Nobody can remember a strong, unique password for every website. That’s why we rely on a password manager to remember them all for us. But with most password managers, the first thing you do is create one super-strong password that protects all your other secure data. With LogMeOnce Password Management Suite Ultimate, the default login method is passwordless, using smartphone-based authentication. This excellent product has more features than any other password manager we’ve evaluated, many of them offered for an extra fee. The question is, do you need them all, and do you want to pay for them?
The service’s passwordless authentication is uncommon, but not totally unique. OneID authenticates based on your possession of a registered device. The free MyKi stores your passwords on a mobile device, and relies on possession of that device plus a PIN for authentication. True Key doesn’t eliminate the master password, but if you enable enough biometric authentication options, you can use them to reset a forgotten master.
I last reviewed LogMeOnce at version 5.2. In the current version, 6.3, its user interface has gotten a total makeover. The main dashboard is mostly whitespace, with the big message “Think Differently.” To the right is a circle of icons; you can put your own photo in the middle. The circle features these icons: Password Manager, Mugshot, Password Shock, Productivity Charts, Two-Factor Authentication, Secure Notes, Secure Wallet, and Anti-Theft.
I’m not sure I see the point in using only a third of the available space for that circle of icons. And I am disappointed to find that narrowing the window simply causes the entire display to shrink proportionally. But overall, it’s cleaner and elegant than the interface in the previous version.
Those eight icons orbiting your photo represent just a few of the huge selection of available features. Many more features are available from the Smart Menu, organized into Productivity, Security, Reports, and General. You can launch any of the almost two dozen features directly from the Smart Menu. Ultimate users can remove any of the eight orbiting icons they don’t use, and optionally replace them with any other icon from the Smart Menu. Users of the free edition don’t get this configuration option.
Speaking of the free edition, I should mention a possible confusing with the name. The full name of the free product is LogMeOnce Password Management Suite Premium. Yes, premium usually implies not free, but not in this case. The product covered in this review, the for-pay edition, is called LogMeOnce Password Management Suite Ultimate.
Pricier Than It Looks
At $39 per year, LogMeOnce is at the high end of normal for paid password managers. Dashlane costs $39.99 per year, but most competing products go for less. Sticky Password Premium and Keeper cost $29.99 per year, for example, while RoboForm and True Key are just under $20.
You do get 10GB of secure file storage at the base rate, but, as with Keeper Password Manager & Digital Vault, if you want more you must pay for it. At the 50GB level ($39.96 per year) you get Secure Drive, a fully manageable online storage drive. For 250GB, you’ll pay $199.92 per year.
The Password Shock feature (described below) comes with nine activations. Using it with no limits costs extra. Account Freeze lets you temporarily freeze account access, or lock it to your home IP address. I’ll describe these extra-cost add-ons in detail below.
Scheduled Login lets you specify roughly when you intend to log in again; a hacker who attempts login at any other time doesn’t stand a chance. This was also an extra-cost feature, but the company recently moved Scheduled Login into the base-rate Ultimate product.
At present, LogMeOnce offers two bundles. One includes the Ultimate edition plus enhanced Mugshot, Scheduled Login, and 10MB of secure file storage for $4.99 per month, which comes to $59.88 per year. Given that the 10MB of storage and Scheduled Login now come with the basic Ultimate package, this doesn’t seem like a great deal.
For $7.50 per month, or $90 per year, you can up the storage to 20MB and add Account Freeze and unlimited Password Shock. Those prices are way outside the password manager norm.
The page advertising the bundles does claim that you’ll save $263.24 by buying the bigger bundle. That figure made no sense to me until my contact at the company explained that the calculation assumes a five-year plan. But who buys a five-year plan?
As mentioned earlier, LogMeOnce Password Management Suite Premium is this product’s free edition. It is absolutely packed with features, perhaps overpacked. Rather than attempt to summarize, I’m sending you to read my separate review of the free edition. This review will focus on the expanded and additional features found in the paid versions.
Yes, paid versions. In between Premium and Ultimate, there’s a version called Professional. It has some, but not all, of Ultimate’s features. For other features, the difference is numeric. For example, users of the free edition can securely share five passwords, Professional users can share 30, and those using Ultimate have no limit. With Ultimate and Professional, but not Premium, you can set an expiry time for shares. This chart goes into the differences between the three editions in extreme, almost painful detail.
Many, many LogMeOnce features exist in both the free and paid editions, but with paid-only enhancements. I’ll run through those differences first.
As noted, Ultimate users can choose which features appear on the main dashboard screen. They also get nine activations of Password Shock, compared to three for the free edition. And where free users can securely share five passwords, there’s no limit for Ultimate users.
In addition to the dashboard and Smart Menu, a productivity dock appears at the bottom of most LogMeOnce windows. This dock gives quick access to over a dozen popular features, but only for paying customers.
The PhotoLogin feature lets you log in by snapping a photo and comparing the image with what you snapped. Free users just get the photo, while Ultimate users also get a collection of metadata including IP address, geolocation, and email address.
Ultimate includes two-factor authentication options not present in the free edition, including authentication using a special USB key. Unusually, LogMeOnce charges every time you use SMS or voice for two-factor authentication. In the US, each SMS authentication costs two credits. Those using the free edition must buy credits at $10 per 1,000. Ultimate users receive 50 credits every month at no additional charge.
With the free edition, as with most password managers, you can click to fill login credentials on a secure site, something the program refers to as Single Sign-On. Those running Ultimate can optionally enable Single Log-Out, meaning that when you log out of your LogMeOnce account it also logs out of those websites.
You can apply LogMeOnce’s password inheritance system to individual passwords or to your entire account. Free users can only define heirs for five passwords; Ultimate users have no limit. Likewise, free users can define a single heir for the account, while Ultimate users can define as many as they want.
There are other, similar distinctions between the free and Ultimate editions, but you get the idea. Once again, these are all features that you can get without paying, but that do more when you pay.
The idea behind Password Shock is that if you make the experience unpleasant enough, a person trying to hack into your account will go away and try a different target. The only reason these fight-back attempts are possible is that you can only log into a LogMeOnce account using the browser extension or mobile app. There’s no option to log into the password collection online, the way you can with LastPass, Keeper, Dashlane, and others.
There are nine levels of countermeasures, and by default, on each hack attempt LogMeOnce goes to the next (and more annoying) level. Users can see all of these on the Password Shock configuration page, and click a Play button to preview each.
At the first level, it simply states that authentication failed, and Password Shock protects the device. At the second level, it warns that it will capture the hacker’s photo, IP address, geolocation, and other metadata for use in legal action, and loudly announces, “Hey, are you trying to hack me?” The third level again displays a warning, this time with a loud, honking alarm. At the fourth level, it blasts loud music, and at the fifth level it visibly shakes the screen. If the hacker persists, subsequent levels vibrate a mobile device, flash the screen in Morse code, sound a siren, and so on.
Clearly someone had a lot of fun designing this feature, but I’m not sure that it adds security. I don’t have any figures on how often hackers attempt to break into a specific individual’s password manager account. The fact that logging in only works in the mobile app or browser extension in itself may be enough of an annoyance to send the hacker seeking password caches that have direct internet access.
Note, too, that this is an extra-cost feature, even for Ultimate users. You can enable a one-week trial, during which Password Shock will activate up to nine times. After one week or nine activations, the feature expires.
Account Freeze, also an extra-cost add-on, gives you several different ways to lock down your account. You can experiment freely with these during your one-week trial. Note that to enable this feature you must answer the security question that you created at installation.
If you choose to freeze all devices except the ones you’ve associated with the account, then nobody can log in with a different device. If you freeze all IP addresses except your own, then only devices within your local network can access the account.
There are also options to freeze the account until a specified date and time, or to freeze it until you actively remove the freeze. If you try to log into a frozen account, LogMeOnce sends you an email or text with a time-limited link that lets you reset the freeze by answering your security question.
My contact at LogMeOnce points out that when the account is frozen, the program does not even attempt authentication with the server. This means hackers can’t effectively DDoS the server by pounding it with authentication requests.
I looked and looked for the Scheduled Login feature, but it wasn’t anywhere in the Smart Menu. Turns out, it shows up at the time you log out, offering to book your next login time, with a plus-or-minus tolerance of five, 15, or 30 minutes. As with Account Freeze, you must answer your security question to invoke this feature.
If anyone tried to log in outside the specified timeframe, LogMeOnce displays a warning. If you need to break the freeze yourself, you can have it send an email to your account on record. From within the email, you click a time-limited link and supply your security answer to break the freeze.
This sounds a bit awkward, but remember that if you log in during the time window you specified, you won’t see or do anything differently
Similar to PhotoLogin, Selfie 2FA snaps your picture from the device you’re logging into and sends it to your mobile devices. If you get a Selfie 2FA notification that you don’t recognize, just deny access.
Of course, not every device has a camera. In that case, you can make use of the visual one-time password. If the visual OTP on the device that’s logging in matches the one on your mobile device, all is well.
The product’s documentation states that this technology is smarter than facial recognition, because it puts you, the human, in charge of doing the recognizing. I can’t say I buy that argument. In fact, I don’t see this technology as more valuable than simpler smartphone-based two-factor options—snazzier, yes, but not more valuable.
Emergency Access With Photo
As noted, you can securely share any of your saved passwords with another LogMeOnce user, and you can identify as many beneficiaries as you like to receive account access in the event of your untimely demise. Emergency access with photo is, by definition, for emergencies, situations where you haven’t yet set up any kind of sharing.
To invoke this feature, the person wanting access must go to the LogMeOnce login page, choose PhotoLogin, and click the Emergency Access link. The requestor enters your email, and LogMeOnce sends you a photo along with geolocation and IP address. Or rather, it instructs the requestor to install the browser extension and try again.
I found that when I launched the extension, the Emergency Access link didn’t appear. I had to go back to the login web page. I don’t know if every user would figure out this step.
I couldn’t get my physical all-in-one Windows desktop PC to send a photo, for reasons I couldn’t determine. But it did send a map location and details like the IP address and physical address of the requesting system.
Device Management and Anti-Theft
When you open Device Management, you get a list of all devices associated with your LogMeOnce account. For each device, it lists the operating system version, the last time it was active, and the current location, as well as the date the device first joined your account. Here you can control which of your mobile devices receive notifications for passwordless login. And if you lose or replace a device, you can remove its access.
When you click a device, you see its location on a built-in map. Or rather, you should see the location. In my testing, it reported two devices at the same location, about a block away from my actual location. It reported another about three miles away, in the center of town. For yet another, it reported no location available. This kind of geolocation is more common in mobile parental control and security utilities. In my experience these almost always report the location more precisely.
For iOS devices, the map is just one of three tabs. On the Details tab you can view a ton of information about the device, from the processor speed to the iOS version to the available disk space. It’s not clear to me how these details relate to password management. You can also send two types of command. If you mislaid the device, you can send a message, which will show up as a notification. You can also send a Kill-Pill, a command that wipes all LogMeOnce settings. With Android, you get one more tab that lists all installed apps. Again, I don’t see the connection between the app list and password management. On Android, the Commands tab adds the option to make the phone ring loudly, lock it, or lock it with a password.
The Anti-Theft component is very similar to Device Management, but without the list of devices. It simply displays a map, with the location of your devices marked. You can click on the icon for a device and remotely log out. In truth, I see no point in separate components for Device Management and Anti-Theft. In fact, the actual anti-theft commands such as ringing the device, sending a message, or wiping all LogMeOnce data appear in Device Management.
About That Security Question
Back when you first created your LogMeOnce account, it prompted you to choose a security question, and answer. The security answer is extremely important, just as important as a master password. You must supply the answer to add a new device, to end Account Freeze, and to override Scheduled Login, just to name a few uses. A hacker with access to your email account and security answer could nullify most of LogMeOnce’s fancy security features.
That being the case, you must absolutely reject the built-in questions. Anybody can find out your mother’s maiden name, or the city where you were born. Instead, choose the option to type your own question and answer. Make it something nobody else would know or understand, but that you won’t forget. Or offer an answer that’s totally false, but again, something you won’t forget.
The Question of Complexity
In my review of the free LogMeOnce Premium, I noted that the product’s feature set goes way, way beyond basic password management. The company touts 21 features not found in any competing product, but that doesn’t necessarily mean the other products are lacking. And tracking how the 46 program features listed on the pricing and comparison page line up with three different program versions (Premium, Professional, and Ultimate) is enough to make your head spin.
I’m also a bit disturbed by the fact that the Ultimate edition just isn’t ultimate. It doesn’t include all features. I have no problem with charging for secure online storage, since that requires the company to maintain storage servers. But why should there be an extra charge for Password Shock, or Account Freeze?
Then there’s aesthetic complexity. Where many password managers keep the user interface muted and professional, LogMeOne is a three-ring circus. A big-nosed cartoon dog appears with several types of notifications. A scary red-and-black android presides over Password Shock. When you use Account Freeze, you make your choices against a background photo of an ice queen blowing snow. Productivity charts add shapes and colors, but I don’t see much value for the average user. And then there’s the dock at the bottom of almost every screen, with its collection of expanding, multi-colored icons. It is a matter of taste, of course, but I strongly prefer a user interface that’s businesslike, not just busy.
Keep It Simple
In previous reviews of the free LogMeOnce Password Management Suite Premium, we were dazzled by the sheer quantity of features in a free product; we rated it a five-star Editors’ Choice. More recently, we’ve come to appreciate password managers that do everything necessary, including advanced features like secure sharing and password inheritance, with minimum fuss, so Premium dropped to 4.5 stars, leaving LastPass as the Editors’ Choice for free password manager.
Previously we rated LogMeOnce Password Management Suite Ultimate at 4.5 stars, lower than the free edition because it didn’t add enough value for the price. The current edition has brought in many new features, but full access to all of them comes at a price higher than any competitor. Additionally, we’re not convinced these elaborate features add value that merits the high price. Some users will revel in the cornucopia of features, and for them it’s a great choice. But, while it is an excellent piece of software, we no longer rank it as a general-purpose Editors’ Choice.
Dashlane and Keeper Password Manager & Digital Vault include all the expected basic and advanced password management features we consider important, and they do so unobtrusively. Keeper in particular looks and acts almost exactly the same across all platforms. These two are Editors’ Choice password managers. Sticky Password Premium is also an Editors’ Choice, but we’ll be looking closely at complexity when it next comes up for review.
This Content is Generated from RSS Feeds, if your content is featured and you would like to be removed, please Contact Us With your website address and name of site you wish to be removed from.
You can control what content is distributed in your RSS Feed by using your Website Editor.