How to use lastpass for more than just managing passwords

Chris Hoffman is Editor-in-Chief of How-To Geek. He’s written about technology for over a decade and was a PCWorld columnist for two years. Chris has written for The New York Times, been interviewed as a technology expert on TV stations like Miami’s NBC 6, and had his work covered by news outlets like the BBC. Since 2011, Chris has written over 2,000 articles that have been read nearly one billion times—and that’s just here at How-To Geek. Read more.

We recommend using a password manager like 1Password, LastPass, or Bitwarden. But modern web browsers have built-in password managers, so why install a different one? There are many good reasons to avoid your web browser’s built-in tool.

Why You Need a Password Manager

Using a password manager is crucial. The biggest risk to your accounts online is password re-use. If you use the same passwords over and over, a breach at one website means your email and password is out there. Attackers will try to use that email and password to log into other sites. This simple trick is how accounts are often “hacked” these days.

The solution is using strong, unique passwords everywhere. But who can remember hundreds or even dozens of strong passwords? A password manager can remember if for you. You remember your password manager’s master password, which unlocks your secure vault. Your password manager can randomly generate strong passwords, remember them for you, and log you into websites with them.

1Password, LastPass, Bitwarden, and Dashlane are all reliable, stand-alone password managers. The open-source KeePass is okay, too, but it doesn’t have built-in sync features.

Web browsers have been able to remember your passwords for many years, but their password managers are now getting more sophisticated. Still, we recommend skipping the password manager built into your web browser—whether that’s Chrome, Firefox, Safari, or Edge—and using a dedicated password manager.

Your Web Browser’s Password Manager Is Just Okay

Your web browser’s password manager is better than nothing. With no additional software, your web browser can remember all your passwords and securely sync them between your devices. They can be stored encrypted in the cloud. You can use strong, hard-to-remember passwords because your software is automatically remembering them for you. This keeps your accounts secure, as you won’t need to re-use passwords.

The account it’s synced with—like your Google account in Chrome or your Apple ID in Safari—can be protected with two-step authentication to prevent people from signing in.

But there are some problems. Built-in password managers in web browsers aren’t as powerful and useful as third-party password managers. They are catching up, but they’re not as good yet. Here’s why.

Beyond Just One Browser

Third-party password managers are cross-platform and cross-browser. Built-in browser password managers are limited to that specific browser. Let’s say you use Google Chrome on your PC or Mac and Safari on your iPhone. If you use a third-party password manager, you can have your passwords in any browser. If you use a built-in web browser password manager, you can’t mix and match browsers.

Beyond that, password managers offer good desktop and mobile applications, making it easy to access passwords, license keys, Wi-Fi codes, and anything else you want to store everywhere.

Generating Passwords

Third-party password managers don’t just remember your existing passwords—they can automatically generate strong new ones when you’re creating an account or changing an existing account’s passwords.

Some browsers are now adding built-in password generators—Chrome and Safari now have this feature—but they don’t necessarily offer all the options found in password managers, such as the ability to control how long the password is and what type of characters it contains.

Easily Sharing Passwords

Password managers have easy password-sharing features. Want to share your Netflix password with your family members? You can do it with a password manager with a built-in sharing feature. You’ll all get access to the same password entry and, if you update the password, it’ll change for everyone else.

Browsers don’t have built-in password-sharing features. You can send a password to someone else in a text message or email, which isn’t very secure. If you do that, it also won’t be automatically updated if you ever have to change it. Password-sharing features are a great way to share household accounts.

Warnings About Password Dangers

Password managers have built-in warnings like LastPass’s Security Challenge and 1Password’s WatchTower. They’ll point out weak and reused passwords to you and even tell you when a password you use has appeared in a leaked password database. This helps you stay up-to-date on protecting your digital accounts. There’s no need for a separate service to check whether your password has been stolen.

Web browsers are slowly getting features like these, too—Google has a password-checker in its password manager. Google also offers the Password Checkup extension for Chrome, which it’s building into the browser, but this isn’t as powerful as the similar features built into password managers.

Storing More Than Passwords

Password managers let you store more than just passwords. For example, you can create secure notes containing text like building entry codes and Wi-Fi passphrases. You can even add file attachments to your vault, which makes it a great place to store tax documents, scanned copies of your passport and driver’s license, and other sensitive information.

To store files like these securely, you might find yourself creating encrypted archive files and uploading them to a cloud storage service. Taking advantage of your password manager’s vault is more convenient.

This works nicely with sharing, too—you can store all sorts of sensitive information and documents and share them with anyone else who needs access.

Making the Switch Is Easy

We’re happy web browser password managers are getting more powerful, but they aren’t competitive with the more powerful password managers just yet.

If this has convinced you and you’re currently using your web browser’s password manager, don’t worry—you can switch to a password manager and import all your usernames and passwords from your web browser’s built-in password manager. The password manager you choose will walk you through the import process.

Are Password Managers Safe?

Storing all your passwords in a single program may seem a little odd—weren’t you supposed to remember all these things?—but we (and many other experts) argue it’s safer than the alternative. Here’s why you should trust password managers.

When managing an online business, one thing became prominent after a while. You have to handle so many user accounts, from WordPress to Facebook, it’s easy to mix things up. How do you remember all your passwords on a daily basis without having to reset everything all over again? In this review, we’ll show you why LastPass is the smart solution to this problem.

What Is LastPass?

Established in 2008, LastPass is a password management service which helps users to store passwords data in the cloud. The smart software is used in more than 100 countries worldwide and it is a popular management tool for big companies like Amazon as well as small business owners and online marketers.

How Does LastPass Remember All Your Passwords?

To use LastPass , you must first download the application to your computer. If you find this troublesome, you can just add an extension/plugin through your web browser. Since I prefer the convenient way of doing things, I have added the software using the Chrome extension.

Upon successful installation, you’ll be prompted to create an account with LastPass and a Master Password to get access to all your account information. This is the only time you have to physically remember a password because if you lose it, the software will not be able to retrieve all the data.

There are two ways to store a password; 1) Add a site manually to LastPass or 2) Browse the site and save the password on the fly. In this example, I am at the login page of my Facebook account. If you look closely at the username and password columns, you’ll see an asterisk symbol on the right hand side.

When clicked, a pop-up screen containing all the vital account information would show up. I simply click save and all this data will be stored automatically into my LastPass account. The same steps work for other sites too so as you go along signing in/out of any online user accounts, LastPass will prompt you about saving the passwords. Besides that, you can also store passwords from ‘offline’ accounts such as your bank, insurance and credit card information.

Inside LastPass , all the data can be organized into specific folders so that you’ll know where to retrieve them. Super convenient, right?

Now, do you know that a strong password is usually made up from a combination of letters, symbols and numbers? This is certainly not something that’s easy to create, much less remember. Fortunately, LastPass has a feature called ‘Generate Password’ that can help you come up with various ‘strong’ combination so that you don’t have to crack your head thinking about it.

As shown in the image above, you can choose the length, the type of characters and generate the password with just one click. From now on, you’ll just have to remember one main password to enter your LastPass user account and the software will automatically ‘remember’ all the other complicated passwords for you.

How Much Does LastPass Cost?

The basic package is free for download. It provides unlimited browser sync, password generator and multi-factor authentication. As a single end-user, these basic features are more than sufficient to keep your online business accounts organized.

If you wish to have added security and technical support, you can always upgrade to the LastPass Premium account for $12/year. If you have a bigger team, then consider using LastPass Enterprise at the minimum cost of $24/user.

How Safe Is LastPass?

By now, you are probably thinking if this software is protected from password hackers. Well, they do have quite a sophisticated technology to make it hacking-proof and you can read more about it at their technical page OR jump over to the reader-friendly version here . LastPass also offers an extensive topic about privacy and software matters on their support site, so I would recommend that you take the time to read if you are doubtful about the software security.

So, Is LastPass Worthy of Your Time?

Okay, let me ask you these questions first;

• How strong are your online passwords?
• Have any of your accounts been hacked before as a result of using a vulnerable password?
• How often have you lost your passwords, fail to retrieve them and force to create your accounts all over again?
• How much time have you wasted trying to fix these frustrating situations?

Taking these into consideration, wouldn’t it be great to have a software that can help you store and organized all this data without losing your accounts (and your sanity)? User privacy and internet safety are very important in the online world and it all starts with creating strong passwords and the ability to keep them safe. By using a smart software like LastPass, you can be more reassured that your online activities are secure and easier to manage.

By the way, are you also interested to check out other tools that can improve the performance of your online business? Find out what type of resources this awesome training site can offer for your success.

Do you have any thoughts or questions about using LastPass? We would love to hear about it in the comment below.

If you’re looking for a simple way to protect your privacy and keep your online accounts secure, password security is a great place to start, especially when 61% of breaches involve compromised credentials and 85% of breaches involve a human element.

If a bad actor can guess or steal just one of your passwords, they may be able to use it to get into your other accounts. The good news is that protecting your online accounts is easier than you might think. Here’s how to use LastPass to create secure login credentials and take back control of your digital life.

How to use LastPass to generate a strong password

You can shut the door on opportunistic cyber attackers by creating a strong password for each of your online accounts. LastPass offers a password generator to instantly create a secure, random password. However, holistic education when it comes to strong passwords is essential, so here are a few tips and tricks from the pros to get you started:

• Use a unique password for each and every account . This way, if there’s a breach affecting one of your accounts, your other accounts won’t be at risk.
• Avoid using similar passwords . It might be tempting to just change one word or character when updating a password, but this bad password habit actually weakens your overall password security.
• Always use strong passwords for your accounts . A strong password is at least 12 characters long and includes a mix of letters, numbers, and symbols.
• Don’t use personally identifiable information in your passwords . When you use information like your birthday or your street address in a password, you may find it easier to remember that password. The trouble is that a cyber attacker will have a much easier time guessing or cracking it, too.
• Avoid weak or commonly used passwords . According to SpyCloud’s 2021 Annual Credential Exposure Report , the password “123456789″ was found over 3.6 million times in data breaches. Believe it or not, “password” itself showed up over 1.2 million times. These kinds of passwords are incredibly easy to crack or guess, and cyber attackers can do it in a flash using automated tools.
• Don’t share passwords via email or text . It’s better to securely share passwords using a tool like LastPass that lets you share a hidden password with someone and even revoke it when needed.
• Change passwords when you need to . If you recently shared a password with someone or have been using the same password for a year, it’s time to update your password. If you’ve been notified that one of your accounts was involved in a breach, be sure to change your password for that account right away.
• Use a password manager . A password manager makes it easier to securely store and manage your passwords, shielding them from bad actors.

How to use LastPass to generate a strong username

Although people usually focus on passwords when talking about online account security, your username is also important. A lot of people use the same username for multiple accounts and websites. Just as with passwords, a hacker can use your username for one account to try and get into another account. Fortunately, you can help keep cyber attackers at bay by creating a strong, unique username for each of your accounts.

Like the password generator, LastPass can help you create a strong username , too. Besides a username generator, here’s some advice on creating, using and securing your username.

• Make sure your email usernames and bank account usernames are different . This way, it will be harder for bad actors to steal your identity and access your financial accounts.
• Never use your social security number (SSN) as a username . Social security numbers routinely end up in data breaches on the dark web. By using your social security number as a username, you could accidentally be making yourself vulnerable to identity theft.
• Consider whether your username protects your identity . A randomly generated username is often more secure than a username that uses some or all of your name because it can’t be linked to your identity as easily.
• Avoid using familiar numbers in your usernames . Usernames that include addresses and birth dates are often considered less secure because that type of information is often publicly available online.

These days, you’re using the internet to work, learn, shop, and connect with friends and family, so it’s never been more important to secure your online accounts. The vast majority of hacking-related breaches are linked to weak credentials, underscoring the need for good password security.

Now that you’ve learned how to use LastPass to create strong passwords and usernames, you’re well on your way to protecting your digital life. Enjoy password peace of mind when you sign up for LastPass today.

If you don’t want to start paying LastPass now that it’s no longer free, we’ll show you how to export your data and take your passwords to another manager.

LastPass, why you have to do this to us?

LastPass has gone rogue. All right, maybe that’s a bit dramatic, but the company has all but ditched the free version of its password manager as of March 16. Now, LastPass users who want to avoid paying will have to choose whether they want to access their passwords on a mobile device, like your iPhone or Android phone, or on a computer. You can’t access your login credentials on both platforms without paying the company $36 a year for a personal account, or $48 a year for a family account.

If you thought you could survive with accessing your credentials on just your phone or computer, or the idea of paying for LastPass is too much for you, don’t fret; you have options. It will take some effort, but you’ll save yourself time and money by switching to a new password manager .

Get more out of your tech

The easiest way to move from one password manager to another is to first export your LastPass information and then import it into your new tool. Below, I’ll show you a couple of different ways you can get your information out of LastPass, and then walk you through importing it into another app. I’ve chosen Bitwarden for this example, a completely free password manager.

Exporting your passwords out of your LastPass account

After testing the LastPass export tool, I recommend using the browser extension and not the website. I’ll include instructions for both, but trust me, the extension is faster and easier to use.

Open your browser and click on the LastPass extension. Enter your master password if prompted. Next, select Account Options from the drop-down followed by Advanced > Export > LastPass CSV File. Enter your master password when asked.

Use the extension to export your information. It’s easier.

Screenshots by Jason Cipriani/CNET

Your browser will download a file called lastpass_export.csv. I suggest moving the file from your Downloads folder to your Desktop so it’s easier to find when importing it to a new service.

If you’d rather use the website to export all of your information from LastPass, the process is similar, but instead of downloading a CSV file, you’ll have to create one of your own. After signing into your account on LastPass.com , click on Advanced Options in the bottom left corner of the page. Click Export then enter your master password when asked.

LastPass will generate a CSV list with all of your info and display it in your browser tab. Depending on which password manager you’re moving to, you can either leave that tab open and copy/paste the information into the import tool, or you’ll need to create a CSV file of your own.

To do that, you’ll need to copy the text that’s displayed in the browser, and then paste it into an app like Numbers on a Mac, or Excel on a PC (or Mac). If you don’t have access to Excel on a PC, you can use the Notepad app. No matter the app you end up using, make sure you save or export the file as a CSV file. In Notepad, for example, that means you’ll need to go to File > Save As and add “.csv” to the end of the file name. Save the new CSV file to your desktop, and give it a name like “Lastpass_export.csv” that makes it easy to identify.

It’s important to remember that this file now has all of your account logins in plain text. Don’t share it with anyone, and I’d even go so far as to recommend deleting the file after you import and verify that all of your information is accurate in your new password manager account.

Bitwarden makes it easy to bring your LastPass credentials with you.

Screenshot by Jason Cipriani/CNET

Importing your information to another service

The import process will vary based on the new password manager you’ll use. There are plenty of paid options available, and we have a roundup of the best password managers that break down the differences and details of each. It’s in the process of being updated based on the LastPass news, but the information about services like 1Password will still be accurate.

Realizing that LastPass users are looking to jump ship, most of the password managers have published blog posts with instructions showing how to import your information. For example, 1Password has a guide, as does Dashlane and Keeper Security.

To stay with a free password manager, Bitwarden is the way to go. CNET Senior Editor Rick Broida explains his reasons for going with Bitwarden now that LastPass is moving to a paid service.

Bitwarden has also posted instructions for importing your LastPass account.

To get started, create an account at Bitwarden.com. Once you’re logged in, click the Tools button at the top of the page and then select Import Data (image above).

Use the drop-down menu to select your file’s format, which if you’re coming from LastPass will be LastPass (csv). Next, select the file LastPass created and download to your computer, or you can copy and paste the text in the LastPass export tab if you used the website. Finally, click Import Data.

If you’re not using a password manager, you really should start . It creates, stores and fills complex passwords in apps or websites without forcing you to remember or hand type them in. Another way to boost your account security is to enable two-factor authentication for any and all accounts that support it (most password managers support storing your one-time passwords and will even enter those, too.)

After announcing that they were essentially neutering the free version of LastPass, now there’s more bad news about the once very popular password manager.

Apparently, a security researcher, Mike Kuketz is recommending against using LastPass. Kuketz found that LastPass (and other password managers) use a number of trackers – seven to be exact. LastPass itself uses four trackers from Google, which handle analytics and crash reporting. There’s also one from Segment that gathers data for marketing teams.

This data is most likely transmitted anonymously, so that companies can’t tie the data to a specific person. But injecting this tracking code into the service makes LastPass open to different security vulnerabilities. This has led to Kuketz recommending against using LastPass for your password management needs.

LastPass isn’t alone here

As mentioned before, LastPass isn’t the only password manager to use trackers. That doesn’t make what LastPass is doing okay, but it goes to show that this an industry-wide practice, unfortunately.

LastPass does seem to have more than the other popular password managers out there. Roboform and Dashlane have four, Bitwarden has two and 1Password is the only one to have none. From our experience with 1Password, it is very tightly secured, so it having zero trackers does not surprise us one bit.

If you were okay with LastPass essentially forcing you to pay for its service, this might be the nail in its coffin that gets you to leave the service. As a LastPass user for over six years, I’m also looking at going elsewhere. Since LastPass is using so many trackers, which could ultimately lead to your LastPass account getting hacked or your passwords leaked. And considering how many passwords some of us have in our vault, that’s a really big deal.

You can check out the full report from Kuketz here, it’s definitely worth a read.

UCL has licences to use the enterprise version of LastPass. Enterprise accounts are for UCL staff only at present, students will need to sign up for a free last pass account at lastpass.com

LastPass is a password manager that allows you to store all your passwords encrypted in one place. This service is currently available to UCL staff only.

Benefits

The advantage of using a password manager is that you only ever have to remember one password, instead of dozens for all the individual accounts that you have. It also stops you re-using passwords, which is not good practice; if one account is compromised it could compromise all accounts that you have that use that same password. It’s really not worth the risk.

LastPass also allows you to share passwords with other LastPass users, so it’s ideal for using in teams that need to share passwords.

How it works

You create a LastPass Master Password. LastPass then creates a unique password for every website you use and remembers them all for you, so you don’t feel like you have to re-use passwords.

1. We recommend that you download the browser plugin from LastPass and/or the app from the app store for your mobile.
   The browser plugin has been pre-installed on all Desktop @ UCL Windows 10 machines.
2. Email ISG who will then provision an account for you.
   The licence we have for LastPass provides two password vaults, one for UCL-related passwords and one for personal passwords. The one for personal passwords can be taken with you if you leave UCL and used with the free consumer version of LastPass.

Multi-factor Authentication

Multi-factor authentication, or MFA, is a feature that asks you for more than just your username and password when you log in. It requires something you know (your master password) plus something you have (like your phone or a token) or something you are (like your fingerprint).

It’s another layer of protection that stops others from accessing your account, even if they stole your password.

Because of the security benefits provided by multi-factor authentication, we strongly recommend turning it on for your LastPass account.

Get started

• Follow our Install and log in to LastPass how-to guide which includes setting up multi-factor authentication
• Watch the LastPass: A better way to secure your UCL credentials video (below) that gives you an overview of what LastPass is and how it works
• View help guides on the official LastPass website

MediaCentral Widget Placeholder

Top queries

If you follow the correct steps and ensure that you log out of LastPass when you have finished using the device, it is safe to use it on a shared device. When you are finished with LastPass, make sure that you log out of LastPass, and check that this has completed, before you leave the device.

LastPass has very good security, and has a legal agreement with UCL to apply strong security to their service. UCL has decided to trust LastPass based on these assurances. As long as you use a strong master password for your LastPass account, it is a safe place to keep all of your passwords. Remember that the master password is the one thing protecting your other passwords, so ensure that it is long, complex, and you have a way to remember it. It helps to use a password several times after setting it, as this cements it in your memory. It may be helpful to force yourself to log in every few hours, or every day or so while you are memorising the master password.

UCL cannot see the passwords stored in your LastPass account. UCL can see the sites that are saved in your UCL LastPass, and it can also see when these are used; for example, if you stored your Amazon account in your UCL LastPass, UCL would be able to see that you had stored an Amazon account in your LastPass, and would be able to see when you used it to log in. UCL would not be able to see your password however.

LastPass encrypts and decrypts data locally on the user’s machine. The offline mode accesses the locally cached vault on the device so a previous successful log in on the device is required in order for offline mode to be available for the user.

Please retest by login online, then offline off the same device.

This should not be happening, if you continue experiencing this, kindly report this confirming if it is occurring on the LastPass browse or extension.

When you leave UCL you will lose access to your UCL LastPass. You must make sure that you look through your UCL LastPass for any private passwords or information you will require, before you leave. Make sure to store this information in a new place not linked with your UCL LastPass account. LastPass has free accounts for private users, so you could re-save all your information in a new, private LastPass.

The Information Security Group are able to reset your master password to restore access to your LastPass account. If you have forgotten your password, please email [email protected] so that the password reset process can be started. Please note we will need to verify that you are who you are saying you are.

Make sure to check your junk or spam folder as the email sometimes gets filtered into these folders. Otherwise please contact [email protected]

MFA Authentication is available to all Enterprise account holders.

The terms in the Privacy Policy applies to a wide range of products offered by the company who manages LastPass, some products have the ability to access and view a user’s account password to assist in account recovery methods however, LastPass is not one of those products as the Master Password and all contents of a user’s vault are encrypted.

I have a confession to make: I constantly forget all my passwords, and I don’t use a password manager.

This is a personal failing. Apparently, the rest of the digital world has long realized that password managers are life-changing and security-enhancing.

But now LastPass, a popular manager, has implemented new restrictions on their free tier. According to The Verge, LastPass’s free version will only allow users to view their passwords from one type of device, either mobile or computer, starting March 16. On that date, users will have to choose their device category, which they will be able to switch only three times, or upgrade to Premium at $3/month.

Since I do actually want to make my life easier and more secure (and yours, too!): I’ve gathered the best free and paid alternatives to LastPass.

1. Bitwarden, Free or $10/year for Premium

Nothing makes me trust an app more than a clever name. Just kidding. Bitwarden may be a great password manager name, but it also promises the most password support (for free) across any number of devices, including mobile and computers via browser extension or desktop app. If you don’t have access to your devices but need your passwords, it also features a web vault that you can get into from any web-enabled device.

If you particularly love Bitwarden, $10/year gets you Premium features, like 1 GB of encrypted file storage and advanced two-factor authentication.

2. Dashlane, $59.99-$119.99/year

Here’s the deal: If I’m going to pay for something, I better be getting all the bells and whistles. And while at first glance Dashlane is more expensive annually than LastPass, the bigger price tag includes one very important feature: VPN protection. According to our friends at PCMag, Dashlane VPN protection is a licensed version of Hotspot Shield, which usually costs $95.88 yearly, with the added bonus of unlimited devices. And of course, you get the password management system across all those devices, too.

3. WWPass Passhub, Free or $4/month for Premium

Alternatively, I’m willing to work harder for free stuff. WWPass PassHub (horrible name) is a cloud-based web app that is super secure, as it relies on an Android or iOS device to act as a passkey. The passkey is a QR code that lives on an app, which replaces the master password that most password managers use and offers greater security.

Here’s the hard work part: WWPass PassHub only recently added a Chrome extension, so it can help automatically fill in some password forms on Chrome only. On any other browser, it can’t capture all of your previous usernames and passwords, so you’ll have to manually input them all yourself, and copy and paste passwords from PassHub into your forms.

4. Myki Password Manager & Authenticator, Free

If you’re into using your phone as your passkey, Myki Password Manager and Authenticator uses a similar app-to-browser extension pairing system. But instead of a QR code, you input a six-digit PIN or fingerprint to get in. Make sure that the device you’re using as your passkey is your primary smartphone, as this is the only device all passwords will automatically sync to. You can get your passwords to sync across other devices, but you will have to unlock Myki on your passkey app every time to get access.

5. Keeper, $34.99/year

If you’re someone who’d rather pay a little to feel a lot more secure, Keeper promises a ton of features for a reasonable price. Coming in at just a little bit cheaper than LastPass, Keeper gives you a seamless experience with unlimited devices, automatic password capture, form filling, two-factor authentication, a digital vault for file storage, and a robust emergency access system.

6. Dropbox Passwords, Free or $9.99/month, $16.99/month, or $199/year for upgrades

Dropbox rolled out a password management system to its paid users last year, but the company is expanding the service to free Dropbox Basic accounts in April 2021. The free version will allow Basic users to save up to 50 passwords that can be accessed on up to three devices. If you want to store and autofill an unlimited amount of passwords and have access to the rest of Dropbox’s services, you can upgrade to the Plus ($9.99/month), Family ($16.99/month for up to six users), or Professional ($199/year) plans.

Pay up or face restrictions on access, say new private-equity owners.

reader comments

Share this story

• Share on Facebook
• Share on Twitter
• Share on Reddit

A popular app that promised to eliminate the burden of remembering passwords has sparked a backlash by demanding, weeks after it was acquired by two private equity firms, that users pay up or face restrictions on access to their online accounts.

LastPass has encouraged millions of people to replace weak passwords on retail websites, Internet banks and other online services. Instead, the software handles authentication automatically using long, complex passwords that are impossible to guess—or remember.

Two investment firms, Elliott Management and Francisco Partners, acquired the service as part of their $4.3 billion buyout of Internet software group LogMeIn in September last year.

Now, the app is warning users that they must pay as much as $36 a year if they want access to those cumbersome passwords on all their devices. Those who refuse to pay will have to choose between synching only to their desktop computers, or only to mobile devices such as phones.

The change, which comes into effect on March 16, was a blow to Scott Rothrock, a Tokyo-based software developer who said he realized at once that “there was no way to go back to my old life in a practical manner.”

Before switching to the password manager some years ago, Rothrock used a memorable algorithm to devise passwords that mixed up letters from the web addresses he visited with punctuation marks and the names of mythical beasts.

Now, his LastPass-generated passwords “are, I’m uncomfortable to admit, only known to my password manager. LastPass’s policy change was, for me, an ultimatum.”

The move to limit what LastPass gives away for free underscores how financially sophisticated owners are seeking to wring more profit from popular Silicon Valley products.

Last month Twitter said it would experiment with tools that allow users to give tips or pay for exclusive content, ideas that could allow the microblogging platform to take a cut of the revenue.

That announcement, too, followed an investment from Elliott, which took a 4 percent stake last year and attempted to oust Twitter’s chief executive, Jack Dorsey.

Elliott invested in LogMeIn via Evergreen Coast Capital, a Silicon Valley outpost it created in 2015.

The technology investing venture marks a departure from the New York firm’s long-time strategy of pursuing aggressive public campaigns against public companies and delinquent debtors. Its past targets have ranged from health insurance company Athenahealth to the Republic of Argentina, which in 2012 had one of its navy ships impounded in a dispute over defaulted bonds owned by the New York fund.

Francisco Partners, which invested alongside Elliott, is another battle-hardened firm, having been the owner, until 2019, of NSO Group, a maker of surveillance software that is being sued by Facebook over an alleged attack on 1,400 users of the social network’s WhatsApp messaging service.

Experts say it is hard to know whether the new limitations on the free version of LastPass will encourage more paying users to sign up.

“Without the ability to sync, there’s very few users who will really be able to use [LastPass],” said Joseph Bonneau, a cryptography researcher and computer security expert at New York University. “They’re making the free version so difficult to use that most people will be forced to pay or use another solution.”

LastPass, which claimed more than 25 million users last year, said it had given 30 days’ notice of the change and was not deleting any user data. It added that the free version of LastPass still offered functions that rivals lacked, and that “a healthy number of users” had taken up its discounted subscription offers.

But one free password app, BitWarden, has registered a fivefold increase in new users since LastPass announced its more restrictive policy last month, according to Gary Orenstein, its chief customer officer. “We’re understandably thrilled,” he said.

Among BitWarden’s new users is Rothrock, who said that in his experience, the two services were “functionally identical.”

Some of his friends offered to cut him in on their “family pack” subscription to LastPass, but he declined.

“I just didn’t trust LastPass anymore,” he said.

© 2021 The Financial Times Ltd. All rights reserved Not to be redistributed, copied, or modified in any way.

If you need to cut the cord from LastPass, here’s how to do it.

If you’re a LastPass user who wants to find an alternative because you don’t like their new changes, or because their app is tracking you, we’ve got you covered. It’s fairly straightforward to export your data, and the popular alternative services make it simple to import your passwords, so you can get started with a new password manager with a minimum amount of stress.

We’ll walk you through how to download your LastPass data, and in which form, and also point you to how to import your data into some of the more popular alternatives.

Here’s how to transfer your LastPass passwords to another service

Thankfully, collecting your data to move to another service is pretty straightforward, but it helps to know where to look. We’ve got you covered.

If you don’t already have the LastPass extension installed, go do that now. It makes things easier (we’ll show you the more complicated way later)

Click on the extension icon, then on Account Options

Click on Advanced

Click on Export

Click on LastPass CSV File

The extension will open a new tab, and ask you to put your Master Password in to continue. Do so, and your browser will start downloading your CSV file of login details. We’ll talk about what to do with that file later, so put it in a place you’ll be able to find easily.

If you don’t want to install the extension

You can get your data from the LastPass webpage, but it’s slightly more involved.

Go to LastPass.com and sign in. Click on Advanced Options in the left-hand menu, then click on Export in the menu that slides out.

That will open a new tab, with all of your login details in comma-delimited list form. You then have to click on the tab, hit CTRL+A, then CTRL-C, and paste the contents of your clipboard into any text-editing app, like Notepad or Word.

We warned you it would be more complicated… Now you have a text file you can upload to the password manager of your choice, or a CSV file if you opted for the less-complicated, browser extension method.

Other password managers you can use

Now we’ll show you how to import that file into some of the more popular password managers, because you should still be using a password manager. We’ll also run down the costs (if any), and a quick overview of why they’re worth looking at.

Bitwarden

Bitwarden has a free tier, with paid features starting at $10 per year to get things like cloud storage, authenticator, two-step login, and more. Here’s how to import the file we generated from LastPass.

Chrome

Google Chrome has a pretty good password manager built-in (and it’s free), but sometimes it’s not so easy to import a CSV file full of passwords. GuidingTech has you covered here, but if none of these three methods work, there’s still one more way.

Install Firefox, Import your CSV file in the Logins and Passwords menu, then open Google Chrome and go to Bookmarks > Import Bookmarks and Settings to begin. Select Mozilla Firefox from the drop-down, select Passwords and Autofill, and click on Import.

Dashlane

Has a free tier, or you can subscribe from $4.99 per month to get things like unlimited passwords and devices, a VPN, and more. Here’s how to import the file we generated from LastPass.

Keepass

One of the more popular, completely-free password managers, it’s easy to import a CSV file. Oh, and it’s open-source, if that matters to you.

Logmeonce

One of the cheaper paid password managers, you can get encrypted storage, additional password sharing, emergency access, live password tracking, and more, from $2.50 a month. There’s a free tier as well, so you can try before you buy. Here’s how to import your LastPass file.

Finishing up

Now that you’ve exported your passwords from LastPass, and imported them into another password manager, it’s time to decide what to do with your LastPass account. The easiest, and most secure option is to delete your LastPass account. Don’t do this immediately after importing your passwords to another service though, just in case you decide you prefer LastPass after all.

Have any thoughts on this? Did we miss anything? Let us know down below in the comments or carry the discussion over to our Twitter or Facebook.