Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

MacRumors

macrumors bot
Original poster
Apr 12, 2001
68,719
39,661



Popular password management LastPass today announced plans to introduce a new family plan, LastPass Families. The new plan is designed to allow up to six family members to store and access all of their passwords and documents from any device.

With LastPass Families, family members can share access to bank accounts, credit cards, and more, for every day use or in case of an emergency. According to LastPass, each individual family member will have access to unlimited shared folders with family members, emergency access, and a family dashboard where the family manager can add and remove members. Family members will also have a private, personal vault for storing passwords that are not shared.

lastpassfamilies-800x294.jpg

LastPass plans to launch LastPass Families later this summer, but customers can sign up now to get early access to the feature. All LastPass Premium customers will also get a chance to try LastPass Families for free for six months.

LastPass Premium is priced at $12 per year, but family pricing has yet to be announced.

Article Link: Password Manager LastPass to Debut New Family Plan Later This Summer
 
I still don't understand how this is better than the numerous free options out there. Doesn't safari and chrome do all of this already? I swear there are dozens of free multiplatform apps that do all this already.​
 
I still don't understand how this is better than the numerous free options out there. Doesn't safari and chrome do all of this already? I swear there are dozens of free multiplatform apps that do all this already.​
safari doesn't do two factor and doesn't work on windows
google needs a separate app for two factor and doesn't play well with safari on iOS/iOS apps
 
  • Like
Reactions: rezzo
I still don't understand how this is better than the numerous free options out there. Doesn't safari and chrome do all of this already? I swear there are dozens of free multiplatform apps that do all this already.​

1. How do you share passwords with family members across devices that you may or may not have access to? It's an insane pain if, for example, you need to change passwords, particularly if you use long, strong, random passwords. The family features of 1Password are awesome and really useful for aging parents.

2. 2 factor authentication, built in to these apps with no disasterous updates like happened to google auth.
 
  • Like
Reactions: orbital~debris
What about iCloud Keychain it’s free and very useful

How do you share an iCloud Keychain with multiple people?

What if you want to create random security questions with random answers?

What if you want to securely store other things besides log ins, like bank account numbers, social security numbers, and so on?

I said it above, but having a secure shared vault is incredibly handy. Obviously not useful if you are flying solo.
 
  • Like
Reactions: orbital~debris
safari doesn't do two factor and doesn't work on windows
google needs a separate app for two factor and doesn't play well with safari on iOS/iOS apps

With regard to the paid part-paid options allow devs to continue to develop and broaden the app's ability to other platforms. They have more resources to take advantage of iOS features (iCloud drive, build apps for all platforms, etc).

Then there is the password generators, auditing of your log-ins (duplicate passwords, old passwords that should changed), other misc data that does not fit into any kind of internet based item (WiFi passwords, app license info).

Those are just some additional thoughts
 
  • Like
Reactions: riverfreak
I still don't understand how this is better than the numerous free options out there. Doesn't safari and chrome do all of this already? I swear there are dozens of free multiplatform apps that do all this already.​

Up until a couple months ago, I'd have to remember all my (fairly simple and similar) passwords across many websites. Then I decided to look into a password manager, and over again I'd see LastPass as one of the top dogs in terms of security. Never once did I see 1Password. I use Chrome on Mac, and I've read the security of the password manager isn't top notch. Plus what if I need my passwords on a different device? Now I can login to any account, anywhere, with one master password. I figure the $12 a year is worth it. Works flawless on Chrome for Mac, and iOS.

http://www.pcmag.com/review/317692/lastpass-4-0-premium
 
Then I decided to look into a password manager, and over again I'd see LastPass as one of the top dogs in terms of security.

LastPass has a history of terrible vulnerabilities. Just last year, there was a vulnerability where any random webpage could read all your passwords from LastPass:

https://labs.detectify.com/2016/07/27/how-i-made-lastpass-give-me-all-your-passwords/

This year, there were also vulnerabilities that allowed attackers to extract passwords or to run arbitrary code on a victim's machine:

https://www.engadget.com/2017/03/22/critical-exploits-found-in-lastpass-on-chrome-firefox/

A former Lastpass engineers calls the Lastpass code 'neglected' and 'scary':

https://twitter.com/ejcx_/status/758081553712820225
[doublepost=1500445215][/doublepost]
Doesn't safari and chrome do all of this already?

The problem is that you are only one browser vulnerability away from exposing all your passwords. Good password managers separate the browser extension and password store into separate sandboxed processes. Moreover, they require mutual authentication between these two components. As a result, a compromised browser or extension cannot vacuum your passwords.

Edit: it might be the case that iCloud Keychain <-> Safari does such isolation.
 
Last edited:
  • Like
Reactions: orbital~debris
LastPass has a history of terrible vulnerabilities. Just last year, there was a vulnerability where any random webpage could read all your passwords from LastPass:

https://labs.detectify.com/2016/07/27/how-i-made-lastpass-give-me-all-your-passwords/

This year, there were also vulnerabilities that allowed attackers to extract passwords or to run arbitrary code on a victim's machine:

https://www.engadget.com/2017/03/22/critical-exploits-found-in-lastpass-on-chrome-firefox/

A former Lastpass engineers calls the Lastpass code 'neglected' and 'scary':

https://twitter.com/ejcx_/status/758081553712820225

Interesting! Thanks for sharing this info. Is there a password manager you have found to be superior?
 
Interesting! Thanks for sharing this info. Is there a password manager you have found to be superior?

I have used 1Password since 2010 or so. In that window, there were some vulnerabilities, but not as grave and frequent as Lastpass. They have also isolated the browser extension from the actual password manager and use authentication.

https://support.1password.com/mini-extension-security/

That said, I strongly dislike their switch to a subscription model and cloud storage. You can still use 1Password with local vaults, but they have made it excessively complicated to purchase standalone licenses (you have to send an e-mail to them to come to some arrangement). I also didn't like the process, they went from offering subscriptions to as an alternative, to hiding the standalone version as much as possible, to making it impossible to directly purchase a license. But 'they did it all for the customer, because perpetual licenses and local vaults are complicated'.
 
google needs a separate app for two factor and doesn't play well with safari on iOS/iOS apps

A separate app from what? Isn't this just a seperate app?
Google seems to work on iOS for me.
[doublepost=1500601729][/doublepost]
1. How do you share passwords with family members across devices that you may or may not have access to? It's an insane pain if, for example, you need to change passwords, particularly if you use long, strong, random passwords. The family features of 1Password are awesome and really useful for aging parents.

2. 2 factor authentication, built in to these apps with no disasterous updates like happened to google auth.

1. I try to avoid sharing passwords with people. When would I ever need to give someone access to one of my accounts that I couldn't provide when I meet them face to face? What is an example of an emergency acount sharing?

2. So this app can't get updates? That's the only way to avoid disastrous updates right? Cause technically it could have one if updates are made?
[doublepost=1500601830][/doublepost]
Up until a couple months ago, I'd have to remember all my (fairly simple and similar) passwords across many websites. Then I decided to look into a password manager, and over again I'd see LastPass as one of the top dogs in terms of security. Never once did I see 1Password. I use Chrome on Mac, and I've read the security of the password manager isn't top notch. Plus what if I need my passwords on a different device? Now I can login to any account, anywhere, with one master password. I figure the $12 a year is worth it. Works flawless on Chrome for Mac, and iOS.

http://www.pcmag.com/review/317692/lastpass-4-0-premium

Couldn't you just use your phone to look up the password and then enter it manually? That way you can use any device in private mode and not worry about exposing everything?
[doublepost=1500601950][/doublepost]
The problem is that you are only one browser vulnerability away from exposing all your passwords. Good password managers separate the browser extension and password store into separate sandboxed processes. Moreover, they require mutual authentication between these two components. As a result, a compromised browser or extension cannot vacuum your passwords.

Edit: it might be the case that iCloud Keychain <-> Safari does such isolation.

Arn't you also one app vulnerabily or server vulnerability away from the same fate? Why does the device that isn't yours need direct access to the content? Why can't you just look it up and then enter in manually if you don't own the device you are adding it to?
 
A separate app from what? Isn't this just a seperate app?
Google seems to work on iOS for me.

Chrome doesn't save two factor so Google Authenticator is needed (unless they changed it?). So you need Chrome + Google Authenticator whereas 1Password holds all of your passwords with two factor.

so if you're on a Mac, you'll need to launch Google Authenticator on iOS. 1Password for Mac has everything.
 
Chrome doesn't save two factor so Google Authenticator is needed (unless they changed it?). So you need Chrome + Google Authenticator whereas 1Password holds all of your passwords with two factor.

so if you're on a Mac, you'll need to launch Google Authenticator on iOS. 1Password for Mac has everything.

Oh. So 1password is also a web browser? If you also have to launch a browser I'm not sure how you removed any steps.
 
Oh. So 1password is also a web browser? If you also have to launch a browser I'm not sure how you removed any steps.

are you talking about iOS or Mac?

regarding iOS:
you can either use 1password's built in browser or use the share extension in any other browser that supports share extensions to autofill. with Chrome, you're stuck using Chrome's browser and must rely on a separate google authenticator app to fill in the 2nd factor.

also many iOS apps natively support 1Password so you don't need to swap applications to find your app password. with chrome, you'll need to leave your app -> goto chrome -> find your app password -> copy -> go back to your app -> fill in username/password -> leave app -> goto google authenticator -> copy two factor -> paste into app.
with 1password it's literally: tap 1password icon -> select credentials -> done.

regarding Mac:
you can use 1password's safari extension to fill in everything. no need to launch 1password on the iphone to get the second factor code.
with chrome, you have to launch google authenticator on your phone then fill in on your mac manually.
 
  • Like
Reactions: Primejimbo
A separate app from what? Isn't this just a seperate app?
Google seems to work on iOS for me.
[doublepost=1500601729][/doublepost]

1. I try to avoid sharing passwords with people. When would I ever need to give someone access to one of my accounts that I couldn't provide when I meet them face to face? What is an example of an emergency acount sharing?

2. So this app can't get updates? That's the only way to avoid disastrous updates right? Cause technically it could have one if updates are made?

Edited your post down to the questions directed to me.

1. Elderly parents who live far, far away. I have power of attorney and I manage their finances. Sometimes they want to look in too. Separately I have a shared vault with my significant other for shared financial resources, netflix, etc.

2. Did you hear about the disasterous google auth update? You know what happens when you lose your 2FA? A big huge ball of hurt lands on you, that's what. Yes this could happen for any app but I tend to trust companies that I actually pay, instead of those that are selling my data to make a profit. It's hard to discern their intention.
 
are you talking about iOS or Mac?

regarding iOS:
you can either use 1password's built in browser or use the share extension in any other browser that supports share extensions to autofill. with Chrome, you're stuck using Chrome's browser and must rely on a separate google authenticator app to fill in the 2nd factor.

also many iOS apps natively support 1Password so you don't need to swap applications to find your app password. with chrome, you'll need to leave your app -> goto chrome -> find your app password -> copy -> go back to your app -> fill in username/password -> leave app -> goto google authenticator -> copy two factor -> paste into app.
with 1password it's literally: tap 1password icon -> select credentials -> done.

regarding Mac:
you can use 1password's safari extension to fill in everything. no need to launch 1password on the iphone to get the second factor code.
with chrome, you have to launch google authenticator on your phone then fill in on your mac manually.

And now when you select credentials in 1Password it copies your 2FA to the clipboard. Dunno if this is dangerous or not but it's pretty slick and makes the process that much quicker!
 
I still don't understand how this is better than the numerous free options out there. Doesn't safari and chrome do all of this already? I swear there are dozens of free multiplatform apps that do all this already.​
No, Safari and Chrome do very little of what LastPass does. All they do is store passwords. LastPass will generate passwords for you so that you are using unique passwords for each site. It will also audit your stored passwords and let you know if there have been hacks to any of the websites you store passwords for or if your email address has been leaked in any type of public hack. Plus, LastPass works for apps (not just browsers) and works on pretty much any device.

Btw, LastPass is free. Only premium features are paid like sharing. And its a whopping $1/month.
[doublepost=1501049136][/doublepost]
And now when you select credentials in 1Password it copies your 2FA to the clipboard. Dunno if this is dangerous or not but it's pretty slick and makes the process that much quicker!
Storing a two factor code in the clipboard isn't dangerous since the code quickly expires. There's nothing useful about random numbers after they expire.
 
I have used 1Password since 2010 or so. In that window, there were some vulnerabilities, but not as grave and frequent as Lastpass. They have also isolated the browser extension from the actual password manager and use authentication.

https://support.1password.com/mini-extension-security/

That said, I strongly dislike their switch to a subscription model and cloud storage. You can still use 1Password with local vaults, but they have made it excessively complicated to purchase standalone licenses (you have to send an e-mail to them to come to some arrangement). I also didn't like the process, they went from offering subscriptions to as an alternative, to hiding the standalone version as much as possible, to making it impossible to directly purchase a license. But 'they did it all for the customer, because perpetual licenses and local vaults are complicated'.
Seems like they changed their mind.
Agilebits Blog said:
We finally have enough visibility to chart a course for the future, so we’re happy to announce that standalone vaults will be an available entree on the menu in 1Password 7 for Windows. 1Password 7 will be free with your 1Password membership, but if memberships aren’t for you, paid licenses will also be available.
More details here and in the comments section: https://blog.agilebits.com/2017/08/01/1password-6-7-for-windows-a-feature-buffet/
Personally I will stick with 1Password after using LastPass for the past 3 years.
 
So you are saying that the 100 million US dollars they've received from LogMeIn aren't enough to sustain the free tire? Then why would you offer it in the first place? I guess it was a well thought plan just to gain market share.
 
Last edited:
Disappointed in lastpass 'Family' feature ... in that even the Premium account is limited to one shareable 'folder'. If I want different levels of access -- like a) between me and my wife (e.g., finance, household, etc.), b) among the immediate family -- including the kids (like cable / TV etc.), c) among extended family (e.g., for photo sharing) -- can't do it unless you go to small business or enterprise account. But when you go that route, you're now paying for and managing everyone else's accounts ... which I don't want.

Who has a "Family sharing" feature that actually works well?
 
Disappointed in lastpass 'Family' feature ... in that even the Premium account is limited to one shareable 'folder'. If I want different levels of access -- like a) between me and my wife (e.g., finance, household, etc.), b) among the immediate family -- including the kids (like cable / TV etc.), c) among extended family (e.g., for photo sharing) -- can't do it unless you go to small business or enterprise account. But when you go that route, you're now paying for and managing everyone else's accounts ... which I don't want.

Who has a "Family sharing" feature that actually works well?
I have 1Password families and I have 3 extra vaults set up with different family members. 1 vault with my wife and my daughter, and I made it so my wife can change stuff in that vault, and my daughter can’t make any changes at all (read only). Another one with my wife and in-laws, and I can do the same. It’s pretty convenient.

Each family member can also make other vaults (one for work and one for personal)
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.