When someone asks you how to become more “cyber secure” in their daily life, what are some things that come to mind? Maybe it’s telling them to lock their computer when they step away from it, to enable Two-Factor Authentication, or set their profiles to private. Another large piece almost anyone who has cared about their personal security stature has heard is “don’t reuse passwords”. A great rule of thumb to password hygiene is remembering that passwords are like underwear:
– Change them regularly
– Don’t share them with anyone
– Don’t leave them on your desk
Over the years, we’ve graduated from sticky notes, little password books, and locked excel spreadsheets and many people have moved onto password managers to help with their password hygiene. For those that may be unaware, password managers are programs that can be used to store credential information for numerous different services that require logins. The goal of password managers is to stop password reuse, by helping users spin up long, complex passwords to secure their accounts. Users then do not have to memorize or write down numerous lengthy and complicated passwords, they only need to remember one! The master password to unlock the password manager itself.
The first password manager I ever used was Password Safe. While I enjoyed the easy-to-navigate UI and ease of install/access, I quickly realized this would not be the best solution for me. I need to access accounts on both my desktop and my phone! Password Safe, while supporting a few mobile clones, just wasn’t the best solution for me. After a little bit of digging, I then moved on to LastPass and was very much a fan of that manager and recommending it to friends…until February 16th, 2021.
Recently, LastPass has announced some changes to it’s free version of the software starting on March 16th. This change makes it so that users of its free tier are only able to access their login credentials on one active device type. Meaning that if you’re trying to log into a website on your mobile device, but only have your desktop computer as your active device with LastPass, you cannot access any of your login credentials. Users (at this time) can also only change their active device type three (3) times. I, personally, find this to be a user experience nightmare. If I can’t access my passwords on at least two of my main devices, it makes having a password managers seem null and void to me. If I choose to have my computer as my active device, I may not be able to log into services on my phone. I won’t always be in front of my computer where I have easy access to my vault. The same can be said for users who choose to make their phones their active device type. I’m not going to memorize or write down different versions of “********************” for all the different services I use if I can’t access my active device type. The whole point of making “********************” my password(s) is that it’s an extremely long and difficult to crack password that I will not be able to remember, hence why I use a password manager. This makes my account more secure than if my password was just “password2021!” for all the accounts I access on a regular basis.
Also starting May 17th, Free users of LastPass (who have already lost some functionality of the service due to their new active device policy which will be implemented by then) are also only eligible to receive their basic tier of support services. The Basic tier of their support services only cover their support center (which is just a run of the mill FAQ page) and Community forums.
The Freemium pricing model is something commonly seen in the password manager software space. Freemium models are where a basic product/service is provided free of charge, but money (a premium) is charged for additional features, services, or goods that can be offered. Usually, the free end of freemium products contain the bare bones of a product. In software terms, this means that the free version of the software has basic functionality and similar user interface or experience to that of the paid version. The free versions also receives updates, patches, and improvements along with the paid version, as simple functionality should remain in tact between various versions of the software. At the end of the day, if you pay or if you don’t pay, every user get’s the same basic functionality and experience.
There are many reasons why someone may pay for software that runs on a freemium model. Maybe it’s a storage service and they require more space to store their data, or maybe it’s a streaming app and a user is tired of always skipping ads. At the end of the day, even if the users decide not to pay for a service, they still can preform basic functionality one would expect in these services!
A freemium storage service should allow me to create folders or delete files I no longer need. A freemium streaming service should still let me rewind, skip, or replay a piece of media. A freemium password manager should let me access my passwords on any device as long as I’m able to verify my identity as the manager or account owner.
Many password managers have a free tier to their users. Bitwarden, Keeper, or even the pre-built password manager that came with your internet browser of choice all have one thing in common. No matter what device you use, as long as you can log into that one service that stores your credentials, you can access your credentials from any device you may need.
I’m not here to tell you what password manager you should use. That is entirely up to you! Everyone has different needs, preferences, and concerns when deciding what password manager they should use (if they feel comfortable using one at all). I’m here to remind you that passwords are like underwear, you don’t pay for them to only cover part of your behind.