Tutorials

LastPass is crippling its free tier. Here’s how to ditch it

If you don’t feel like paying for cross-platform access to your passwords, switching services is easily done

LastPass login screen on smartphone

Good password hygiene is something we talk about a lot, and when we do, we usually recommend that readers adopt a password manager to safely create and store complex passwords. Historically, LastPass has been our go-to recommendation, thanks to its comparatively robust free tier, but it is with a heavy heart that we must rescind this endorsement. 

Related Resource

Don’t just educate: Create cyber-safe behaviour

Designing effective security awareness and training programmes

How to define effective security awareness and training programmesDownload now

LogMeIn, LastPass’ parent company, has announced that from 16 March 2021, users on the service’s free tier will no longer have unlimited access to their stored passwords on both desktop and mobile devices. Instead, you will only be able to view and manage passwords on either desktop or mobile; from 16 March, users will be asked to pick which platform they want to use to access their password vaults and will be locked out of the other. 

Users will be able to switch their active device type from one to the other, but they can only do so a maximum of three times - after that, they’ll have to subscribe to one of LastPass’ paid tiers in order to access their passwords on both platforms. Users will still be able to use unlimited devices of the same type to access their vault, however. 

Under the new rules, mobile devices include iOS, iPadOS, Android devices and smartwatches, while ‘computers’ covers Windows, macOS and Linux desktops and laptops, as well as Windows tablets and any implementation of the LastPass browser extension.

LastPass has stated that users won’t lose access to any of their saved passwords, form fills, notes or other data (regardless of what kind of device they initially registered it on), but the company is cutting off email support for non-paying customers, leaving them to rely on the resources in its online support centre. 

LastPass’s Premium and Family subscriptions start at £2.60 and £3.40 per month, respectively, and include additional features such as expanded multifactor authentication support, dark web monitoring and improved password sharing. 

If, however, you wish to leave LastPass and migrate to a different password manager, it’s thankfully easy to do so without having to re-enrol your credentials individually. LastPass includes a mechanism for exporting all of the data within your vault, which can then be imported into a variety of alternative services with minimal fuss.

Export your passwords from LastPass

We’ll start by removing a copy of our data from LastPass, which is best done on desktop. The first step is to open your LastPass Vault, then click the ‘Advanced Options’ tab in the lower left. Click ‘Export’, and LastPass will download a CSV file to your PC containing a complete record of all the passwords stored in it. 

You can open this in any spreadsheet programme (or in Notepad if you don’t have one installed) and you may want to double-check that all of your data has been accurately downloaded.

Set up your new password manager account

Now that you’ve got all of your passwords, you’ll need to pick which service to import them into. For this example, we’ll be focusing on Bitwarden (which offers a similar level of service to LastPass’ free tier prior to the new changes) but services such as KeePass, 1Password, Dashlane and more all support similar data import mechanisms.

Once you’ve selected a new password manager, you’ll want to set up your account and choose a master password. It’s more secure to select an entirely new password, but you can also reuse the same master password from your LastPass account (assuming it hasn’t been leaked anywhere) since we’ll be deleting the original LastPass account at the end of this process.

Import your passwords to your new password manager

Once your new account is good to go, log into Bitwarden’s web vault and navigate to the tools tab in the top menu. Select ‘Import Data’, followed by ‘LastPass (csv)’ on the resulting dropdown. Select the file we downloaded from LastPass, and click ‘Import Data’. Your new password manager should now be fully stocked with all of the data from your previous LastPass vault - including secure notes, identities and more - allowing you to pick up immediately where you left off. 

We’re not quite finished, however. With the migration complete, there’s a bit of security housekeeping to do. First of all, you’ll want to securely delete the .csv file you exported from LastPass; this is a complete record of all your stored password data, so you don’t want it lying around on your hard drive for nefarious hackers to stumble onto. 

Finally, you should delete your LastPass account. Having two separate vaults with all of your credentials in them increases the potential risk that cyber criminals could somehow gain access to them, so shutting one of them down is the safest course of action. Head to lastpass.com/delete_account.php, click ‘Delete’ and follow the instructions. Note that this is irreversible, so be sure that you’re happy with the state of your imported data in your new password manager before you take the plunge.

Featured Resources

Consumer choice and the payment experience

A software provider's guide to getting, growing, and keeping customers

Download now

Prevent fraud and phishing attacks with DMARC

How to use domain-based message authentication, reporting, and conformance for email security

Download now

Business in the new economy landscape

How we coped with 2020 and looking ahead to a brighter 2021

Download now

How to increase cyber resilience within your organisation

Cyber resilience for dummies

Download now

Recommended

ProtectedBy.AI’s CodeLock blocks malware at source code level
software as a service (SaaS)

ProtectedBy.AI’s CodeLock blocks malware at source code level

9 Jun 2021
CISOs aren’t leading by example when it comes to cyber security
cyber security

CISOs aren’t leading by example when it comes to cyber security

24 May 2021
New report highlights the need for diversity in cyber security recruitment
cyber security

New report highlights the need for diversity in cyber security recruitment

28 Apr 2021
Your essential guide to internet security
Security

Your essential guide to internet security

27 Jan 2021

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

16 Jun 2021
What is HTTP error 400 and how do you fix it?
Network & Internet

What is HTTP error 400 and how do you fix it?

16 Jun 2021
Ten-year-old iOS 4 recreated as an iPhone app
iOS

Ten-year-old iOS 4 recreated as an iPhone app

10 Jun 2021