LastPass is one of the most popular password managers around for both home users and business users alike. LastPass offers both free and paid options as well as a family group plan, and business plans.
LastPass has been in business since 2008 and is considered one of the original password manager companies. As a result, it is a feature-rich product that works across different platforms and offers excellent protection of your passwords. But how does it stack up against all the other password managers out there?
Let’s take a deep dive through all the features and see if this password manager can be considered one of the best.
Overall LastPass is a reasonably good password manager which rich features, strong security model and an easy to use interface. The limitation of 1 device type on the free plan is a weakness as well as low rated customer support reviews.
LastPass has many features in its stack and has become a popular password manager amongst home users and businesses. Here are some of the essential features and how they rank.
LastPass stores all of your passwords in a secure password vault. The password vault is like a safe for your online credentials. You can store passwords, notes, identity numbers, critical documents, and credit card information.
As you can imagine, the data stored in the password vault needs to be kept secure, so all of the information you store is encrypted with your master password. This password is only known to yourself and is not stored in LastPass’ servers. So no one can intercept your data, not even LastPass.
LastPass also supports importing existing passwords from your built-in browser autofill or another password manager.
The LastPass password vault is accessible over different devices, as we will see later. It is essential to have access to your password vault from any device and browser, so this is a great feature. But we must point out that since March 2021, the free edition of LastPass only supports access on one device type.
This is a significant issue and means the free version of LastPass can only be considered suitable for trial purposes. You will need to factor in buying the premium version of LastPass to access your passwords across multiple devices.
LastPass supports Chrome, Firefox, Edge, Opera, Safari, iPhone/iPad, and Android mobile devices.
LastPass provides the ability to fill in your login information and password automatically. Whenever you visit a website where you need to log in, you won’t have to type in anything. Your login details are automatically inserted into the login form. All you have to do is click the login button.
This feature is not limited to just passwords. You can also use it to insert addresses, credit card numbers, and more automatically.
Autofill works on mobile devices too. LastPass can integrate with the browsers on your phones, such as Safari and Chrome.
LastPass includes a handy password generator to make a strong password with your desired complexity requirements. You won’t have to try and think of a new password off the top of your head anymore. Just click the password generator, and you will get a complex random password that is unique to the website you are using it with. No more reusing the same password across multiple sites.
The password generator can make passwords based on whether you want something easy to say, easy to read, or just highly complex and hard to break.
Of course, it is better to always use a long password with letters, numbers, and symbols, but it is also good to have the feature to create customized passwords.
Although it is never good practice to be sharing passwords with other people, sometimes there are cases where it becomes necessary. You may need to share a password with a family member, friend, or business colleague.
So how does password sharing work with LastPass?
Firstly, when sharing passwords with others, it is crucial to ensure that the password is unique and strong. Never share passwords that you have used elsewhere, but hey, you already know that, right?
LastPass has an icon in their app that allows you to create a recipient if the user doesn’t already have a LastPass account. Then it is just a matter of sharing your account password with that person. Any changes to the password are automatically synced to the other person too.
The LastPass premium plan has a feature that allows you to share multiple passwords. You can create a Shared Folder to sync many passwords with one or more people. You can drag and drop new sites to the shared folder at any time, and they will sync to your shared people.
For businesses with teams of people needing to share passwords, LastPass has an enterprise option that provides more extensive password sharing features.
LastPass monitors your email addresses continuously against a database of breached credentials from the internet or the dark web. LastPass will send an alert to you if your credentials have been compromised. This is a very proactive feature that doesn’t require you to keep checking to see if your accounts may have been breached. LastPass monitors and alerts as soon as it detects a possible breach.
LastPass also monitors databases from the dark web to see if your credentials are being shared or sold to hackers or identity thieves. This adds another layer of protection, enabling you to react immediately should you receive an alert so that you can change your password.
Both breach monitoring and dark web monitoring are only available on the premium plan. The free plan does not provide any breach monitoring or alerting. The only option available for the free plan is the security dashboard which can tell you if your passwords are weak or reused.
Users on the free plan will need to use third-party apps such as Have I Been Pwned to check if a breach has occurred.
Another method of protecting an online account is multi-factor authentication (also called two-factor authentication or 2FA). 2FA is a feature that gives you a one-time code to use alongside your usual password. This could be an SMS code sent to your mobile phone or a code generated from a 2FA app.
Multi-factor authentication has become a very popular addition to securing important accounts such as online banking, medical records, or other sites with sensitive information.
Multi-factor authentication means that even if someone knew your password, they would not be able to log in without getting access to your one-time code.
LastPass can store your 2FA codes so that you only need to use one app to retrieve all of your multi-factor authentication codes. Using the LastPass mobile app makes this super easy to use 2FA where ever you are.
Plans and Pricing
Most password manager apps have a free plan to get you started. LastPass has a free option that includes most of the essential features, but one notable exception could be a deal-breaker for many people.
With the free version of LastPass, you are limited to using the app on one device type. This could be a desktop PC or a mobile device, but not both. If you decide to use the free version, you will need to choose which device you want to use.
LastPass does offer 30 days to try out the premium features. Otherwise, the free features include:
- Password vault
- Autofill Passwords
- Password generator
- Password Sharing (one to one only)
- Secure notes
- Multi-factor authentication
- Basic support (self-help and community only)
The premium plan gives you access to all the features, which is $3/month. Here are the additional features that you get with premium:
- Unlimited device types and device syncing
- File sharing (one to many)
- 1GB of file storage
- Security dashboard and score
- Dark web monitoring
- Emergency access
- Advanced multi-factor authentication such as biometrics
- Personal support (email)
LastPass also has a family plan available for those who would like to signup for additional family members. The family plan is $4 / month and comes with all the features of the premium plan plus:
- Up to 6 users
- Unlimited shared folders
- Family manager dashboard
Because LastPass is also suitable for businesses and teams, there are specific plans available to accommodate the needs of businesses. For businesses with 50 or fewer users, the team’s plan includes:
- Admin console
- Vault for every employee
- Password generator
- Autofill passwords
- Shared folders
- Security policies (up to 10)
- Offline mode
- Security dashboard
- Dark web monitoring
- Multi-factor authentication
- Self-guided support
The team’s plan is available at the cost of $4 per user per month.
For larger companies of 50 or more users, LastPass has a business plan that includes enterprise level features. The business plan includes all the features of the Teams plan plus:
- Advanced SSO & MFA
- Security policies (100+)
- Advanced reporting
- Admin controls
- Adoption dashboard
- Customizable user management
- Federated login
- API access
- Directory integrations
- Advanced multi-factor authentication options
- Authentication reporting
- SSO applications
- Customer success manager
The business plan is available at the cost of $6 per user per month.
Ease of Use
Let’s look at the application itself and find out how easy LastPass is to use, and the user interface on the Desktop and Mobile Apps. This is often overlooked but is an essential consideration, especially for those who may find using password managers complicated.
Desktop (Web Browser)
Signing up for LastPass is relatively straightforward and can be done straight from their website. Sign-up requires your email address and a master password.
You must remember your master password!
The master password must be at least 12 characters long and contain a number, lowercase letter, and uppercase letter. LastPass includes a field to add a password hint, and I recommend you use this.
It can be challenging to recover your password vault without your master password. However, if you install the mobile app, there is a feature to recover your account using fingerprint or Face ID authentication.
Once you complete the signup process, LastPass prompts you to install the desktop browser extension. The process may be slightly different for each browser, but it is straightforward.
After installing the browser extension, you can log in with your master password and access the password vault and other features. The user interface is friendly and easy to navigate around.
Overall, it is a positive, intuitive experience, and most users will be able to work their way through the installation without needing any assistance.
The LastPass web client includes an option to ‘show me around,’ which helps first-time users get an overview of how to get started with LastPass and set up their password vault. If this is the first time using LastPass or a password manager, I recommend taking a few moments to go through the tutorial session.
LastPass provides mobile apps for both iOS and Android devices. Just head over to your device app store, and you will find the LastPass app readily available for download.
The mobile app is equally as intuitive as the desktop app, easy to understand and navigate through. Once you log in with your master password, you can access your password vault and other features.
The mobile app has a nifty password generator similar to the desktop app and web client. This allows you to quickly create a new strong random password for signing up to a new account. You can easily copy the password to the clipboard and paste it into the password field on the signup page.
Overall the mobile app should be easy for most users to pick up, and using it should be a breeze.
What about if you are moving to LastPass from another password manager? How easy is it to import your existing credentials? Fortunately, LastPass has a vault import tool that supports importing from most popular password managers and web browsers.
Importing data can be done from either the web client or the browser extension. The import tool can be found in the Advanced Options of the navigation menu.
After opening the import tool, you can select a source from a list of supported password managers. Instructions may differ slightly depending on the source, but LastPass will provide on-screen instructions that you can follow to complete the import process.
The other important consideration is how easy it is to export your password vault if you later want to move to a different password manager? The answer is that yes, there is an export option to save your password vault to a CSV file that can be imported into your new password manager.
Being a password manager, as you would expect, LastPass applies a top priority to handling security. LastPass is very proactive in protecting its product from security incidents and is transparent in reporting data breaches. This is especially so, seeing as though LastPass suffered a security breach back in 2016, which we will talk about a bit more later.
LastPass uses a zero-knowledge security model. This means that sensitive data stored in LastPass is encrypted with AES-256 encryption from your device before sending it to LastPass. This protects your data from being decrypted in transit or at rest on LastPass’ servers. Only your master password can decrypt the password data and unlock the vault.
We are satisfied with the encryption and are confident that even if LastPass suffered a data breach, it would be nearly impossible to decrypt any data without knowing your master password.
Bug Bounty Program
LastPass participates in a bug bounty hunting program called BugCrowd, where white-hat hackers proactively attempt to hack into LastPass and disclose bugs to further protect and harden it from malicious hackers.
LastPass pays white hack hackers a lucrative bounty depending on the severity of the vulnerability that gets disclosed. This approach helps attract some of the best white hat hackers in the world to continue penetrating testing against LastPass’ products and servers.
This proactive method ensures that LastPass remains committed to high security and ongoing hardening even as the product matures with new features and refinements.
LastPass Hacked in 2015
LastPass experienced a significant security incident back in 2015 when hackers were discovered to have breached the network. The hackers accessed users’ email addresses, encrypted master passwords, and reminder words.
It is never good for a company to have the stain of a cyber breach in its history, but the incident has helped to increase the priority on cyber security for LastPass. As a result, the company made sweeping changes to its security model and hardened the product.
The attack reinforced that any company is vulnerable to being hacked, no matter how secure they think they might be. A company can never become complacent with its cyber security.
But equally, consumers need to ensure that they use strong, complex, and long passwords – especially for the master password.
Customer support is often overlooked when considering a product purchase, and the quality of a company’s customer support is often only noticed later on when support is needed.
Unfortunately for LastPass, their customer support is not rated very well. Review services such as Trustpilot show many negative reviews and comments that suggest their customer support is relatively poor.
There is no “real person” customer support for users on the free plan. Instead, users will need to rely on support articles and community discussion boards to get problems solved.
Phone and email support are only available for users on the premium plan or business plans.