By Charles Miller
One of life’s frustrations is when things change—especially things we would prefer never change. We have all had the experience of finding a product we really like, then one day when we go to the store they no longer have that product available and have replaced it with some ersatz substitute. This kind of thing is constantly happening in the software industry. Many times it has happened that a young entrepreneur working out of their garage creates a new computer program or smart phone app that becomes wildly popular. Then one day everything changes. Either the entrepreneur moves on when they get a real job or receives an offer to sell their small company to a much larger company. Either way, things change.
This is the story of what happened to the password manager program I have long recommended here. Lastpass was the creation of a small software company in 2008. It quickly became popular with tech-savvy users as the best way to keep track of passwords. In March 2009, PC Magazine reviewed Lastpass giving it the highest “Excellent” rating of five stars and their “Editors’ Choice.” Consumer Reports did likewise, but more important was the large number of respected computer security experts who used and recommended Lastpass.
In 2012 the Lastpass company was sold to LogMeIn Inc. (now GoTo) for US$110 million and things started to change. The new company continued to focus on security but also on the profit motive. Features were removed from the free version prompting Forbes to call the change a bait-and-switch; while the cost of the paid-version was increased and increased again. Nevertheless, Lastpass continued to be very popular.
Unavoidably, Lastpass became a target of cybercrooks and hackers eager to steal lists of people’s passwords. Lastpass has experienced several security breaches over the years, two coming last year in 2022. The mainstream news media has absolutely hyperventilated over this to the point that very little reporting about Lastpass accurately conveys the truth. The truth is that no system is foolproof.
Lastpass made mistakes, one of which was not inconveniencing customers by forcing them to use stronger passwords. And Lastpass did lose customers’ data though that data is encrypted and of no use to the hackers who stole it until they can guess the customer’s master password. The customers most at risk are those who foolishly used a short easy-to-guess password such as “Fido1234.”
So is Lastpass dead? Personally I doubt it. If you use Lastpass now should you stop? Maybe not. The technology is sound, and those users who chose to use a cryptographically-strong password of 15 characters or more can take comfort in knowing it could take hackers hundreds of years to guess that password. By then, the data the hackers stole from Lastpass back in 2022 will be more than a little out of date. There is more to consider and enough time to continue using Lastpass while waiting for next week’s Atención.
Charles Miller is a freelance computer consultant, a frequent visitor to San Miguel since 1981 and now practically a full-time resident. He may be contacted at 415 101 8528 or email FAQ8@SMAguru.com.
