Top Tech news website
Cloud-based access service provider LogMeIn is acquiring password management company LastPass in a cash deal valued at $110 million. The acquisition is part of a wider LogMeIn strategy to expand its offerings in identity management.
The sale is expected to close in the coming weeks, after which LastPass' services will continue to be supported in the near term. Over the long term, LastPass will keep operating under its own brand name while also incorporating the product line of Meldium, another identity management firm acquired by LogMeIn last year, the firm said.
In addition, the entire LastPass team will continue working on the company's products as a new LogMeIn unit. Founded in 2008 and based in Fairfax, Virginia, LastPass reportedly has around 7 million users.
'Good News for Our Users'
"LastPass has a great business, a beloved and award-winning product, millions of loyal users, and thousands of great business customers - they are synonymous with the category, " said LogMeIn chairman and CEO Michael Simon in a statement. "We believe this transaction instantly gives us a market leading position in password management, while also providing a highly favorable foundation for delivering the next generation of identity and access management solutions to individuals, teams and companies."
Addressing customers of the LastPass freemium service on his own company's blog, LastPass CEO Joe Siegrist noted, "I want to personally assure you that this is good news for our users." Siegrist said despite the acquisition LastPass has "no plans to change our existing business model." He added that the deal "provides us with access to resources that will enable us to innovate faster."
LastPass has long billed its service as "the last password you'll have to remember." Its service works via a browser add-on that encrypts and saves users' passwords for various Web sites. That approach reduces the security risks that people incur by using the same passwords for multiple sites, according to the company.
In June, LastPass reported that it had observed suspicious activity on its network. Although it added there was "no evidence that encrypted user vault data was taken" or that user accounts were accessed, the company urged customers to update their master passwords to ensure their information would not be compromised.
Passwords Not Going Away Soon
Forrester Research analyst Merritt Maxim, who covers identity and access management, told us that LogMeIn's acquisition of LastPass shows there is still opportunity in that market space to add customers. With security and authentication growing concerns, "there are still a large group of companies that haven't deployed anything, " he said.
Other password-free security technologies may be emerging, but passwords will likely continue to be used for some time because they are "cheap and everyone can use them, " Maxim noted.
Per Thorsheim, a Norway-based security advisor and CEO of God Praksis, noted in a blog post on his company's Web site that the LastPass acquisition was, "imho reputation-based risk at work."
Despite the suspicious activity report in June, LastPass has been shown to offer "good enough" security, Thorsheim said. He added that he uses LastPass and saluted Siegrist "for what he's done so far with LastPass."
Thorsheim told us that he also believes the use of standard passwords for authentication isn't going to give way to biometrics or other methods anytime soon.
"There are so many cases where there is simply no point in replacing passwords, " he said. "The cost of doing so compared to the risk of not replacing them will make any CFO cringe, and say 'No, we're not doing it, period.'"
Standard passwords also remain more usable and even more secure than other methods, Thorsheim added. "Your fingerprints are much easier to obtain than your password, " he noted, adding that biometric security methods have gray areas, making it unclear whether or not something is correct.
"Passwords are either correct or wrong, there is no threshold acceptance or rejection values, " he said. "If the password is 'good enough' - values for that can be discussed - they will provide better security than a fingerprint, as an example."
I don't like the comments about LogMeIn so I'm going away from Lastpass. Currently trying out Sticky Password, seems like a good alternative.
A LastPass user:
I think LastPass will see a less positive response with LOGMEIN at the helm, since LOGMEIN is well known for downgrading their own freemium service to a crippling point, driving away the freemium users. I expect to see nothing less happen with LastPass. A total shame...
I've been a premium LastPass user for quite a while, and was happy with the service. I respected the company, unlike LogMeIn. While this move may have benefitted LastPass financially, it will not be a good move for its user base. The fact that they disabled comments on their blog after a flood of negative feedback is telling. I bailed on the last five months of my membership and moved to another service. Switching was easy as I was able to import my LastPass data with one click. So long, LastPass. It was great while it lasted.
David Brown:I didn't like when LogMeIn started charging for their remote desktop software. That was a deal breaker for me and I left.
Although I am a paying customer to LastPass, I'm hoping that they do not alter the current setup in any negative or more expensive way for me. It would take hours or days for me to migrate my data, but I'll definitely store my passwords elsewhere if I have to.