After announcing that they were essentially neutering the free version of LastPass, now there’s more bad news about the once very popular password manager.
Apparently, a security researcher, Mike Kuketz is recommending against using LastPass. Kuketz found that LastPass (and other password managers) use a number of trackers – seven to be exact. LastPass itself uses four trackers from Google, which handle analytics and crash reporting. There’s also one from Segment that gathers data for marketing teams.
This data is most likely transmitted anonymously, so that companies can’t tie the data to a specific person. But injecting this tracking code into the service makes LastPass open to different security vulnerabilities. This has led to Kuketz recommending against using LastPass for your password management needs.
LastPass isn’t alone here
As mentioned before, LastPass isn’t the only password manager to use trackers. That doesn’t make what LastPass is doing okay, but it goes to show that this an industry-wide practice, unfortunately.
LastPass does seem to have more than the other popular password managers out there. Roboform and Dashlane have four, Bitwarden has two and 1Password is the only one to have none. From our experience with 1Password, it is very tightly secured, so it having zero trackers does not surprise us one bit.
If you were okay with LastPass essentially forcing you to pay for its service, this might be the nail in its coffin that gets you to leave the service. As a LastPass user for over six years, I’m also looking at going elsewhere. Since LastPass is using so many trackers, which could ultimately lead to your LastPass account getting hacked or your passwords leaked. And considering how many passwords some of us have in our vault, that’s a really big deal.
You can check out the full report from Kuketz here, it’s definitely worth a read.