LastPass adjusts terms, puts spotlight on secure password managers

GVL / Sara Carte - IT Help Desk worker Grant Miller works on his computer to help students in the Mary Idema Pew Library on Wednesday, Sept. 23, 2015.

Sara Carte

GVL / Sara Carte – IT Help Desk worker Grant Miller works on his computer to help students in the Mary Idema Pew Library on Wednesday, Sept. 23, 2015.

Fabian Segura

Password managers have been in the news again following the announcement Feb. 17 from LastPass regarding its free tier of service. I’ve been using their services since 2014 but the new terms of service have made me switch away entirely.

Starting March 16, that free tier becomes much more limited in that you can only use one type of device per account — either a mobile device or desktop. In addition, email support has been removed and users are instead guided to consult the support center for self-help.

As someone that uses multiple types of devices, this change in service was a signal for me to switch platforms. I already had my doubts about the service ever since the purchase of the company back in 2015 by LogMeIn, creators of Hamachi and other services. Since then, they had increasingly pushed their paid plans on login, but this new change was all the reason to finally switch to Bitwarden in my case. The removal of email support on a password management service only further makes the new changes seem like a way to push the paid tier.

I chose Bitwarden over all the other competitors in the space for a few reasons. For one, it offered an easy step-by-step guide to quickly transition from LastPass to its systems. For another, unlike Keepass, it offered similar application support with autofill chrome extensions and synchronization. Being open-source and having very little tracking were added bonuses. 

You might wonder why it’s so important to have a password manager. With increasingly stringent password requirements such as GVSU’s recent 16 character minimum, you may be tempted to reuse or create an easy password. This undermines the point of those longer passwords since reusing that password across multiple websites means one breach of security is all it takes for your other logins to be compromised.

You could store your passwords somewhere like writing them down on a piece of paper, but that creates its own set of security problems if you were to lose or misplace them. 

Instead, password managers have filled that void as an easy way to not only store and protect your passwords, but to make the entire login process easier. Some of them even have features to generate passwords or double-check with a database — such as Have I Been Pwned — to see if your email and password have been used in conjunction.

One could argue that with a good memory, password managers are not necessary or create a single point of failure. So long as you don’t use SMS two-factor authentication (2FA), having an extra verification step with 2FA not only alerts you to attempts to login but also when it’s time to change passwords.

When I originally chose LastPass and its later replacement in Bitwarden, autofill was a key feature for me.

Auto filling passwords is based on the domain of the website (the name right before .com or .org). If you get a malicious email masquerading as a legit website, even if it looks legitimate to you, your password manager won’t autofill the login fields since it’s not the right website. In this aspect, a password manager can save you from typing credentials into any old website that you thought was legitimate. 

With the rising amount of digital accounts that have personal or financial information tied to them, it’s important to keep them secure. A password manager can help ease the burden of creating or remembering passwords. While LastPass may have burned me away from its product, it’s a good reminder for people to choose carefully where they store their secrets.