Leon Neal | Getty Images
A popular app that promised to remove the burden of remembering passwords has sparked backlash weeks after it was acquired by two private equity firms, requiring users to pay or face restrictions on access to their online accounts.
LastPass has encouraged millions of people to replace weak passwords on retail websites, internet banks and other online services. Instead, the software processes authentication automatically using long, complex passwords that are impossible to guess or remember.
Two investment firms, Elliott Management and Francisco Partners, acquired the service last September as part of their $4.3 billion acquisition of Internet software group LogMeIn.
Now the app is warning users that they will have to pay as much as $36 a year if they want to access those cumbersome passwords across all their devices. Those who refuse to pay will have to choose between syncing only with their desktop computers or only with mobile devices such as phones.
The change, which takes effect on March 16, was a blow to Scott Rothrock, a Tokyo-based software developer who said he immediately realized that “there was no way to go back to my old life in any practical way.”
Before Rothrock switched to the password manager a few years ago, Rothrock used a memorable algorithm to come up with passwords that swapped letters of the web addresses he visited with punctuation marks and the names of mythical beasts.
Now his LastPass-generated passwords’ are, I hate to admit, known only to my password manager. LastPass’ policy change was an ultimatum for me.”
The move to limit what LastPass gives away for free underscores how financially advanced owners want to get more profit from popular Silicon Valley products.
Last month, Twitter said it would experiment with tools that allow users to tip or pay for exclusive content, ideas that could help the microblogging platform take a cut of its revenue.
That announcement also followed an investment from Elliott, which took a 4 percent stake last year and sought to oust Twitter’s CEO, Jack Dorsey.
Elliott invested in LogMeIn through Evergreen Coast Capital, a Silicon Valley outpost it created in 2015.
The investment in technology marks a departure from the New York company’s longstanding strategy of conducting aggressive public campaigns against public companies and delinquent debtors. His past targets have ranged from health insurer Athenahealth to the Republic of Argentina, where in 2012 one of its naval vessels was seized in a dispute over defaulted bonds owned by the New York fund.
Francisco Partners, which invested alongside Elliott, is another battle-hardened company, which until 2019 owned NSO Group, a surveillance software maker being sued by Facebook for allegedly attacking 1,400 users of WhatsApp’s social network messaging service.
Experts say it’s hard to know whether the new restrictions on the free version of LastPass will encourage more paying users to sign up.
“Without the ability to sync, very few users can actually use [LastPass]said Joseph Bonneau, a cryptography researcher and computer security expert at New York University. “They make the free version so hard to use that most people will have to pay or use another solution.”
LastPass, which claimed more than 25 million users last year, said it had been notified of the change 30 days in advance and had not deleted any user data. It added that the free version of LastPass still offered features that rivals didn’t, and that “a healthy number of users” had taken advantage of its discounted subscription offerings.
But one free password app, BitWarden, has registered a fivefold increase in new users since LastPass announced its more restrictive policy last month, according to Gary Orenstein, its chief customer officer. “We’re understandably excited,” he said.
One of BitWarden’s new users is Rothrock, who said that in his experience the two services were “functionally identical”.
Some of his friends offered to hire him for their “family pack” subscription to LastPass, but he declined.
“I just didn’t trust LastPass anymore,” he said.
© 2021 The Financial Times Ltd. All rights reserved. May not be redistributed, copied or modified in any way.