You should be using a password manager to keep your online accounts protected. But if you’ve been using the free version of LastPass then you might want to think about switching.
From March 16, the company is changing its policies and payment structure to limit the use of free LastPass accounts. The changes, which have not gone down well with customers, will mean people can only use LastPass for free on one type of device: computers or mobile devices. Simply put, if you use LastPass on one type of device, you can’t use it on the other.
“Your first login on or after March 16, 2021, will set your active device type,” LastPass says, adding people will be able to switch device type up to three times to “explore what’s right” before being locked to one type permanently. Email support is also being pulled from free accounts.
If people using LastPass don’t want to be locked to one device type – a step that’s pretty impractical in the real-world – then there are two choices. Either upgrade to a paid LastPass Premium account and get more features (around £31 per year), which is the preferred option for the makers of LastPass, or find an alternative password manager.
Since LastPass announced the changes to its free plan in February, there’s been a swell of interest in other password managers and scrutiny of the company itself. Security researchers have pointed out there are seven trackers in the LastPass Android app, including four from Google and others that collect data for marketing companies. While people using the LastPass app can opt-out of the trackers, some of its rivals don’t include any trackers at all.
Other reports say the move has been spearheaded by LastPass’s new owners who want to convert more of its 25 million customers to paying subscribers. Either way, the change is coming and you need to decide what to do next.
Exporting your LastPass passwords
Even if you decide not to move up to the paid premium tier of LastPass and leave the service, you’ll want to keep using a password manager. Using the software means you can easily have strong, unique passwords for all your online accounts and reduce the chances of your accounts being hacked.
But you probably don’t want to start from scratch. Thankfully, most password managers have import and export functions so that you can move your data from one service to another without any hassle.
There are a couple of formats you can export your LastPass password data in. There’s the option to export it as an encrypted file, which you can add back to LastPass at another time. To do this you need to use the password manager’s browser extension and create an encryption key for when you reimport the data into LastPass.
Through the browser extension click Account Options, Advanced, Export, and then LastPass Encrypted File. From here you will need to re-enter your master password and finally you will be asked to create an encryption key (make sure you remember it). You can then download your data.
The most useful way for exporting LastPass data to use with another password manager is as a CSV. The process is similar to creating an encrypted version of the data. Visit your account settings through LastPass’s browser extension and find your way to the export tool. To download your data in a CSV, you’ll need your LastPass master password.
Whatever you decide to do with your LastPass exported data you should make sure you delete the CSV file afterwards. CSVs store text in a plain format that’s readable to anyone.
Deleting your LassPass account
If you’ve had enough you can delete your LastPass account – although be sure to have exported your password data before doing so. Deleting your LastPass account means exactly that: it will permanently and irreversibly delete your passwords along with any secure notes or other data you’ve added. “Everything you had in LastPass will be gone. Forever,” the company says.
Once you’re all set to delete your account then head to this page and go through the deletion process.
Alternatives to LastPass
Picking a password manager isn’t straightforward – everyone’s online needs are slightly different and not all password managers are equal. Cost, usability, and technical specifications are all key components that you should take into account when picking an alternative to LastPass. Our guide to the best password managers has a detailed breakdown of seven alternatives we recommend – but we’re highlighting a couple of them here as well.
BitWarden: This US-based password manager is our pick of the bunch. Like a lot of password managers BitWarden has both free and paid-for tiers that you can subscribe to. Unlike some, including LastPass, its free tier is packed with features. You can create an unlimited number of logins and other records, sync the data across all of your devices, generate passwords and more. The subscription tiers add encrypted file attachments, better two-factor authentication support and priority customer service.
KeePass: It might not be the prettiest piece of software but KeePass is the best free password manager out there – and it gives you a lot of control. It allows you to store your encrypted password file anywhere you like and as a result, there are other KeePass alternatives, such as KeeWeb and AuthPass. The flexibility makes it a favourite of power users.
1Password: There isn’t a free tier for 1Password but subscriptions for a year cost around £28. As well as common features such as apps across all devices and password synching, there’s also a travel mode that can be implemented to temporarily be removed from your account if you’re travelling to countries that may try to access that information. 1Password is our favourite, subscription-only password manager.
Matt Burgess is WIRED’s deputy digital editor. He tweets from @mattburgess1
More great stories from WIRED
🏥 The terror and trauma of surviving intensive care with Covid-19
🍩 We swapped the office for Slack and Teams. As hybrid working looms, the race is on to fix them
💬 How to spot fake Covid-19 NHS vaccine texts