Tutorials

LastPass is crippling its free tier. Here’s how to ditch it

If you don’t feel like paying for cross-platform access to your passwords, switching services is easily done

LastPass login screen on smartphone

Good password hygiene is something we talk about a lot, and when we do, we usually recommend that readers adopt a password manager to safely create and store complex passwords. Historically, LastPass has been our go-to recommendation, thanks to its comparatively robust free tier, but it is with a heavy heart that we must rescind this endorsement. 

Related Resource

Don’t just educate: Create cyber-safe behaviour

Designing effective security awareness and training programmes

How to define effective security awareness and training programmesDownload now

LogMeIn, LastPass’ parent company, has announced that from 16 March 2021, users on the service’s free tier will no longer have unlimited access to their stored passwords on both desktop and mobile devices. Instead, you will only be able to view and manage passwords on either desktop or mobile; from 16 March, users will be asked to pick which platform they want to use to access their password vaults and will be locked out of the other. 

Users will be able to switch their active device type from one to the other, but they can only do so a maximum of three times - after that, they’ll have to subscribe to one of LastPass’ paid tiers in order to access their passwords on both platforms. Users will still be able to use unlimited devices of the same type to access their vault, however. 

Under the new rules, mobile devices include iOS, iPadOS, Android devices and smartwatches, while ‘computers’ covers Windows, macOS and Linux desktops and laptops, as well as Windows tablets and any implementation of the LastPass browser extension.

LastPass has stated that users won’t lose access to any of their saved passwords, form fills, notes or other data (regardless of what kind of device they initially registered it on), but the company is cutting off email support for non-paying customers, leaving them to rely on the resources in its online support centre. 

LastPass’s Premium and Family subscriptions start at £2.60 and £3.40 per month, respectively, and include additional features such as expanded multifactor authentication support, dark web monitoring and improved password sharing. 

If, however, you wish to leave LastPass and migrate to a different password manager, it’s thankfully easy to do so without having to re-enrol your credentials individually. LastPass includes a mechanism for exporting all of the data within your vault, which can then be imported into a variety of alternative services with minimal fuss.

Export your passwords from LastPass

We’ll start by removing a copy of our data from LastPass, which is best done on desktop. The first step is to open your LastPass Vault, then click the ‘Advanced Options’ tab in the lower left. Click ‘Export’, and LastPass will download a CSV file to your PC containing a complete record of all the passwords stored in it. 

You can open this in any spreadsheet programme (or in Notepad if you don’t have one installed) and you may want to double-check that all of your data has been accurately downloaded.

Set up your new password manager account

Now that you’ve got all of your passwords, you’ll need to pick which service to import them into. For this example, we’ll be focusing on Bitwarden (which offers a similar level of service to LastPass’ free tier prior to the new changes) but services such as KeePass, 1Password, Dashlane and more all support similar data import mechanisms.

Once you’ve selected a new password manager, you’ll want to set up your account and choose a master password. It’s more secure to select an entirely new password, but you can also reuse the same master password from your LastPass account (assuming it hasn’t been leaked anywhere) since we’ll be deleting the original LastPass account at the end of this process.

Import your passwords to your new password manager

Once your new account is good to go, log into Bitwarden’s web vault and navigate to the tools tab in the top menu. Select ‘Import Data’, followed by ‘LastPass (csv)’ on the resulting dropdown. Select the file we downloaded from LastPass, and click ‘Import Data’. Your new password manager should now be fully stocked with all of the data from your previous LastPass vault - including secure notes, identities and more - allowing you to pick up immediately where you left off. 

We’re not quite finished, however. With the migration complete, there’s a bit of security housekeeping to do. First of all, you’ll want to securely delete the .csv file you exported from LastPass; this is a complete record of all your stored password data, so you don’t want it lying around on your hard drive for nefarious hackers to stumble onto. 

Finally, you should delete your LastPass account. Having two separate vaults with all of your credentials in them increases the potential risk that cyber criminals could somehow gain access to them, so shutting one of them down is the safest course of action. Head to lastpass.com/delete_account.php, click ‘Delete’ and follow the instructions. Note that this is irreversible, so be sure that you’re happy with the state of your imported data in your new password manager before you take the plunge.

Featured Resources

Defeating ransomware with unified security from WatchGuard

How SMBs can defend against the onslaught of ransomware attacks

Free download

The IT expert’s guide to AI and content management

How artificial intelligence and machine learning could be critical to your business

Free download

The path to CX excellence

Four stages to thrive in the experience economy

Free download

Becoming an experience-based business

Your blueprint for a strong digital foundation

Free download

Recommended

Robust password policies cut cyber attacks by 60%
cyber security

Robust password policies cut cyber attacks by 60%

13 Sep 2021
Senate report slams agencies for poor cyber security
cyber security

Senate report slams agencies for poor cyber security

3 Aug 2021
Most employees put their workplace at risk by taking cyber security shortcuts
cyber security

Most employees put their workplace at risk by taking cyber security shortcuts

27 Jul 2021
1Password Business review: First choice for business travel and guest accounts
Security

1Password Business review: First choice for business travel and guest accounts

16 Jul 2021

Most Popular

What are the pros and cons of AI?
machine learning

What are the pros and cons of AI?

8 Sep 2021
Apple patches zero-day flaw abused by infamous NSO exploit
exploits

Apple patches zero-day flaw abused by infamous NSO exploit

14 Sep 2021
Google takes down map showing homes of 111,000 Guntrader customers
data breaches

Google takes down map showing homes of 111,000 Guntrader customers

2 Sep 2021