• expired

12 Month LastPass Premium Membership $6 USD (~$8.13 AUD) (Was $24 USD) @ Humble Bundle (New/Existing Users)

3780

Greetings everyone, this seems like a great deal for LastPass premium, a deal hasn't popped up for quite a while and it's a great app to collate/protect passwords!

This is available for existing and new users, so good if you've used a free trial previously or have an existing subscription.

These codes are stackable for multiple years, I noticed people over at SD have been able to redeem upwards of 3 years.

Codes redeemable until September 1, 2018. 12 months subscription starts from the date of activation.

Also receive an extra 10% off if you're a current HumbleBundle subscriber, thanks to gorillainwild.


6 Months Free Premium for Students:

Thanks to djprima, students can also get 6 months free premium by putting their student email (.edu) in HERE.


Description:

Solve all your password problems.
Stop wasting time on passwords. Only remember one master password, and keep the rest locked up and easy-to-find in LastPass.

Fill every password automatically.
Work faster and smarter, and get convenient access to your passwords, anywhere. No matter what device you use, your passwords are always there.

Fortify your passwords.
Only you know your master password, and only you can access your vault. We protect your data at every step. That’s why millions trust LastPass.


Premium features:

  • 1GB encrypted file storage
  • Priority customer support
  • Extra security with Premium two-factor authentication (YubiKey and Sesame)
  • Desktop application logins (with LastPass for Applications)
  • Desktop fingerprint identification
  • An ad-free vault

As always, enjoy!

Credit: SlickDeals

Referral Links

Humble Choice: random (383)

Referrer receives $11 AUD in Wallet Credit for the first 30 brand new subscribers that signup for Humble Choice after clicking on a referral link.

Related Stores

Humble Bundle
Humble Bundle
Marketplace
LastPass
LastPass

closed Comments

  • For $8.49 you get Safe in Cloud forever here

  • I have been using the free version in multiple devices including desktop and mobile for a while now. IT has been great.

    Only premium feature I thought would be good is the password sharing (Family sharing) option.

    • Premium is also required if you want to just use LastPass extension in a browser e.g. Dolphin (and not have a full app running (floating) in the background.

      • Im using the extension on the free version. Not sure what you a referring to?

        • Me too. I mean on desktop Chrome/Firefox browser. On android it just autofills passwords for all apps.

        • I was referring to browser extension on Android phones.

        • @batrarobin:

          Don't know why everyone is negging you.

          Lastpass on Android is now a stand alone app that auto fills all Chrome/Dolphin.

          Firefox Lastpass Extension for Android is no longer supported and Lastpass Extension for Dolphin requires a premium subscription.

          I prefer the lastpass extension for Dolphin but I am such a tight arse I won't fork out $8usd…

        • @R3XNebular: Because people are stupid and don't read the entire sentence.

          They read "Premium is also required if you want to just use LastPass extension in a browser…" and smash NEG

        • @R3XNebular:

          From what I can see, it wasn't unreasonable for what he said to be interpreted as either desktop browser or mobile browser, and people responding saying "this is not true for web browser".

          For this reason, I don't think it's unreasonable that people hit neg to basically say, "nah, this isn't quite right".

          Note: I didn't neg. Just sharing my $0.02.

        • @R3XNebular:

          Lastpass on Android is now a stand alone app that auto fills all Chrome/Dolphin.

          Could you please explain why would you need separate plugin for each browser in Android when there is a dedicated LastPass App to autofill all apps and browsers? any benefit other than LastPass running always on the background, which you need in order to autofill apps anyways?

        • @dealspider: Because I wouldn't want the Laspass app to run in the background and hover over all other apps, I personally find it a bit invasive and annoying when you are trying to type something in the apps. I like it better as a browser extension Because that's when I need it the most and I can call upon it when I want it. Each to its own I guess.

        • @batrarobin: I get it. Though I prefer the LastPass app to fill all my passwords

        • @dealspider:

          I prefer the dolphin extension as it seems to autofill successfully 99% of the time. The last pass stand alone app works roughly 80% of the time. The last pass app hovers above and in many situations I have to hit copy user name and copy password to paste it in. The dolphin extension would just work… I might actually fork out the $8usd…

      • Not the case at all.

        • I believe that was the case, but has changed in the past year or two since the LogMeIn takeover.

  • Ive been using the free version for a while as well. Love it. Bought it just to give something to the developers. Not sure il use any of the premium features.

  • Good one. I only managed to buy 2 though. The third order got cancelled.

    • Managed to get the third order through by using a different payment method.

      First 2x was on card, third on PayPal.

  • 10% off if you are a Humble Monthly subscriber.

  • If you don't need a cross-device solution, keepassxc is free.

    • Last pass is free, and is cross device.

      • Agreed, but some may prefer to store their database locally for security, and keepassxc is free and ad-free, quite well regarded but not ideal for cross-device (without dropbox syncing setups or similar).

        • Last pass is also ad-free, has more features, cross-device, and does not require your own database storage which is a benefit for most due to basic info sec principles, mostly availability and security against compromised accounts/systems.

      • KeepassXC is free software though, lastpass is a service.

        • Yep, so added availability and maintenance on their end that you don't have to manage! Which often means more secure.

        • @OnlinePred: Yeah.

          https://www.theregister.co.uk/2017/03/21/lastpass_vulnerabil...

          https://labs.detectify.com/2016/07/27/how-i-made-lastpass-gi...

          https://www.wired.com/2015/06/hack-brief-password-manager-la...

          I prefer software which allows me to audit the code myself.

          But I do recommend lastpass to those who are less tech savvy. It requires some skills to manage, backup, etc.

        • @idonotknowwhy: By tech savy, you mean IT admin? I'm a dev and have my own servers, no way am I storing this on them. No way would I audit code of an app myself lol, I got a life….

          Also this might be difficult to come to grips with, but lastpass has publicised every breach they have had. Just wondering how many users of keepass have experience breaches and publicised it. Also have you had any breaches? How do you deal with breaches?

          If you think KeePass has had no attacks/breaches, you are actually kidding your self.

        • For lastpass to have publicised every breach, they first need to be aware of the breach.

          What breaches of keepass are you referring to? Do you mean when a user loses both their local database and also their keys? In what scenario would that need to be publicised? If a vulnerability is found in the app or in one of the extensions which leaks passwords, I would have more faith in that being publicised than a leak in lastpass.

        • @OnlinePred: > Also have you had any breaches?

          None related to password management.

          How do you deal with breaches?

          Also this might be difficult to come to grips with, but lastpass has publicised every breach they have had.

          Yeah I know, I just linked to 3 of them. Companies like this are required to disclose such breaches.

          No way would I audit code of an app myself lol, I got a life….

          I didn't say I audit the code myself, prefer software which allows me to audit the code myself ;)

          By tech savy, you mean IT admin?

          BY non-tech-savvy, I mean people who aren't interested in / don't want to know about computers. I know plenty of people outside the IT industry who are happy with keepass. For everyone else, I strongly recommend lastpass, rather than passwords like TheH0n3y$ being re-used everywhere.

        • @josho9: > I would have more faith in that being publicised than a leak in lastpass.

          Yeah, it looks pretty bad when companies try to cover up obvious breaches or blame it on the users:

          https://www.reddit.com/r/teamviewer/comments/5us6th/has_team...

        • @idonotknowwhy: Hahahaha! So you prefer open source because you COULD audit the code, but you woudln't LOL.

          I used to use keepass back in win CE days, even wrote an app on Win CE to help out. I gave up when LastPass came out though, they offer everything I need, and through all the breaches, I haven't been affected as I followed their guidelines. I have introduced last pass to my whole family, who have easily taken it up, installed browser extensions, mobile apps etc.

          The point I was making about breaches, is you don't know if you have been breached, your server or link has been breached, and you also have to manage security on the box you store the db on. Having been in the industry, IT folk generally think the more hands on they have, the more secure, but this couldn't be further from the truth.

        • @OnlinePred:

          Hahahaha! So you prefer open source because you COULD audit the code, but you woudln't LOL.

          Yeah, I like that I; or anyone else, could audit the code. There won't be any bitlocker-style backdoors or crypto-exchange style "exit scams".

          I store some important things in my password manager, I'll probably find out within seconds when/if it gets compromised by any half-decent hacker).

          Having been in the industry, IT folk generally think the more hands on they have, the more secure, but this couldn't be further from the truth.

          I couldn't agree more with you here. I know people who run their own email servers and just leave them running without maintenance for years. A small .kdbx file and keeping 1 piece of software up to date isn't that difficult though.

        • @josho9: Hey mate, no, I'm referring to the point that for keepass breaches to be publicised, users would have to do it as it's on them. This doesn't happen. So in reality there are probably far more breaches made to keepass that goes unnoticed and unpublished.

        • @OnlinePred: Sorry, I'm still not understanding what kind of breaches you are referring to. There can't be a breach in the traditional sense as the data is not stored centrally. If the database or contents are compromised, I think that is just as likely to be identified by users on keepassxc as on lastpass because enough users use random passwords and catch all email addresses to work out that the only source of a compromise is their password manager.

        • @josho9: your assumptions are too generous

  • Been using KeePass as my free password manager.

    Only tried LastPass very briefly but from memory, KeePass is better. LastPass has a better user interface though.

    • KeePass has browser integration, phone integration, auto fill in android, and family support?

      • Lack of browser integration and cloud access are features in my mind - the browser is the largest attack vector for anything to go wrong. I mean, how many addons/plugins do you use in your browser, and do you trust every single one of them? Do you trust every single website you visit not to exploit some 0day exploit?

        I use KeePassDroid on Android, together with file syncing over ssh to ensure it stays up to date between my PC and phone.

      • Yes to all of that, and as an added bonus it's open-source and you control where your database file is stored.

        • My understanding was that you need third party tools to fill the void - and assume that the third party tools are not siphoning data/and they are secure also.

      • browser integration,

        Via plugins

        phone integration

        Yep

        auto fill in android

        Well it creates a 'keepass' keyboard which I toggle too, which lets you paste any of the attributes directly into a field

        family support

        Not really

        I sync .kdbx database via Dropbox

        Keepass is opensource and available on basically every platform (and easy to port/compile onto others). That said, I recommend lastpass to non-tech-savvy people, keepass requires some skill to manage.

        • Dropbox is another attack vector you are introducing. Having a third party keyboard in android is another vector and not convenient as android has auto-fill built in that lastpass supports. Family support is good for sharing common logins like utilities etc.

          Just keep in mind, that Keepass requires ongoing maintenance, rather lastpass does not. You need to insure that your dropbox security is high, that no breaches occur on dropbox (which they have many times), any porting or compiling can introduce more opportunities for mistakes/oversights etc etc. So although managing everything yourself might seem more secure, rarely it is.

        • @OnlinePred: Yeah, password distribution is an issue with keepass and I don't have any good solutions for it.

          Having a third party keyboard in android is another vector and not convenient as android has auto-fill built in that lastpass supports.

          Does it work for every app? eg. cryptocurrency wallets? The keyboard is part of Keepass2Android.

          You need to insure that your dropbox security is high, that no breaches occur on dropbox

          If such a breach occurs, they'll have to decrypt the AES encrypted database file with a >30 character passphrase.

        • @idonotknowwhy: The point is that your dropbox could be hacked. Part of information security is availability, and if you can't access your passwords, then that's a risk.

          Android auto-fill is an api, so if the password manager app supports it, it can fill any form that is setup correctly. I haven't found an app that it doesn't auto fill.

          I understand the keyboard is part of keepass, but just saying it doesn't get around many security concerns, and just makes things a little less user friendly.

        • @OnlinePred: keepasxc has a key file so even uploading the .kdbx database is fine provided they key file is not spread.

        • @OnlinePred: Cool, I'll give it a try. keepass2android supports it on Android 8+

        • @1Cawk: Yes but if you can't access the database at all, what will you do?

        • @OnlinePred: "android has auto-fill built in that lastpass supports."
          This is supported by Keepass too https://play.google.com/store/apps/details?id=keepass2androi...

    • Kaspersky have already sold data. Also I prefer to buy specialised apps, rather than a generic app to fill a void in product offering.

      There are no recorded breaches on laspass. I'll ask again, does Kaspersky password manager offer browser integration, phone integration, auto fill in android, and family sharing support? Where is the company and data stored? Russia? What data and information laws do they impose on privacy?

      • Also I prefer to buy specialised apps, rather than a generic app to fill a void in product offering.

        +1

        Spotify > Google/Apple Music
        Netflix > Amazon Prime
        Dropbox > Onedrive
        Fastmail > outlook.com

        • Dropbox > Onedrive

          I kinda feel Onedrive is better than Dropbox? Dropbox have stagnated, but they were the best option at the time when the other guy's hadn't picked up their game.

          Fastmail > outlook.com

          Some info about Fastmail for others who also have no idea what it is.

          So you can use this service to log into your hotmail, Gmail and manage it all in one application..? Isn't outlook.com purely for one email address at a time? Only way you can login more than one is if you use an extra browser or incognito?

          I have a feeling I'm misunderstanding what this is lol

        • @illumination:

          https://www.theregister.co.uk/2017/03/23/microsoft_onedrive_...
          https://www.reddit.com/r/linux/comments/6xgivq/is_there_a_on...

          They've got a long way to go before I'd consider it usable

          For you can use this service to log into your hotmail, Gmail and manage it all in one application..

          Fastmail is an email provider, similar to Gmail, Hotmail, Yahoo!, etc but it's not free (around $60 / year last time I renewed).

          I find it works better than other providers across multiple devices, particularly over a VPN. And of course with unlimited aliases, you can have 1 email address per online service.

        • @idonotknowwhy: How is Fastmail better than Gmail..

        • @raven2000: Gmail is free … Fastmail is not. Nothing in life is free. I'll let you do the math :)

        • @raven2000: It depends on how you want to use it. I'm not going to compare 'ads vs ad-free' or 'use your own custom domain' since Gmail offers these features in paid tiers equivalent to fastmail. These are the advantages for me:

          1. No Captcha codes when using a VPN.
          2. Much more reliable IMAP support across different clients on different platforms.
          3. The web interface is a lot cleaner and responds faster than that of gmail.
          4. Not blocked in China (I have to travel there from time to time)
          5. Easy to manage different email addresses per website (if you use lastpass, you'll probably already know why this is important)

          Personally, I find that fastmail.com provides a better email experience than gmail.com. That's all it provides though. An obvious disadvantage for many people would be the lack of all the google apps like chat, keep, docs. Fastmail pretty much only does email and calendar, that's it.

          Additionally, the gmail app on Android is pretty fantastic for most people.

          I use Aquamail (paid for it) with fastmail.

        • @idonotknowwhy: Alright, thanks for the info! A few valid points there I can't deny.

          Can you explain this one "Easy to manage different email addresses per website" ? I use Bitwarden and previously used Keepass.

        • @raven2000: AFAIK, Fastmail don't index your mail and run ever-more creepy processes over the results to send you ads, allow their partners to send you ads, and concoct ways to control your daily Internet experience without you knowing what they are actually up to behind the scenes

      • Not true that LastPass was never vulnerable…

        The LastPass security breach: What you need to know, do, and watch out for
        https://www.pcworld.com/article/2936621/the-lastpass-securit...

        LastPass warns users to exercise caution while it fixes 'major' vulnerability
        https://www.theguardian.com/technology/2017/mar/30/lastpass-...

        LastPass security flaw could have let hackers steal passwords through browser extensions
        https://www.theverge.com/2017/3/22/15023062/lastpass-securit...

        Wikipedia:
        Security issues
        2011 security incident
        On Tuesday, May 3, 2011, LastPass discovered an anomaly in their incoming network traffic, and then another similar anomaly in their outgoing traffic. Administrators found none of the hallmarks of a classic security breach (for example, database logs showed no evidence of a non-administrator user being elevated to administrator privileges), but neither could they determine the root cause of the anomalies. Furthermore, given the size of the anomalies, it is theoretically possible that data such as email addresses, the server salt, and the salted password hashes were copied from the LastPass database. To address the situation, LastPass decommissioned the "breached" servers so they could be rebuilt and, on May 4, 2011, they requested that all users change their master password. However, the resulting user traffic overwhelmed the login servers and, temporarily, administrators were asking users to refrain from changing their passwords until further notice, having judged that the possibility of the passwords themselves being compromised was trivially small. LastPass also stated that while there was no direct evidence any customer information was directly compromised, they preferred to err on the side of caution.[22][23]

        2015 security breach
        On Monday, June 15, 2015, LastPass posted a blog post indicating that the LastPass team discovered and blocked suspicious activity on their network on the previous Friday. Their investigation revealed that LastPass account email addresses, password reminders, server per user salts, and authentication hashes were compromised. LastPass encrypted user vault data were not taken in this incident. The blogpost was quoted as saying, "We are confident that our encryption measures are sufficient to protect the vast majority of users. LastPass strengthens the authentication hash with a random salt and 100,000 rounds of server-side PBKDF2-SHA256, in addition to the rounds performed client-side. This additional strengthening makes it difficult to attack the stolen hashes with any significant speed."[24][25]

        2016 incidents
        In July 2016, a blog post published by independent online security firm Detectify detailed a method for reading plaintext passwords for arbitrary domains from a LastPass user's vault when that user visited a malicious web site. This vulnerability was made possible by poorly written URL parsing code in the LastPass extension. The flaw was not disclosed publicly by Detectify until LastPass was notified privately and able to fix their browser extension.[26] LastPass responded to the public disclosure by Detectify in a post on their own blog, in which they revealed knowledge of an additional vulnerability, discovered by a member of the Google Security Team, and already fixed by LastPass.[27]

        2017 incidents
        On March 20, Tavis Ormandy discovered a vulnerability in the LastPass Chrome extension. The exploit applied to all LastPass clients, including Chrome, Firefox and Edge. These vulnerabilities were disabled on March 21, and patched on March 22.[28]

        On March 25, Ormandy discovered an additional security flaw allowing remote code execution based on the user navigating to a malicious website. This vulnerability was also patched.[29][30]

        Honestly, I'm not sure if buying a product from a "specialised" company without a background in security is better than buying a product made by a recognised security company. That depends on the companies, I guess… I am NOT saying that LastPass is not good, just balancing the arguments.

        The company that bought LastPass (LogMeIn) seems to be a pretty solid company that also focus on different segments, not only LastPass.

        • I don't know if you know how software works, but there are always vulnerabilities. At least last pass publicised them. That's the point. Kaspersky has a background in selling data, and covering up breaches. So really not sure what you are trying to get at here? The more flaws that are found and fixed the worse? Or the more coverups and selling data the better?

        • @OnlinePred:

          I'm not saying Kaspersky is better or worse, honest or not. No, the point is that you wrote "There are no recorded breaches on laspass" and that is not correct.

          First, you say that there were NO breaches and defended that as something very positive, and now that I listed a lot of known breaches you are trying to minimise them saying that "there are always vulnerabilities". Of course, accepting and publicising the problems is honourable (and the best way to manage the issues) but again that's not the point. Following their example, you should just have accepted that your statement was wrong instead of covering up and being contradictory … :)

          Meanwhile, I got my 6-month premium licence and will try LastPass.

    • Because then you're probably using the same set of passwords for everything. Password Managers randomise password generation so it's basically a mess of letters/numbers/symbols in upper and lower case making them much harder to crack. With integration into browsers and the OS, they're pretty much a no brainer these days.

      I personally resisted switching over for years, but when I did I wondered why I didn't do it sooner.

      • ^ this. Generic and weak passwords don't cut it. People duplicate there passwords many times over. It only takes one website to be breached and your password might be known. Better hope that password doesn't access important stuff like emails

        • To add to this the Security Challenge feature is really good. It will also check if any of your accounts have been compromised in known breaches and also it will check for weak passwords, re-used passwords, and in some cases help you to auto-change them.

    • +2 votes

      Thats what postit notes for for