Password Security Catch-All Thread

I get that, but that's not a money grab, that is - by your own description - bad marketing. At least with the equivalent license for Bitwarden, you're saving $0.67 dollars a month...

Breaking into the business marketplace is incredibly difficult. Companies like Microsoft have double digit IAM market share, while Lastpass is at 0.06%. But the other companies that do individual and family password management are all in the same boat, only about half the size or less. 1Password is at about 0.01%. Bitwarden is at about the same, so is Dashlane (which starts at $5 a month). About as many people use Google Chrome password management as do Bitwarden! And Lastpass is by far the most popular of the individual password managers.

I get that you had personal experience with Lastpass that left a bad taste, but if they are money-grubbing, it's hard to argue that the entire sector is not doing the same. The difference in pricing for the paid ones is usually a dollar or less per month, for the ones (like Norton and NordPass) that are not tied to an even more expensive service.

People should not be afraid of Lastpass or Bitwarden or 1Password or Dashlane... Just evaluate according to your requirements. None of them will break the bank; indeed, one instance of password theft on your bank account could cost you $50 if a card was compromised and you didn't report it in time, which is around the cost of any of these services family licenses, so have at it! You won't regret it.

Bitwarden self-hosted (with occasional JSON backup exports stored in a VeraCrypt vault) remains my approach.

The money grubbing/typical acquisition behavior to me would be how drastically poor Firefox support became after the acquisition. It lagged behind in features and was buggier than the Chrome equivalent. And their response to support queries got worse too.

So by that same token, if you had a good personal experience that didn't leave a bad taste, that's fine. But after they were acquired it did go downhill as a product. So it wasn't just marketing.

Maybe they recovered, but I switched over to Bitwarden once it seemed reasonable to do so and haven't looked back, and haven't had any problems either.

Pricing-wise, if you don't need multiple licenses then $10/year for Bitwarden or $36 for Lastpass is a bit larger than a few cents a month.

I've used it on Firefox the whole time and no issues. To each his own.

I’ve since moved on to Bitwarden and am very happy with it - including it’s UI compared to LastPass.

MannishBoy wrote:

...Their first screw up was moving too much stuff into the free category, then they swung it back way too far the other direction...

Robear wrote:

I get that, but that's not a money grab, that is - by your own description - bad marketing. At least with the equivalent license for Bitwarden, you're saving $0.67 dollars a month...

Sorry for cherry picking but it is a big part. That is bad business, not marketing. At that point BW was not only more financially stable but also a better value. I jumped ship too.

*The android extension working better (in most ways) was just the bonus.

Robear wrote:

I've used it on Firefox the whole time and no issues. To each his own.

Which would make you lucky, but also unlikely to have needed to open a support request, or to have experienced their unresponsiveness and decline in the quality of their service.

So again, it wasn't just marketing. For some of us the quality of the product AND service declined.

Not to pile onto LastPass, but the degradation of Firefox support is what pushed me to try Bitwarden in the first place. Not sure what the state of things is now.

I honestly have no idea what y'all are talking about. I've been using LastPass with Firefox as my primary browser (occasionally Chrome/Edge/Safari), on PC and on iOS, and I don't think I've ever run into anything that would remotely give me reason to switch to anything else. It just works, and is straightforward enough that my kids and parents can use it easily enough.

merphle wrote:

I honestly have no idea what y'all are talking about. I've been using LastPass with Firefox as my primary browser (occasionally Chrome/Edge/Safari), on PC and on iOS, and I don't think I've ever run into anything that would remotely give me reason to switch to anything else. It just works, and is straightforward enough that my kids and parents can use it easily enough.

Me neither, but that doesn't discount other users' bad experience of course. I stuck with Lastpass because my not so techie wife is used to it (mostly on Chrome and Android) and it hasn't been worth the hassle. She has more issues with the Chrome extension being unresponsive sometimes, so YMMV.

Robear wrote:

I get that, but that's not a money grab, that is - by your own description - bad marketing. At least with the equivalent license for Bitwarden, you're saving $0.67 dollars a month...

But I'm saving infinity percentage wise, because Bitwarden give me everything I need for free. To the point I feel I will probably upgrade to the $10 tier just to contribute to something I value.

You may be right. Their hard pivot to a business model that didn't suit me may have helped them win financially. Maybe that was their goal, running off a bunch of accounts that didn't pay them much if anything may have been the right move. Up their revenue per account number.

I know that they had to make me pretty irritated to get me to switch cause there's quite a bit of perceived friction and nervousness about switching something so important. Now that I've moved, good luck getting me back as a customer.

I will say I've never fully moved from their MFA app. I'm spread across Google, LastPass, and MS. Slowly migrating to MS for it's cloud sync and the fact I have to use it for various clients in my job anyway.

Articles going around saying LastPass's master passwords may have been compromised.

Not linking anything in particular since it doesn't appear definitive as to exactly what's happened yet.

LastPass is claiming that's not what happened, and that blocked login attempts were instead a result of attackers attempting to access accounts using credential leaks from other services, and sometimes either succeeding (don't reuse passwords!) or getting the login function temporarily locked for those accounts.

Don't know if that's the truth, but that's their claim so far.