, with encryption+decryption happening at the local device level. And were they to try to surreptitiously change that process so they could read your passwords, I imagine it would get leaked pretty quickly that they had. And ultimately, I very much doubt even the stupidest/greediest private equity firm in the world would risk all that just for the meager earnings they could make selling the data, IMO.

                4 votes
                1. Keegan
                  Link Parent
                  I was thinking that, and had it typed out (in much more vague terms because I don't know exactly how salting and all that works) but erased it because I didn't want to accidentally misinform.

                  shouldn't even technically be possible for them to do anyways

                  I was thinking that, and had it typed out (in much more vague terms because I don't know exactly how salting and all that works) but erased it because I didn't want to accidentally misinform.

                  1 vote
                2. [4]
                  ubergeek
                  Link Parent
                  That you know of. Have you examined the source code running on the client, and on the server?

                  Not only that, but it shouldn't even technically be possible for them to do anyways, since they only store the salted hash of your master password + your already encrypted vault data, and the rest of the operation is one-way, with encryption+decryption happening at the local device level.

                  That you know of.

                  Have you examined the source code running on the client, and on the server?

                  1. cfabbro
                    (edited )
                    Link Parent
                    I haven't ever inspected the proprietary code of Microsoft, Apple, Google, Amazon, Adobe, Etc either. Nor have I examined the code of every piece of open-source software that I use. Nor do I...

                    I haven't ever inspected the proprietary code of Microsoft, Apple, Google, Amazon, Adobe, Etc either. Nor have I examined the code of every piece of open-source software that I use. Nor do I compile everything from source myself. Why not? For the same reasons I don't actually need to have inspected the code of LastPass to still feel relatively comfortable using their software.

                    When it comes to software, both closed and open, the larger a company/project is, the more people that have worked on it, and the more eyes there are on it (internally and externally), the more trust you can generally grant them due to the fact that conspiracies get harder to maintain the larger they are and the more people that are involved.

                    Not only that, but a lot of people way smarter than myself in the netsec industry have already taken a deep look at Lastpass, and while some have identified the occasional vulnerability, none have accused them of foul play. E.g. The Google Project Zero team clearly keeps an eye on LastPass, as they have identified vulnerabilities in the past and properly reported them so LastPass could fix them. See: https://blog.lastpass.com/2017/03/important-security-updates-for-our-users.html/

                    1 vote
                  2. [2]
                    Keegan
                    Link Parent
                    I could say the same thing about anything, but that doesn't make me right. Making claims like that need proof. You're also being very disingenuous.

                    I could say the same thing about anything, but that doesn't make me right. Making claims like that need proof.

                    You're also being very disingenuous.

                    1. ubergeek
                      Link Parent
                      I'm being very practicable. Especially when concerning vultures of the economic industry.

                      I'm being very practicable.

                      Especially when concerning vultures of the economic industry.

              2. [4]
                ubergeek
                Link Parent
                Fining a bankrupted company usually doesn't work very well.

                Fining a bankrupted company usually doesn't work very well.

                1. [3]
                  Keegan
                  Link Parent
                  Are you ok? This is very irregular behavior for you.

                  Are you ok? This is very irregular behavior for you.

                  1. [2]
                    ubergeek
                    Link Parent
                    Yes. Not sure how this is "irregular". Yes, there are fines that can be leveled against companies violating privacy laws. Fines don't usually work very well against a company filing bankruptcy.

                    Yes. Not sure how this is "irregular". Yes, there are fines that can be leveled against companies violating privacy laws. Fines don't usually work very well against a company filing bankruptcy.

                    1. Keegan
                      (edited )
                      Link Parent
                      I'm not continuing discussion with you here. This is just us bickering in two threads now, which occasionally gets threads locked. There's no good outcome for either of us.

                      I'm not continuing discussion with you here. This is just us bickering in two threads now, which occasionally gets threads locked. There's no good outcome for either of us.

                      2 votes
    6. sron
      Link Parent
      I use Dashlane. It is a bit more expensive but includes a VPN so I don't have to get another one separately.

      I use Dashlane. It is a bit more expensive but includes a VPN so I don't have to get another one separately.

      1 vote
    7. Kenny
      Link Parent
      I use 1Password and am happy.

      I use 1Password and am happy.

  2. emdash
    Link
    LastPass always felt janky and poorly designed whenever I had to use it at work. It would flash content on the log in form, the UI of the dashboard was pretty dismal, and it didn't give a good...

    LastPass always felt janky and poorly designed whenever I had to use it at work. It would flash content on the log in form, the UI of the dashboard was pretty dismal, and it didn't give a good sense of security at all.

    3 votes