LastPass was, for seven years, my password manager of choice. I liked that Steve Gibson of Gibson Research Corporation liked it. I liked that it had Yubikey support. I liked that it had an app for my iPhone. I liked that because it was a cloud service, my passwords followed me around.
The idea is a good one, too: memorize a single complex password, use it plus 2FA (“second factor authentication” in this case my Yubikey) and then make the passwords on every other web site extremely complex. Like Hn6k344SdRt#CT_Epste1nd1dn’tk1llh1mself_PFnPr2XP#J$4P*@Lyxi!r complex.
I did not mind paying for that service, since I know that it costs money to run servers and pay employees and such. The price really wasn’t too bad, either.
But somewhere along the line, the creators of LastPass decided to cash out. They sold the company to LogMeIn. But now, the LogMeIn folks are out cash money, and they need to make that money back; the quicker, the better. Suddenly I and all their other customers began to look like marks to be played.
For several months, I wanted to take a screen shot of my LastPass initial login screen, and then post the screenshot to the Reddit Asshole Design community. What it was, was that all of a sudden, LastPass would post a fake “Warning – We Care About Your Security” alert every time I logged in. But what it really was, was a request to put my credit card number on file with them, so they could auto-renew. It wasn’t about my security. It was about theirs. I’m going to need to buy a pair of cowboy boots, the bullshit is getting so deep around here.
This was a constant reminder that the company had changed, and wasn’t the same company I signed up with. What finally pushed me over the edge was their announcement that as of March 16, 2021 you have to pay, or else “no passwords for you!” if you want to use LastPass on mobile. So now we see their true character: “I Am Altering the Deal, Pray I Don’t Alter It Any Further.”
And I’m out.