Become a MacRumors Supporter for $25/year with no ads, private forums, and more!

MacRumors

macrumors bot
Original poster
Apr 12, 2001
56,619
19,368



Popular password management LastPass today announced plans to introduce a new family plan, LastPass Families. The new plan is designed to allow up to six family members to store and access all of their passwords and documents from any device.

With LastPass Families, family members can share access to bank accounts, credit cards, and more, for every day use or in case of an emergency. According to LastPass, each individual family member will have access to unlimited shared folders with family members, emergency access, and a family dashboard where the family manager can add and remove members. Family members will also have a private, personal vault for storing passwords that are not shared.

lastpassfamilies-800x294.jpg

LastPass plans to launch LastPass Families later this summer, but customers can sign up now to get early access to the feature. All LastPass Premium customers will also get a chance to try LastPass Families for free for six months.

LastPass Premium is priced at $12 per year, but family pricing has yet to be announced.

Article Link: Password Manager LastPass to Debut New Family Plan Later This Summer
 

4jasontv

macrumors 603
Jul 31, 2011
6,093
7,326
I still don't understand how this is better than the numerous free options out there. Doesn't safari and chrome do all of this already? I swear there are dozens of free multiplatform apps that do all this already.​
 

farewelwilliams

Suspended
Jun 18, 2014
4,966
18,035
I still don't understand how this is better than the numerous free options out there. Doesn't safari and chrome do all of this already? I swear there are dozens of free multiplatform apps that do all this already.​
safari doesn't do two factor and doesn't work on windows
google needs a separate app for two factor and doesn't play well with safari on iOS/iOS apps
 
  • Like
Reactions: rezzo

riverfreak

macrumors 65816
Jan 10, 2005
1,473
1,706
Alabama
I still don't understand how this is better than the numerous free options out there. Doesn't safari and chrome do all of this already? I swear there are dozens of free multiplatform apps that do all this already.​

1. How do you share passwords with family members across devices that you may or may not have access to? It's an insane pain if, for example, you need to change passwords, particularly if you use long, strong, random passwords. The family features of 1Password are awesome and really useful for aging parents.

2. 2 factor authentication, built in to these apps with no disasterous updates like happened to google auth.
 
  • Like
Reactions: orbital~debris

riverfreak

macrumors 65816
Jan 10, 2005
1,473
1,706
Alabama
What about iCloud Keychain it’s free and very useful

How do you share an iCloud Keychain with multiple people?

What if you want to create random security questions with random answers?

What if you want to securely store other things besides log ins, like bank account numbers, social security numbers, and so on?

I said it above, but having a secure shared vault is incredibly handy. Obviously not useful if you are flying solo.
 
  • Like
Reactions: orbital~debris

cuestakid

macrumors 68000
Jun 14, 2006
1,735
37
San Fran
safari doesn't do two factor and doesn't work on windows
google needs a separate app for two factor and doesn't play well with safari on iOS/iOS apps

With regard to the paid part-paid options allow devs to continue to develop and broaden the app's ability to other platforms. They have more resources to take advantage of iOS features (iCloud drive, build apps for all platforms, etc).

Then there is the password generators, auditing of your log-ins (duplicate passwords, old passwords that should changed), other misc data that does not fit into any kind of internet based item (WiFi passwords, app license info).

Those are just some additional thoughts
 
  • Like
Reactions: riverfreak

palmerc2

macrumors 68000
Feb 29, 2008
1,621
683
Los Angeles
I still don't understand how this is better than the numerous free options out there. Doesn't safari and chrome do all of this already? I swear there are dozens of free multiplatform apps that do all this already.​

Up until a couple months ago, I'd have to remember all my (fairly simple and similar) passwords across many websites. Then I decided to look into a password manager, and over again I'd see LastPass as one of the top dogs in terms of security. Never once did I see 1Password. I use Chrome on Mac, and I've read the security of the password manager isn't top notch. Plus what if I need my passwords on a different device? Now I can login to any account, anywhere, with one master password. I figure the $12 a year is worth it. Works flawless on Chrome for Mac, and iOS.

http://www.pcmag.com/review/317692/lastpass-4-0-premium
 

danieldk

macrumors newbie
Aug 28, 2009
17
19
Then I decided to look into a password manager, and over again I'd see LastPass as one of the top dogs in terms of security.

LastPass has a history of terrible vulnerabilities. Just last year, there was a vulnerability where any random webpage could read all your passwords from LastPass:

https://labs.detectify.com/2016/07/27/how-i-made-lastpass-give-me-all-your-passwords/

This year, there were also vulnerabilities that allowed attackers to extract passwords or to run arbitrary code on a victim's machine:

https://www.engadget.com/2017/03/22/critical-exploits-found-in-lastpass-on-chrome-firefox/

A former Lastpass engineers calls the Lastpass code 'neglected' and 'scary':

https://twitter.com/ejcx_/status/758081553712820225
[doublepost=1500445215][/doublepost]
Doesn't safari and chrome do all of this already?

The problem is that you are only one browser vulnerability away from exposing all your passwords. Good password managers separate the browser extension and password store into separate sandboxed processes. Moreover, they require mutual authentication between these two components. As a result, a compromised browser or extension cannot vacuum your passwords.

Edit: it might be the case that iCloud Keychain <-> Safari does such isolation.
 
Last edited:
  • Like
Reactions: orbital~debris

palmerc2

macrumors 68000
Feb 29, 2008
1,621
683
Los Angeles
LastPass has a history of terrible vulnerabilities. Just last year, there was a vulnerability where any random webpage could read all your passwords from LastPass:

https://labs.detectify.com/2016/07/27/how-i-made-lastpass-give-me-all-your-passwords/

This year, there were also vulnerabilities that allowed attackers to extract passwords or to run arbitrary code on a victim's machine:

https://www.engadget.com/2017/03/22/critical-exploits-found-in-lastpass-on-chrome-firefox/

A former Lastpass engineers calls the Lastpass code 'neglected' and 'scary':

https://twitter.com/ejcx_/status/758081553712820225

Interesting! Thanks for sharing this info. Is there a password manager you have found to be superior?
 

danieldk

macrumors newbie
Aug 28, 2009
17
19
Interesting! Thanks for sharing this info. Is there a password manager you have found to be superior?

I have used 1Password since 2010 or so. In that window, there were some vulnerabilities, but not as grave and frequent as Lastpass. They have also isolated the browser extension from the actual password manager and use authentication.

https://support.1password.com/mini-extension-security/

That said, I strongly dislike their switch to a subscription model and cloud storage. You can still use 1Password with local vaults, but they have made it excessively complicated to purchase standalone licenses (you have to send an e-mail to them to come to some arrangement). I also didn't like the process, they went from offering subscriptions to as an alternative, to hiding the standalone version as much as possible, to making it impossible to directly purchase a license. But 'they did it all for the customer, because perpetual licenses and local vaults are complicated'.
 

4jasontv

macrumors 603
Jul 31, 2011
6,093
7,326
google needs a separate app for two factor and doesn't play well with safari on iOS/iOS apps

A separate app from what? Isn't this just a seperate app?
Google seems to work on iOS for me.
[doublepost=1500601729][/doublepost]
1. How do you share passwords with family members across devices that you may or may not have access to? It's an insane pain if, for example, you need to change passwords, particularly if you use long, strong, random passwords. The family features of 1Password are awesome and really useful for aging parents.

2. 2 factor authentication, built in to these apps with no disasterous updates like happened to google auth.

1. I try to avoid sharing passwords with people. When would I ever need to give someone access to one of my accounts that I couldn't provide when I meet them face to face? What is an example of an emergency acount sharing?

2. So this app can't get updates? That's the only way to avoid disastrous updates right? Cause technically it could have one if updates are made?
[doublepost=1500601830][/doublepost]
Up until a couple months ago, I'd have to remember all my (fairly simple and similar) passwords across many websites. Then I decided to look into a password manager, and over again I'd see LastPass as one of the top dogs in terms of security. Never once did I see 1Password. I use Chrome on Mac, and I've read the security of the password manager isn't top notch. Plus what if I need my passwords on a different device? Now I can login to any account, anywhere, with one master password. I figure the $12 a year is worth it. Works flawless on Chrome for Mac, and iOS.

http://www.pcmag.com/review/317692/lastpass-4-0-premium

Couldn't you just use your phone to look up the password and then enter it manually? That way you can use any device in private mode and not worry about exposing everything?
[doublepost=1500601950][/doublepost]
The problem is that you are only one browser vulnerability away from exposing all your passwords. Good password managers separate the browser extension and password store into separate sandboxed processes. Moreover, they require mutual authentication between these two components. As a result, a compromised browser or extension cannot vacuum your passwords.

Edit: it might be the case that iCloud Keychain <-> Safari does such isolation.

Arn't you also one app vulnerabily or server vulnerability away from the same fate? Why does the device that isn't yours need direct access to the content? Why can't you just look it up and then enter in manually if you don't own the device you are adding it to?
 

farewelwilliams

Suspended
Jun 18, 2014
4,966
18,035
A separate app from what? Isn't this just a seperate app?
Google seems to work on iOS for me.

Chrome doesn't save two factor so Google Authenticator is needed (unless they changed it?). So you need Chrome + Google Authenticator whereas 1Password holds all of your passwords with two factor.

so if you're on a Mac, you'll need to launch Google Authenticator on iOS. 1Password for Mac has everything.
 

4jasontv

macrumors 603
Jul 31, 2011
6,093
7,326
Chrome doesn't save two factor so Google Authenticator is needed (unless they changed it?). So you need Chrome + Google Authenticator whereas 1Password holds all of your passwords with two factor.

so if you're on a Mac, you'll need to launch Google Authenticator on iOS. 1Password for Mac has everything.

Oh. So 1password is also a web browser? If you also have to launch a browser I'm not sure how you removed any steps.
 

farewelwilliams

Suspended
Jun 18, 2014
4,966
18,035
Oh. So 1password is also a web browser? If you also have to launch a browser I'm not sure how you removed any steps.

are you talking about iOS or Mac?

regarding iOS:
you can either use 1password's built in browser or use the share extension in any other browser that supports share extensions to autofill. with Chrome, you're stuck using Chrome's browser and must rely on a separate google authenticator app to fill in the 2nd factor.

also many iOS apps natively support 1Password so you don't need to swap applications to find your app password. with chrome, you'll need to leave your app -> goto chrome -> find your app password -> copy -> go back to your app -> fill in username/password -> leave app -> goto google authenticator -> copy two factor -> paste into app.
with 1password it's literally: tap 1password icon -> select credentials -> done.

regarding Mac:
you can use 1password's safari extension to fill in everything. no need to launch 1password on the iphone to get the second factor code.
with chrome, you have to launch google authenticator on your phone then fill in on your mac manually.
 
  • Like
Reactions: Primejimbo

riverfreak

macrumors 65816
Jan 10, 2005
1,473
1,706
Alabama
A separate app from what? Isn't this just a seperate app?
Google seems to work on iOS for me.
[doublepost=1500601729][/doublepost]

1. I try to avoid sharing passwords with people. When would I ever need to give someone access to one of my accounts that I couldn't provide when I meet them face to face? What is an example of an emergency acount sharing?

2. So this app can't get updates? That's the only way to avoid disastrous updates right? Cause technically it could have one if updates are made?

Edited your post down to the questions directed to me.

1. Elderly parents who live far, far away. I have power of attorney and I manage their finances. Sometimes they want to look in too. Separately I have a shared vault with my significant other for shared financial resources, netflix, etc.

2. Did you hear about the disasterous google auth update? You know what happens when you lose your 2FA? A big huge ball of hurt lands on you, that's what. Yes this could happen for any app but I tend to trust companies that I actually pay, instead of those that are selling my data to make a profit. It's hard to discern their intention.
 

riverfreak

macrumors 65816
Jan 10, 2005
1,473
1,706
Alabama
are you talking about iOS or Mac?

regarding iOS:
you can either use 1password's built in browser or use the share extension in any other browser that supports share extensions to autofill. with Chrome, you're stuck using Chrome's browser and must rely on a separate google authenticator app to fill in the 2nd factor.

also many iOS apps natively support 1Password so you don't need to swap applications to find your app password. with chrome, you'll need to leave your app -> goto chrome -> find your app password -> copy -> go back to your app -> fill in username/password -> leave app -> goto google authenticator -> copy two factor -> paste into app.
with 1password it's literally: tap 1password icon -> select credentials -> done.

regarding Mac:
you can use 1password's safari extension to fill in everything. no need to launch 1password on the iphone to get the second factor code.
with chrome, you have to launch google authenticator on your phone then fill in on your mac manually.

And now when you select credentials in 1Password it copies your 2FA to the clipboard. Dunno if this is dangerous or not but it's pretty slick and makes the process that much quicker!
 

bozzykid

macrumors 68020
Aug 11, 2009
2,214
260
I still don't understand how this is better than the numerous free options out there. Doesn't safari and chrome do all of this already? I swear there are dozens of free multiplatform apps that do all this already.​
No, Safari and Chrome do very little of what LastPass does. All they do is store passwords. LastPass will generate passwords for you so that you are using unique passwords for each site. It will also audit your stored passwords and let you know if there have been hacks to any of the websites you store passwords for or if your email address has been leaked in any type of public hack. Plus, LastPass works for apps (not just browsers) and works on pretty much any device.

Btw, LastPass is free. Only premium features are paid like sharing. And its a whopping $1/month.
[doublepost=1501049136][/doublepost]
And now when you select credentials in 1Password it copies your 2FA to the clipboard. Dunno if this is dangerous or not but it's pretty slick and makes the process that much quicker!
Storing a two factor code in the clipboard isn't dangerous since the code quickly expires. There's nothing useful about random numbers after they expire.
 

CatalinApple

macrumors regular
Oct 28, 2016
213
187
I have used 1Password since 2010 or so. In that window, there were some vulnerabilities, but not as grave and frequent as Lastpass. They have also isolated the browser extension from the actual password manager and use authentication.

https://support.1password.com/mini-extension-security/

That said, I strongly dislike their switch to a subscription model and cloud storage. You can still use 1Password with local vaults, but they have made it excessively complicated to purchase standalone licenses (you have to send an e-mail to them to come to some arrangement). I also didn't like the process, they went from offering subscriptions to as an alternative, to hiding the standalone version as much as possible, to making it impossible to directly purchase a license. But 'they did it all for the customer, because perpetual licenses and local vaults are complicated'.
Seems like they changed their mind.
Agilebits Blog said:
We finally have enough visibility to chart a course for the future, so we’re happy to announce that standalone vaults will be an available entree on the menu in 1Password 7 for Windows. 1Password 7 will be free with your 1Password membership, but if memberships aren’t for you, paid licenses will also be available.
More details here and in the comments section: https://blog.agilebits.com/2017/08/01/1password-6-7-for-windows-a-feature-buffet/
Personally I will stick with 1Password after using LastPass for the past 3 years.
 

CatalinApple

macrumors regular
Oct 28, 2016
213
187
So you are saying that the 100 million US dollars they've received from LogMeIn aren't enough to sustain the free tire? Then why would you offer it in the first place? I guess it was a well thought plan just to gain market share.
 
Last edited:

wryanthomas

macrumors newbie
Oct 4, 2017
1
0
Disappointed in lastpass 'Family' feature ... in that even the Premium account is limited to one shareable 'folder'. If I want different levels of access -- like a) between me and my wife (e.g., finance, household, etc.), b) among the immediate family -- including the kids (like cable / TV etc.), c) among extended family (e.g., for photo sharing) -- can't do it unless you go to small business or enterprise account. But when you go that route, you're now paying for and managing everyone else's accounts ... which I don't want.

Who has a "Family sharing" feature that actually works well?
 

Primejimbo

macrumors 68040
Aug 10, 2008
3,295
131
Around
Disappointed in lastpass 'Family' feature ... in that even the Premium account is limited to one shareable 'folder'. If I want different levels of access -- like a) between me and my wife (e.g., finance, household, etc.), b) among the immediate family -- including the kids (like cable / TV etc.), c) among extended family (e.g., for photo sharing) -- can't do it unless you go to small business or enterprise account. But when you go that route, you're now paying for and managing everyone else's accounts ... which I don't want.

Who has a "Family sharing" feature that actually works well?
I have 1Password families and I have 3 extra vaults set up with different family members. 1 vault with my wife and my daughter, and I made it so my wife can change stuff in that vault, and my daughter can’t make any changes at all (read only). Another one with my wife and in-laws, and I can do the same. It’s pretty convenient.

Each family member can also make other vaults (one for work and one for personal)
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.