IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more
Tutorials

LastPass is crippling its free tier. Here’s how to ditch it

If you don’t feel like paying for cross-platform access to your passwords, switching services is easily done

LastPass login screen on smartphone

Good password hygiene is something we talk about a lot, and when we do, we usually recommend that readers adopt a password manager to safely create and store complex passwords. Historically, LastPass has been our go-to recommendation, thanks to its comparatively robust free tier, but it is with a heavy heart that we must rescind this endorsement. 

Related Resource

Don’t just educate: Create cyber-safe behaviour

Designing effective security awareness and training programmes

How to define effective security awareness and training programmesDownload now

LogMeIn, LastPass’ parent company, has announced that from 16 March 2021, users on the service’s free tier will no longer have unlimited access to their stored passwords on both desktop and mobile devices. Instead, you will only be able to view and manage passwords on either desktop or mobile; from 16 March, users will be asked to pick which platform they want to use to access their password vaults and will be locked out of the other. 

Users will be able to switch their active device type from one to the other, but they can only do so a maximum of three times - after that, they’ll have to subscribe to one of LastPass’ paid tiers in order to access their passwords on both platforms. Users will still be able to use unlimited devices of the same type to access their vault, however. 

Under the new rules, mobile devices include iOS, iPadOS, Android devices and smartwatches, while ‘computers’ covers Windows, macOS and Linux desktops and laptops, as well as Windows tablets and any implementation of the LastPass browser extension.

LastPass has stated that users won’t lose access to any of their saved passwords, form fills, notes or other data (regardless of what kind of device they initially registered it on), but the company is cutting off email support for non-paying customers, leaving them to rely on the resources in its online support centre. 

LastPass’s Premium and Family subscriptions start at £2.60 and £3.40 per month, respectively, and include additional features such as expanded multifactor authentication support, dark web monitoring and improved password sharing. 

If, however, you wish to leave LastPass and migrate to a different password manager, it’s thankfully easy to do so without having to re-enrol your credentials individually. LastPass includes a mechanism for exporting all of the data within your vault, which can then be imported into a variety of alternative services with minimal fuss.

Export your passwords from LastPass

We’ll start by removing a copy of our data from LastPass, which is best done on desktop. The first step is to open your LastPass Vault, then click the ‘Advanced Options’ tab in the lower left. Click ‘Export’, and LastPass will download a CSV file to your PC containing a complete record of all the passwords stored in it. 

You can open this in any spreadsheet programme (or in Notepad if you don’t have one installed) and you may want to double-check that all of your data has been accurately downloaded.

Set up your new password manager account

Now that you’ve got all of your passwords, you’ll need to pick which service to import them into. For this example, we’ll be focusing on Bitwarden (which offers a similar level of service to LastPass’ free tier prior to the new changes) but services such as KeePass, 1Password, Dashlane and more all support similar data import mechanisms.

Once you’ve selected a new password manager, you’ll want to set up your account and choose a master password. It’s more secure to select an entirely new password, but you can also reuse the same master password from your LastPass account (assuming it hasn’t been leaked anywhere) since we’ll be deleting the original LastPass account at the end of this process.

Import your passwords to your new password manager

Once your new account is good to go, log into Bitwarden’s web vault and navigate to the tools tab in the top menu. Select ‘Import Data’, followed by ‘LastPass (csv)’ on the resulting dropdown. Select the file we downloaded from LastPass, and click ‘Import Data’. Your new password manager should now be fully stocked with all of the data from your previous LastPass vault - including secure notes, identities and more - allowing you to pick up immediately where you left off. 

We’re not quite finished, however. With the migration complete, there’s a bit of security housekeeping to do. First of all, you’ll want to securely delete the .csv file you exported from LastPass; this is a complete record of all your stored password data, so you don’t want it lying around on your hard drive for nefarious hackers to stumble onto. 

Finally, you should delete your LastPass account. Having two separate vaults with all of your credentials in them increases the potential risk that cyber criminals could somehow gain access to them, so shutting one of them down is the safest course of action. Head to lastpass.com/delete_account.php, click ‘Delete’ and follow the instructions. Note that this is irreversible, so be sure that you’re happy with the state of your imported data in your new password manager before you take the plunge.

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Recommended

Google merges Chrome and Android password managers after community feedback
Security

Google merges Chrome and Android password managers after community feedback

1 Jul 2022
Apple, Google, Microsoft expand their support for password-less sign-ins
cyber security

Apple, Google, Microsoft expand their support for password-less sign-ins

6 May 2022
NordPass teams up with insurance provider Cowbell Cyber to improve security awareness
cyber security

NordPass teams up with insurance provider Cowbell Cyber to improve security awareness

18 Feb 2022
NCA donates 225 million passwords to Have I Been Pwned
cyber security

NCA donates 225 million passwords to Have I Been Pwned

21 Dec 2021

Most Popular

Actively exploited server backdoor remains undetected in most organisations' networks
cyber attacks

Actively exploited server backdoor remains undetected in most organisations' networks

1 Jul 2022
Macmillan Publishers hit by apparent cyber attack as systems are forced offline
Security

Macmillan Publishers hit by apparent cyber attack as systems are forced offline

30 Jun 2022
Former Uber security chief to face fraud charges over hack coverup
data breaches

Former Uber security chief to face fraud charges over hack coverup

29 Jun 2022