

Discover more from BIG by Matt Stoller
Welcome to BIG, a newsletter on the politics of monopoly power. If you’d like to sign up to receive issues over email, you can do so here.
In 2019, Elliott Management and Francisco Partners bought software provider LogMeIn, which produces a password management tool. Two weeks later, it raised prices on those who are locked into its system.
LastPass has encouraged millions of people to replace weak passwords on retail websites, internet banks and other online services. Instead, the software handles authentication automatically using long, complex passwords that are impossible to guess — or remember.
Two investment firms, Elliott Management and Francisco Partners, acquired the service as part of their $4.3bn buyout of internet software group LogMeIn in September last year.
Now, the app is warning users that they must pay as much as $36 a year if they want access to those cumbersome passwords on all their devices. Those who refuse to pay will have to choose between synching only to their desktop computers, or only to mobile devices such as phones.
Basically they made the product unusable unless customers pay. This is straight extraction, to make it slightly less annoying to pay than to move all your passwords to a different firm’s product. I dislike private equity and don’t think the business model should really exist. It’s not like these firms are investing to make the product better.
Fortunately, in this case, there are competitors to LastPass, so customers can switch if they want. (That is, unless Elliott’s goal is a roll-up in the password management space, though I can’t really see how to erect meaningful barriers to entry here.)
Every one of these PE transactions makes the world ever so slightly worse.
Want to Remember Your Password? Pay Up.
I’m normally in agreement with your stance on all the monopolies you’ve uncovered and written about (thank you for that, it has been an eye-opener).
However, as much as I dislike PE, I do not see the problem in this situation. The situation here is:
- A company offers a free product in a space that has other products available, with some of them still being free (eg. Bitwarden)
- The company suddenly decides to start charging for the service (it is a for-profit company after all)
- But it is easy to migrate away to a competing service, by doing bulk export of all the data (including the hard-to-remember generated passwords) and importing it into any competing service. So there is no lock-in for the user
I think it is not reasonable to expect that once a company offers a product for free, it has to perpetually be kept free of cost.
PS: I’m not affiliated with LastPass in any way and I’m not even a user of LastPass. These are just my thoughts on the situation.
Although this is indeed annoying, I don't think it's quite ransomware-bad. (In fact, I read the headline and thought, "Wow, that's horrible! I'm glad I'm a LastPass user instead of whatever horrible service Matt's discovered!")
My understanding (which I guess we'll find out for sure about tomorrow!) is that users can always access their LastPass password vaults through a browser on either desktop or mobile. I've always done exactly that on mobile, because I think it's basically crazy to have autofilling passwords on a mobile device that could be lost or stolen at any moment. Certainly makes mobile life more cumbersome, but it's not unusable, at least not for my use-case.
Also, lock-in is fairly low. You can go to your LastPass Vault right now, click Advanced Options, then click Export, and boom, it exports ALL your passwords to a csv file, which you can save to your desktop. (Consider encrypting it, so attackers who penetrate your desktop can't read it!) I've just done this in case LastPass does in fact get sucky and I have to migrate.