Tutorials

LastPass is crippling its free tier. Here’s how to ditch it

If you don’t feel like paying for cross-platform access to your passwords, switching services is easily done

LastPass login screen on smartphone

Good password hygiene is something we talk about a lot, and when we do, we usually recommend that readers adopt a password manager to safely create and store complex passwords. Historically, LastPass has been our go-to recommendation, thanks to its comparatively robust free tier, but it is with a heavy heart that we must rescind this endorsement. 

Related Resource

Don’t just educate: Create cyber-safe behaviour

Designing effective security awareness and training programmes

Download now

LogMeIn, LastPass’ parent company, has announced that from 16 March 2021, users on the service’s free tier will no longer have unlimited access to their stored passwords on both desktop and mobile devices. Instead, you will only be able to view and manage passwords on either desktop or mobile; from 16 March, users will be asked to pick which platform they want to use to access their password vaults and will be locked out of the other. 

Users will be able to switch their active device type from one to the other, but they can only do so a maximum of three times - after that, they’ll have to subscribe to one of LastPass’ paid tiers in order to access their passwords on both platforms. Users will still be able to use unlimited devices of the same type to access their vault, however. 

Under the new rules, mobile devices include iOS, iPadOS, Android devices and smartwatches, while ‘computers’ covers Windows, macOS and Linux desktops and laptops, as well as Windows tablets and any implementation of the LastPass browser extension.

LastPass has stated that users won’t lose access to any of their saved passwords, form fills, notes or other data (regardless of what kind of device they initially registered it on), but the company is cutting off email support for non-paying customers, leaving them to rely on the resources in its online support centre. 

LastPass’s Premium and Family subscriptions start at £2.60 and £3.40 per month, respectively, and include additional features such as expanded multifactor authentication support, dark web monitoring and improved password sharing. 

If, however, you wish to leave LastPass and migrate to a different password manager, it’s thankfully easy to do so without having to re-enrol your credentials individually. LastPass includes a mechanism for exporting all of the data within your vault, which can then be imported into a variety of alternative services with minimal fuss.

Export your passwords from LastPass

We’ll start by removing a copy of our data from LastPass, which is best done on desktop. The first step is to open your LastPass Vault, then click the ‘Advanced Options’ tab in the lower left. Click ‘Export’, and LastPass will download a CSV file to your PC containing a complete record of all the passwords stored in it. 

You can open this in any spreadsheet programme (or in Notepad if you don’t have one installed) and you may want to double-check that all of your data has been accurately downloaded.

Set up your new password manager account

Now that you’ve got all of your passwords, you’ll need to pick which service to import them into. For this example, we’ll be focusing on Bitwarden (which offers a similar level of service to LastPass’ free tier prior to the new changes) but services such as KeePass, 1Password, Dashlane and more all support similar data import mechanisms.

Once you’ve selected a new password manager, you’ll want to set up your account and choose a master password. It’s more secure to select an entirely new password, but you can also reuse the same master password from your LastPass account (assuming it hasn’t been leaked anywhere) since we’ll be deleting the original LastPass account at the end of this process.

Import your passwords to your new password manager

Once your new account is good to go, log into Bitwarden’s web vault and navigate to the tools tab in the top menu. Select ‘Import Data’, followed by ‘LastPass (csv)’ on the resulting dropdown. Select the file we downloaded from LastPass, and click ‘Import Data’. Your new password manager should now be fully stocked with all of the data from your previous LastPass vault - including secure notes, identities and more - allowing you to pick up immediately where you left off. 

We’re not quite finished, however. With the migration complete, there’s a bit of security housekeeping to do. First of all, you’ll want to securely delete the .csv file you exported from LastPass; this is a complete record of all your stored password data, so you don’t want it lying around on your hard drive for nefarious hackers to stumble onto. 

Finally, you should delete your LastPass account. Having two separate vaults with all of your credentials in them increases the potential risk that cyber criminals could somehow gain access to them, so shutting one of them down is the safest course of action. Head to lastpass.com/delete_account.php, click ‘Delete’ and follow the instructions. Note that this is irreversible, so be sure that you’re happy with the state of your imported data in your new password manager before you take the plunge.

Featured Resources

How to scale your organisation in the cloud

How to overcome common scaling challenges and choose the right scalable cloud service

Download now

The people factor: A critical ingredient for intelligent communications

How to improve communication within your business

Download now

Future of video conferencing

Optimising video conferencing features to achieve business goals

Download now

Improving cyber security for remote working

13 recommendations for security from any location

Download now

Recommended

Your essential guide to internet security
Security

Your essential guide to internet security

27 Jan 2021
IT security awareness and training firm KnowBe4 acquires MediaPRO
Acquisition

IT security awareness and training firm KnowBe4 acquires MediaPRO

3 Mar 2021
High-risk email security threats increased by 32% last year
phishing

High-risk email security threats increased by 32% last year

3 Mar 2021
The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

3 Mar 2021

Most Popular

How to build a CMS with React and Google Sheets
content management system (CMS)

How to build a CMS with React and Google Sheets

24 Feb 2021
Microsoft Exchange targeted by China-linked hackers
zero-day exploit

Microsoft Exchange targeted by China-linked hackers

3 Mar 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

26 Feb 2021