Editor’s Note: This article has been updated in response to LastPass’ announcement that they would add more restrictions to the free plan. Since finalizing new ownership last Fall, LastPass has established a pattern of removing features and support for non-enterprise users. We have updated the alternative options to highlight excellent alternatives that are focused on supporting our readers (i.e. Bitwarden for individuals, 1Password for families). For more details, check out the first 15 minutes of Season 1 episode 8 on the PointHeads podcast.
In our article about staying secure with credit card rewards we originally recommended using LastPass to maintain strong and secure passwords. While LastPass continues to hold a slight edge over the competition for users on the Premium plan, they have secretly been clawing back features that make the Families plan less enticing than advertised.
- What Changed?: The notable change involves LastPass’ removal of security monitoring from the free plan and all shared folders in the Families plan.
- What are they doing about it?: Nothing. Families plan users were not even notified of the change. It appears refunds will be offered upon request for anyone that figures it out.
- What are my options?: Instead of Families, either use one Premium account for the entire family or seek an alternative password manager.
- Is LastPass still the best option?: For people that can utilize the Premium plan, yes. But LastPass is treading dangerously in the “fool-me-once” waters with their recent business decisions. Viable alternatives are available with 1Password and Bitwarden.
Until Fall of 2020, one of LastPass’ most notable features was their “Security Challenge”. Available to all users, this feature monitored all credentials to warn of duplicate, weak, and old passwords. It also had some support warning of any credentials involved in compromised websites1.
In Fall 2020, Security Challenge was re-branded as “Security Dashboard”. LastPass took that opportunity to remove the feature completely from free accounts. However, in the transition, they also removed this feature from all shared folders.
As the main benefit of the LastPass Families plan is to create shared folders for up to 6 family members, this clawback significantly deteriorates the value of that plan. Now, using the shared folders feature removes the security dashboard feature. You effectively have to choose between the two.
Even worse, there is no indication on the security dashboard (or anywhere else in LastPass documentation) that those shared passwords are being excluded. If even one password is not shared, the dashboard reports results as if everything is monitored.
Security Dashboard screenshot courtesy of LastPass. When at least one password is not shared, the score is deceiving. “View passwords” will reveal that only the non-shared passwords are included in the score.
Only when all passwords are placed in a shared folder does it become obvious that the Security Dashboard is not working as advertised.
Security Dashboard screenshot courtesy of LastPass. Despite storing hundreds of passwords in shared folders, the dashboard does not function.
LastPass was alerted about this issue shortly after it emerged in late October 2020. Based on the responses in that thread, it appears this clawback was a conscious decision made to the detriment of its users2.
Even worse, at the time of this writing, LastPass continues to promote the Families plan with deception. It fails to mention that shared passwords are not monitored3. False advertising quoted verbatim from their site:
Protect your family’s passwords
- LastPass monitors your family’s email addresses continuously for involvement in data breaches.
- Put your mind at ease knowing LastPass is protecting you - even when you aren’t logged in.
- Get alerts when your family’s sensitive information is compromised so you can update passwords immediately.
Although they seem willing to provide a refund for any Families plan user that requests one due to this issue, they have failed to reach out and notify those users. A majority of users are probably unaware that the plan has changed and is no longer monitoring all passwords.
There are a couple options to keep LastPass and the sharing functionality of the Families plan without actually using Families.
- The simplest method is to consolidate everything into one Premium account. This may be a viable alternative for couples that share a majority of passwords, but larger families may need some organization. It is doable if you can keep items organized with normal folders.
Place all family members on a free plan, but one (very dedicated) user on the Premium plan. Premium users can share individual items with multiple people. Those individually-shared items are – at the time of this writing – included in the security dashboard. This can work if one family member is dedicated enough to manage the items at an individual, instead of folder, level. However, items not shared with the Premium user will not be included in the security monitoring.This is no longer a viable option due to the additional restrictions coming to free plans.
If these options are not practical, it may be time to look for an alternative to LastPass.
The two major players in password management are LastPass and 1Password. There are many reviews comparing these two in depth, and consensus is that LastPass still holds a slight edge, especially for first time users of password managers. However, with LastPass’ new owners seemingly uninterested in individual users, the battle for top spot will likely be between 1Password and Bitwarden sooner rather than later.
We encourage everyone interested to look at those comparisons and make an informed decision. The first page on Google search is filled with worthy reviews, so we won’t bother regurgitating it here.
LastPass Families users are Clark Griswald in Christmas Vacation, putting in a pool with their false sense of security monitoring. LastPass is his boss taking away bonuses without telling anybody.
If this display of questionable integrity has thrown you off LastPass altogether, the next best option for families is 1Password. For a free plan, the up and coming Bitwarden is an excellent alternative.
Otherwise, you can request a refund, avoid using Families, and hope they have a change of heart before straying too far from their mission of keeping families secure.
For example, it would warn you if it found an e-mail address associated with LinkedIn’s 2012 security breach, so you know to change your credentials. ↩
In the suspicious timing category, LastPass parent company LogMeIn, Inc. finalized a merger to go private only a month before these issues started appearing. ↩
To be fair, the technical support team justified that all the features are still present if one were to use the following (completely impractical) solution: Keep a copy of each item from the shared folder in a non-shared folder. The security dashboard feature will work on the non-shared folders, and the family can access the items from the shared folders. That is, until you forget to keep them in sync. ↩