The future of LastPass - what is next for the Internet's top password manager?

password log book james thomson

This logbook may seem like a bad idea, but it's really smashing.

Credit: James Thomson

LogMeIn seems to be attracted to the value in retaining the large user base that LastPass built over many years


Two months on from LogMeIn's contentious $110 million (£70 million) acquisition of the popular password security system LastPass, Computerworld UK decided to test the water on the application's future under its new owners. Takeovers are a common and often desirable occurrence in tech and security, allowing smaller companies to gain investment and access to new customers. Just as often they mean small, innovative, popular products disappearing into larger firms that don't understand them or necessarily care about the established user base.

On the basis of LogMeIn's answers to our questions, it sounds as if this one will fall into a generally positive grey area between these two extremes. On the one hand the answers below avoid making any firm statements regarding future pricing of LastPass Premium (the annual $12 fee is considered a bargain by many) but neither do they suggest any big hikes are likely. LogMeIn seems to be attracted to the value in retaining the large user base that LastPass built over many years. Changing things would be risky and pretty bad PR - LastPass's user base is active and more influential than most.

[ ALSO ON CSO: Review: Password managers help keep hackers at bay ]

LastPass will continue its Freemium model for now. LogMeIn says that its controversial decision to hike prices for its own LogeMeIn remote support system early in 2015 was based on a completely different market whose dynamics don't apply to LastPass. The password manager also has a sizable user base of 15,000 companies for its Enterprise version and it is this profitable niche it will want to expand to fuel financial growth.

Other positive noises include that the LastPass team based in Virginia will continue to drive the product's development so the software won't be handed over to engineers who've never worked with it. The Meldium product gained from a previous acquisition, will be subsumed within LastPass rather than the other way around. As for the security breach that hit LastPass in 2015, we remain none the wiser although LogMeIn repeats the view that LastPass's CEO Joe Siegrist handled a difficult event to his credit. We'd generally agree with that but it would still be nice to have mroe informaiton on exactly what happened.

The following answers were supplied by LogMeIn's vice president of corporate communications, Craig VerColen.

Computerworld UK: Why did LogMeIn buy LastPass and why now? Or why did LastPass sell itself and why now? The company bought a separate system called Meldium in 2014.

VerColen: Identity and access management represents one of LogMeIn's declared strategic growth drivers. It's an area where we have been investing from both an organic and M&A standpoint. And we see password management as a key, relatively underserved part of that market. With LastPass, we have acquired a market leading position in password management, as well as a wildly popular and beloved product. Meldium's capabilities, which are focused on teams and small businesses, offers a great complement. In the short term, both products will be supported. In the longer-term, we'll be building around a single IAM offering, and that will be based on LastPass, both architecturally and from a brand.

Were you surprised by the negative reaction of some LastPass users to news of the takeover?

VerColen: LastPass is a great company with a beloved product, loyal customers and a strong team. Obviously whenever there is an acquisition like this people are understandably nervous that it could change the product and customer experience they've come to love. With this acquisition, the goal wasn't just to acquire a great product, it was acquiring a great business. LastPass CEO Joe Siegrist and the entire LastPass team are joining LogMeIn, and they will continue to lead the LastPass strategy and development of the product.

The LastPass team remains in place - does that mean development of the product is still primarily being done from its Virginia offices?

VerColen: Yes, the LastPass team will maintain their Fairfax, VA office and will continue to lead the strategy and development of the product. We will provide additional resources and expertise from our other development centres, as necessary to accelerate development.

What short-term changes will LastPass users (both free and Premium) notice to the service in the coming months?

VerColen: The only short-term changes will be around accelerating LastPass's roadmap. With the help of additional resources, we'll be able to accomplish more, much faster - providing an even better service to millions of people. There are no plans to change the model.

Longer term, what plans does LogMeIn have to merge Lastpass with Meldium and what features might this add?

VerColen: As mentioned, both will be supported in the near-term as standalone offerings. The longer-term plan has us bringing the team and small business sharing aspects of Meldium - areas where Meldium really shines - into LastPass. What we really want to do is have a product tailored to the needs of individuals, teams and businesses. As an early mover, LastPass has a lot of great capabilities built in for both individual and company-wide use cases. So we're starting with a great foundation.

Can the company make any predictions on the future pricing of the service for either free or Premium users? LastPass users are obviously concerned after LogMeIn killed its own free service in 2014.

VerColen: LastPass is an amazing product and is by most measures the market leader in a high growth space. This is also a key growth market for LogMeIn. We have no plans to change anything that would potentially impede this growth. And while some may worry given the move to shift the LogMeIn remote access product to a premium-only business, this was largely due to the late lifecycle and longer-term new user growth potential of that legacy market. In contrast, LogMeIn also makes, which, like LastPass is a freemium offering. Like LastPass, plays in a high growth market, and like LastPass,'s free offering gives us a key way to expose vast amounts of new users to our offering.

LastPass suffered a significant security breach earlier in 2015, its second in four years. Is the purchase of the company likely to change or improve the overall security architecture?

VerColen: From our perspective, LastPass handled the incidents very well. And that includes both how they communicated the issues, as well as the steps they took to further protect users. During the acquisition, they also worked closely with our team, and with 3rd parties, to improve security and we believe we have taken steps to put LastPass in a more secure position.

What security enhancements do LastPass Premium users have to look forward to? The range of security options in the product are a major attraction.

VerColen: Security is a top priority for LogMeIn. We're committed to ongoing security investments within the LastPass service. The LastPass team will work closely with our team to further enhance the security of their infrastructure.

On a separate note, LogMeIn has been accused of inadvertently facilitating remote support scams that use its software - can the company comment on these claims?

VerColen: First, we take the security and safety of end users very seriously, and have taken several steps to ensure their protection. While the vast, vast majority of remote support is delivered from credible entities - for example 50 telecommunication companies in Europe use our products in their customer care organizations - it's important to note that the use of our products for nefarious and/or illegal purposes is strictly prohibited, and we terminate accounts for anyone found in violation. We have also taken steps in our product, itself, to prevent nefarious usage, and to detract nefarious or illegal entities - steps designed explicitly to protect consumers.

These include warnings aimed at ensuring people only accept support from people they know and trust, as well as kill switches that allow people to terminate sessions at will. Additionally, we have built alerting into the product, so consumers can instantly report nefarious attempts directly in the product - information that can be used to both terminate an account and, at times, assist local law enforcement in their efforts to track down bad actors. We have also implemented internal processes with our security and support teams to proactively identify potential bad actors, as well as to quick and efficiently investigate any and all reports of such action.

This story, "The future of LastPass - what is next for the Internet's top password manager?" was originally published by Computerworld UK.

Insider: These ransomware situations can result in colossal outcomes
View Comments
Join the discussion
Be the first to comment on this article. Our Commenting Policies