Private Equity Firms To Spin Out Password Manager LastPass

Elliott Management's private equity arm and Francesco Partners will spin out the popular password manager LastPass after taking its owner Boston-based software group LogMeIn private for $4.3 billion. From a report: LastPass faced a backlash from its users in March after the free version of the service, which generates, and securely stores long, complex passwords, was hobbled to only work on either a smartphone, or a computer. Millions of users of LastPass' free service were effectively forced to pay up to $36 a year in order to continue using the password tool on more than one device. LogMeIn CEO Bill Wagner says the plan to spinout LastPass wasn't connected with the backlash over the paywall, and 75% of revenues for the password manager now came from corporate clients. "It's all about unlocking the value of this company," says Wagner. "We are balancing investments across different products and by splitting it out this brings real focus, a dedicated management team and added investment and I think this will be a very valuable company in the years to come."

Sure it is not related

[OneHundredAndTen]

Please, do not add insult to injury, Billy boy. Note to CEOs: you stupid psychopaths, most people are not like you.

Re:

[AmiMoJo]

I think it's very unwise to rely on a for-profit company like this to store your passwords. One day they will try to monetize you, and you won't like it.

There are plenty of open source alternatives available, my personal favourite being KeePass. It's got everything, cloud sync, browser integration, multi-platform, client side encryption.

Re:

[Chris Mattern]

Personally, I don't like my password storage to be under someone else's control, period, whether they're charging me for the privilege or not. I use Password Gorilla.

Re:

[Computershack]

I think it's very unwise to rely on a for-profit company like this to store your passwords. One day they will try to monetize you, and you won't like it.

They already monetised me because I felt their service was worth paying for so I've been paying for it for a few years now. The people who have the problem are the freetards who want everything for nothing and expect others to put in their own time and money with nothing in return.

Re:

[alexgieg]

The people who have the problem are the freetards

Not at all. I was a paying LastPass customer for years. When they pulled this BS I cancelled my account and went for an also-paid Bitwarden account.

I favor good companies with my money. And no, I don't mean "good-for-me-as-a-paying-customer companies", I mean "good companies". Shitty ones lose my business.

Re:

[Ksevio]

I switched to Bitwarden when they changed because not only did they remove a free functionality they previously had, they also TRIPLED the price of the service. I had previously paid for the service, but this move made me question their reliability so it seemed safer to get out while I still could

Re:

[trparky]

I use the open source password manager BitWarden myself.

Re:

[EvilSS]

Please, do not add insult to injury, Billy boy. Note to CEOs: you stupid psychopaths, most people are not like you.

OK but why would it be related? He flat out said they make over 3/4 of their revenue from commercial accounts. I doubt they give much of a shit if they pissed off users who were not paying them anyway. So how would spinning the company off be related to the "backlash" over the changes to their free plan? It's not like it could taint the parent company. Logmein did that all by itself long ago.

Re:

[AmiMoJo]

3/4th of their revenue from commercial accounts meant 1/4th from non-commercial. I wouldn't recommend that any business upset a quarter of it's users.

I wonder how many of those commercial accounts were created because one of the IT people was using LastPass for personal stuff.

Re:

[EvilSS]

Yea but 0/4 of their revenue is from free accounts. The paid users were unaffected.

Re:

[Ksevio]

Well the people with paid accounts had to pay 3 times as much so that kind of affects them

Re:

[EvilSS]

eh? how so. I can't find any 300% price increase and I'm pretty sure that would have been all over the tech blogs.

Re:

[FictionPimp]

That's how every place I worked found LastPass. It's also how most of them found 1password after the LastPass bullshit.

Re:

[Ostracus]

I wouldn't recommend that any business upset a quarter of it's users.

That's right people. Pirates are not considered customers. ;-)

Re:

[EvilSS]

Also, even overlooking that free users are 0/4 of their revenue, how would spinning out the company, which will have the same name, have anything to do with the public backlash? Most of the people they pissed off probably don't even know who owns them now.

Re:Note to CEOs

[Errol backfiring]

you stupid psychopaths, most people are not like you.

That's what psychopaths are counting on

I just don't get it...

[El Fantasmo]

I all seems a ruse to me at times.

1. Buy up other companies to either diversify or head towards a monopoly = $$$
OR
2. Split your business because smaller, more focused (nimble, agile etc.) = $$$

They just can't lose!

Yes the MBA crowd will say that is an over simplification, but is it really?

Why not make the company into a subsidiary (probably already is) and just remove all the other management crap you claim is holding it down and rake in all the profits you clearly see will come to someone who buys it. To

Re:

[echo123]

Look at what a mess Facebook is. Facebook literally has such a bad name, while owning and aspiring to own *other* profitable brands, like Instagram, Oculus, whatever. SO, now there's Meta Corp, owner of Instagram, Oculus, whatever [nytimes.com], all independent of Facebook (and the bad Facebook name).

Re:

[kubajz]

Short answer for you - its's an over simplification. It's just that advanced financial management, including valuation of companies, is not something that many people understand... just like many other areas of human endeavor, some people specialize in doing this. Just like you said - it is probably not possible to add value twice by spinning off a company and buying it again, so there must be more to this...

Re:

[bickerdyke]

I guess you'll need something to tell you when to do what (*) but on the other hand, no matter which of the two you want to to, the playbook to sell it to managers, shareholders or whoever is, as you have noticed, already prewritten.

(*) call it predictive data, gut feeling, wisdom or sheer luck - the ones who get that right will be remembered even if it was nothing but luck

Re:

[EvilSS]

Wow, it's almost like every company isn't identical and some things are better for one and different things are better for another.

Re:

[El Fantasmo]

No, my point is there never seems to be a bad reason a company either acquires or sells a business, division etc. That is how they are all the same, every c-level decision like this is "good for business" unless you have evidence to the contrary (lets not bother talking about legally required quarterly earnings reports, SEC fillings etc., lawyers and accountants have already scrubbed that data as best they can before it's submitted). It's wordsmithing and financial gymnastics to either spare embarrassment

Re:

[EvilSS]

No, my point is there never seems to be a bad reason a company either acquires or sells a business, division etc

So you want CEOs to start making decisions they feel are BAD for a company? "Yes, we are spinning out acme buttplugs and pet foods because we feel it's a terrible idea and will negatively impact us."

Re:

[coofercat]

> "It's all about unlocking the value of this company"

There are multiple definitions of this in the CEO bullshit dictionary:

1) Equivalent to "I unlocked the value of my car when I sold it" (ie. I needed some money, so I sold something I own to get some)
2) Meaning "we can't figure out how to make anything of this company, so we're selling it to someone else, probably a sucker who also can't make money from it, but if by some chance they can make it work, hopefully we've sold it for so much that we won't c

KeePassX

[bradley13]

Use KeePassX. It doesn't upload stuff to the cloud, which means your passwords are safe-by-default. If you absolutely must sync across devices, you can decide to do so - but it is your decision. Personally, I run my own instance of OwnCloud, but you could use a service like DropBox.

The point is this: With KeePassX, I *know* that the encryption happens locally, since the program does not have or need web access. Also, it is open-source, so people can check this. With LastPass, you must trust them that the encryption is local. Even if it is, there is nothing stopping them from changing that and pushing out an update.

Re:

[Junta]

Want to second this. This is not an application that *needs* to own the whole thing, but one where a 'dumb storage' cloud service provides all the cloud value while the functionality can be provided through an application.

This needs to be the focus of this sort of utility: support cloud storage providers but run locally on synchronized data or support fetching the content from the cloud service instead of being synchronized in advance.

Re:

[pauljlucas]

AFAICT, KeePassXC [keepassxc.org] (note the "C", the version that's still being maintained) has clients for Windows, Mac, and Linux, but not iOS nor Android. OTOH, Password Safe [pwsafe.org], aka, pwSafe, has clients for Windows, Mac, Linux, iOS, and Android. Like KeePassXC, encryption is local and cloud isn't required; but you have the option to sync via either DropBox or iCloud.

Re:

[Junta]

I will point out that KeePass is compatible with the same database format that keepassxc uses.

Password Safe may work, but I prefer keepassxc/keepassdroid because of the UI and the support in the desktop app for OTP.

Glad they bought Lastpass as it got me to switch!

[blahbooboo]

It got me to finally switch to Bitwarden ( https://bitwarden.com/ [bitwarden.com] which has much better clients and browser plugins than LastPass. LastPass became slow, buggy, and awkward interface across all their modules.

Bitwarden migration from LastPass is super easy too: https://bitwarden.com/help/art... [bitwarden.com]

Re:

[nickersonm]

And it's also free, open source, and capable of being self-hosted! That said, I personally still prefer KeePass (using the KeePassXC client [keepassxc.org] implementation).

Re:

[AmiMoJo]

I had a look at their website and FAQ but can't see my question answered. From what I can tell it looks like you either pay them for cloud storage or you self host on your own network. Is that right?

If so, it doesn't seem ideal. Relying on a single company is a bad idea, and hosting locally on your LAN means no off-site access, or you set up a VPN and hopefully configure it right. I suppose you could pay for your own Linux hosting and install it there, but again you end up being responsible for managing it.

Re:

[kwerle]

So... you don't want to pay to have a company solve it for you, and you don't want to solve it yourself?

Seriously, what's your better choice, here?

Re:

[AmiMoJo]

With Keepass you can use any number of free cloud services. If one becomes unusable you just switch to another. No special server required.

Re:

[bill_mcgonigle]

It's ten bucks a year. Even somebody making $2 a day can afford it.

Support the developers of whatever one you chose, regardless. It's the right thing to do.

Re:

[kimhanse]

They have free plans where they host your data: https://bitwarden.com/pricing/ [bitwarden.com]

Including one for a two person org, I have to switch to that.

Re:

[Voyager529]

From what I can tell it looks like you either pay them for cloud storage or you self host on your own network. Is that right?

Yes - you can choose to have the data stored on your own server, you can install it on someone else's server that you manage (AWS, DigitalOcean, etc.), or you can pay them monthly to handle the management. I'm not sure the options get more flexible than that.

If so, it doesn't seem ideal. Relying on a single company is a bad idea

If you've got a recommendation for a multi-provider password manager, I'm all ears...but even if someone has a password management system with redundant everything, from developers to BGP routes, you'll still end up with one company doing the billing, w

Re:

[Junta]

My answer to someone would be to use something like keepassxc/keepassdroid, and then just plop the file down in your 'primary' cloud storage provider (e.g. onedrive or google drive) and just backup your contents to your lan or another provider as you see fit.

Re:

[alexgieg]

From what I can tell it looks like you either pay them for cloud storage or you self host on your own network. Is that right?

They have four options actually:

a) Free, hosted by them. Provides an unlimited password manager, but doesn't included TOTP features and file storage. If you need TOTP for 2FA you can combine this with Authy, for example.

b) Paid, hosted by them. Does provide TOTP and file storage, so you can have it do everything: store password, 2FA tokens, app registration files (for those paid softwares that require more than a key), SSH certificates etc.

c) Free, self-hosted. Same limitations of the free version hosted by

Re:

[EvilSS]

Well there are some third party, publicly hosted bitwarden instances. They are not Bitwarden run so you don't rely on a single company and you don't have to manage it yourself.

https://bitwarden.garudalinux.... [garudalinux.org]

https://vault.tedomum.net/ [tedomum.net]

https://vault.boba.best/ [boba.best]

https://passwd.hostux.net/ [hostux.net]

I have no idea how secure they are, but your requirements are goofy anyway so there, you have your solution.

Spinout?

[Ronin Developer]

WTF is âoespinoutâ?

Iâ(TM)ve heard a lot of slang and jargon beforeâ¦this is a new oneâ¦.let alone to be used in an article.

BINGO!

[bickerdyke]

It's all about unlocking the value of this company," says Wagner. "We are balancing investments across different products and by splitting it out this brings real focus, a dedicated management team and added investment

Bingo!!

BS Bingo, to be exact.

Re:

[splutty]

I'm missing the synergy there :( Apparently synergy is no longer a proper bullshit bingo word.

I'm sad.

CxOs and their relationship to truth...

[bradley13]

LogMeIn CEO Bill Wagner says the plan to spinout LastPass wasn't connected with the backlash over the paywall

Sure, it wasn't. I have some great land to sell - sometimes it's even above water...

75% of revenues for the password manager now came from corporate clients.

That would be because all the paying private clients jumped ship. Note that he didn't say that revenues had grown. Almost certainly a lie by misdirection.

Maybe it's just me, but even before the sale, I didn't quite trust LastPass. I don't want a password manager that automatically uploads stuff to the cloud. I certainly don't want a closed source password manager that does that. I don't trust their infrastructure, and I don't trust them not to give in to some repressive government somewhere and put a gaping hole into their client-side encryption - it would be just so easy to change that to server-side encryption, and who would ever know?

Re:

[DrSpock11]

I'm confused as to what Slashdotters think the supposed "backlash" to LastPass asking for money to use its service supposedly did to negatively impact the company? Having users that use your service for free and would never agree to pay you anything under any circumstance decide to leave for other services doesn't seem particularly bad from a business or cost perspective. If we're talking about a loss of goodwill, then I strongly suspect LastPass' actual customers (you know, the ones paying them) probably c

Re:

[alexgieg]

I'm confused as to what Slashdotters think the supposed "backlash" to LastPass asking for money to use its service supposedly did to negatively impact the company?

It's simple. In society there are two kinds of contracts: implicit and explicit. Implicit contracts are things like "keeping your word", "reasonable expectations", "this should be obvious" things etc. Explicit contracts you already know.

When a company (or a person, for that matter) violates the implicit contracts it's part of, that company/person is now one step removed from violating the explicit ones, either by actually breaking them, or by "creatively" interpreting its letter in violation of its spirit.

S

Re:

[Ksevio]

Well previously I had used LastPass and would recommend it to everyone to use. If it came up at work, I'd recommend it there too. I was also a paid subscriber for a number of years.

Since they made existing features paid and tripled their prices, I could no longer trust them so now I recommend other services. I imagine word of mouth like mine was a significant source of their new customers (both free and paid), so while they may have gotten some short term gains in new paid subscribers, long term they're

unlocking value

[Virtucon]

Yes, milking every dime out of a product. I used to have the Lastpass subscription for years and they kept ramping the price up and up. Guess what? I use a competitor's product now and it does just as good of a job for less/year.

I love free markets and capitalism unfortunately it breeds C level execs who are dumber than a bag of hammers.

Trackers

[endus]

I left lastpass at the same time, but not because of the fee (I was already a paid user). I left because of the trackers. Having them in a "security" application is ridiculous.

https://www.theverge.com/2021/... [theverge.com]

Re: Trackers

[RegistrationIsDumb83]

Same. I was not okay with LastPass selling my web usage. Very happy to use oss alternatives now.

Disasters Come in Many Flavors

[BoRegardless]

Power outages, floods, tornados, but everyone knows about that and corporate foulups.

I have yet to have anyone describe to me what will happen during the next Carrington Event.

Let's just ask the real & rational questions based on past history:

1. Will your laptop survive as plugged into the AC outlet & will there be any AC power?
2. Will your data connection remain "up"?
3. Will your "Cloud" & email systems & storage remain accessible?
4. Will some of your remote data be lost forever? I can

KeePass

[mspohr]

I've been using FOSS KeePass for years. Runs on everything. Windows, MacOS, iOS, Android, Linux and runs using the cloud (Drive, iCloud, etc.) if you want.
Stupid to pay for a password manager.

LastPass is great. LogMeIn, not so much

[kriston]

When LogMeIn completely killed off their free tier I jumped ship. Then I realized that LastPass was owned by LogMeIn. A couple years later LastPass tried to neuter their free tier and I was rather pleasantly surprise they didn't off the free tier like parent LogMeIn did years earlier.

I have long since moved from LogMeIn to SplashTop and iDrive's RemotePC for remote access.

I like LastPass Families but it's frustratingly limited and I'm not willing to pay $4/user/month for LastPass Business for something on

Maybe try BitWarden

[Nuncio]

Still free, still kicks the asses of others like LastPass, OnePass, and eWallet