After announcing that they were essentially sterilizing the free version of Last pass, there is now more bad news regarding the once popular password manager.
Apparently, security researcher Mike Kuketz recommends against using LastPass. Kuketz has found that LastPass (and other password managers) use a number of trackers – seven to be exact. LastPass itself uses four Google trackers, which handle analytics and crash reports. There is also a Segment one that gathers data for the marketing teams.
This data is most likely transmitted anonymously, so companies cannot link the data to a specific person. But injecting this tracking code into the service makes LastPass open to various security vulnerabilities. This led Kuketz to recommend against using LastPass for your password management needs.
LastPass is not alone here
As mentioned earlier, LastPass isn’t the only password manager that uses trackers. It doesn’t make what LastPass does well, but it does show that it is industry-wide practice, unfortunately.
LastPass seems to have more than other popular password managers. Roboform and Dashlane have four, Bitwarden has two and 1Password is the only one that has none. Based on our experience with 1 Password, it is very well secured, so having no tracker does not surprise us at all.
If you accept that LastPass is essentially forcing you to pay for its service, that could be the nail in its coffin forcing you to leave the service. As a LastPass user for over six years, I’m also looking to go elsewhere. Since LastPass uses so many trackers, this could ultimately lead to your LastPass account being hacked or your passwords leaking. And considering the number of passwords some of us have in our vault, this is a really big deal.
You can view the full report from Kuketz here, it is definitely worth reading.