Password Manager Review: LastPass
LastPass’s name gives a pretty clear idea as to what the password manager wants to achieve, namely, to be the last password tool you’ll ever need. When we last checked in, the service stood out thanks to its feature-laden free version, however, this was reformatted in March of 2021. Now, LastPass needs to measure itself against all of the other premium services on the market. Below, we'll let you know how the password manager fared!
What Is LastPass?
LastPass is a freemium password manager that saves passwords in a secure vault, protecting them with a single, high-strength, encrypted master password. The service is available as a browser extension for Chrome, Firefox, Edge, Opera, Safari, and Internet Explorer, and as a mobile application for Android and iOS devices.
We tested LastPass on Windows and Android.
Pros and Cons
Easy and intuitive to use
Practical security test for checking all passwords
Provides multi-factor authentication compatible with many authenticator apps
Free version limited since 2021 to one device type
No desktop app
Installation & Usage
Registering for and configuring LastPass is a walk in the park. To get started, you'll need to create an account and set your master password, which will be the last password you'll ever need for entering your vault. This will need to meet the service's minimum requirements (at least 12 characters, 1 number, 1 upper case, and 1 lower case letter).
Select a secure master password that you can easily remember.
While most password managers are built around their desktop versions, LastPass is browser-based, which has advantages and disadvantages. One of the former is that your password vault, in which all of your data sets are stored, is only ever one click away in your browser, and you won't need to install software updates to use it. Another is that the operating system you use doesn't matter. All the same, sometimes, it's more convenient to not have to open the program in the browser or be able to use the service offline.
Should LastPass not be the first password manager you've used and you have data sets stored elsewhere, you can import these by clicking on Advanced Options > Import, and select from a number of different CSV files from other password managers.
You can import data sets that you've saved elsewhere.
Installing LastPass is easy and straightforward. Some users might be confused as to why there’s no desktop app after installing the app using the installation file, but that's just one of the service's quirks.
Everything in the Browser
With LastPass, your password hub is comprised of two components in the software's user interface. You'll likely use the browser extension most since this handles autofill and provides you with quick access to your data sets. In your vault, which you can access via a link in the extension, you can manage entries and change advanced settings. Below, we'll briefly explain what each offers.
LastPass's browser extension is a mini version of your web vault, making it somewhat more feature-laden than what other password managers offer. It doesn't only provide quick access to saved data sets for a website, but everything that you've stored. Navigation is greatly facilitated thanks to the practical search feature.
The LastPass browser extension includes all of your entries and a practical password generator.
The password generator, which you can use to automatically create secure passwords, is also located here. Should you want to access the security dashboard, you'll be forwarded to the Web Vault.
The LastPass Vault
Via the ‘Open my Vault’ submenu, you can access the second LastPass component, namely, your vault. There, you’ll be able to adjust more advanced settings and access additional features, such as the security test, which you can use to probe your passwords for vulnerabilities.
The LastPass Vault is neatly arranged, intuitive to use, and easy to navigate. To the left, you'll find a menu bar where you can jump between the different types of data sets and features. Entries are displayed either in lists or tiles and can be grouped into user-specified categories.
In LastPass's vault, you can manage all of your data sets.
We weren't particularly impressed with the options LastPass provides for arranging data sets: Sub-folders can't be created, and each category is a data set type, meaning that the categories you create for passwords are also the same as for notes, which is somewhat unnecessary. Additional options for organization, like tags, aren't included. Beyond that, LastPass could make more of an effort to display logos for individual entries, since this would make the tile view more accessible.
On the plus side, LastPass does offer more flexibility in terms of entries: You can set autofill for each entry, require that the master password be input before doing so, or add user-defined form fields. Under account settings, it's possible to fine-tune the software to your liking, set rules and exceptions for URLs, and add multi-factor authentication.
Thanks to the user-defined fields, you can arrange your entries to your liking.
Overall, LastPass is easy to use and well-organized, even if the way that data sets are grouped could have been better thought out. Some users might miss the presence of a desktop version. Since there's a web app, you'll also have to occasionally contend with longer (or shorter) loading times.
Score: 4 / 5
LastPass covers all the basics while also providing a number of extra features, some of which aren't included by other password managers.
The browser extension's password generator creates passwords in accordance with your length, character, and complexity preferences. Whenever logging into a new website, simply copy the correct password into the form, save your entry, and you'll never need to manually enter that password again. Unfortunately, the password generator is unable to create passphrases.
The password generator allows you to automatically create highly secure passwords.
LastPass's security test vets the general security of your passwords, also letting you how many of them are in danger of being compromised, and should be changed immediately. After you've seen where you're exposed, it's possible to swap out compromised passwords. For some websites, like Facebook or Reddit, these can be altered with a single click and without closing LastPass. For other websites, however, you'll need to manually change passwords on the website in question.
You can keep tabs on the security of your passwords and update compromised passwords in the security dashboard.
LastPass's autofill makes it possible to automatically complete login, contact, and payment forms. Once the browser extension identifies an input field, a LastPass icon will appear. You can then click on this to open the entries saved for that site or service. During testing, LastPass proved itself to be completely reliable, not suffering from any lapses or issues. On top of this, new login data is automatically saved.
Autofill works excellently with LastPass.
You can share passwords, either individually, or in groups, with other LastPass users in the sharing center. When doing so, you have the ability to allow others to use these passwords, or to be able to see them. Only Family subscribers can share entire folders.
Want to share access to your Netflix account with your friends or family? In LastPass's sharing center you can.
This premium feature enables you to set an emergency contact for your account and give a person you trust access to your vault. Many people worry about what happens to their digital profiles following their death. To address this, LastPass supplies premium users with the ability to create a digital will. This entails every important piece of data and your passwords. Thanks to these features, you can rest assured that your information remains safe but accessible in the event of an emergency.
In our opinion, LastPass's emphasis on the basics pays dividends, and the service impresses with its easy-to-use and powerful tools.
Score: 4.3 / 5
LastPass saves passwords using AES 256-bit encryption, which, as of the time of writing, is considered to be the most secure standard publicly available. Like many of its competitors, the app’s security model is based on the zero-knowledge principle, and as such, your master password is neither saved nor transferred. If LastPass doesn’t know the password and has no access to your data, neither does any potential hacker. Your data is encrypted/decrypted on the device level before being synchronized and securely saved with LastPass.
Multi-factor authentication, via authenticator apps or USB and card reading devices, can be enabled to provide an additional layer of security.
You can tighten up access to your LastPass vault with 2FA.
Resetting passwords creates the biggest security vulnerability we could ascertain. Should you have lost or forgotten your master password, LastPass offers a few options to regain access. When creating your account, you can include a security question that will be sent to your email address in the event of a lost password. Recovery is also possible via one-time passwords, facial recognition, or fingerprint scan.
Security experts have uncovered a number of other weaknesses with LastPass: Tavis Ormandy, a white hat hacker, twice exploited security deficits in LastPass's browser extension. Even though LastPass immediately rectified these and has been transparent, password managers shouldn't suffer from such weaknesses in the first place.
Score: 4 / 5
The LastPass app is available for iOS and Android devices. After setting up your account and signing in for the first time, you’ll need to unlock your device via email and confirm your location.
The app's menu is arranged similarly to that of the browser extension, making it easy to quickly find any feature that you're looking for. It features its own browser, and by tapping on an entry, you can open any link directly in the app.
Autofill in the mobile app, whether with the integrated browser or Chrome, is as reliable as on the desktop. During our review, the LastPass icon appeared quickly, and only on a few occasions did we need to tap the input field a second time for it to display.
LastPass's mobile app provides a reliable password manager companion for on the go.
If desired, to avoid constantly having to input your master password, you can unlock the app using your fingerprint. Of course, you'll have to decide whether this conforms to your security standards.
Score: 4.7 / 5
LastPass's support center serves up a nice selection of articles with screenshots and links, video guides, and a forum. The integrated full-text search facilitates navigation.
In order to get direct support from LastPass, you'll need to dig a bit. At the bottom of some help articles, you'll find a link to get in touch with support. LastPass doesn't offer a live chat, with the "chat" only putting you in contact with a bot that won't forward you to humans.
LastPass's support center is well-stocked, however, its live support could do with a bit of work.
Response times vary depending on demand, but we received a response within around 28 hours. Our query, which we had sent in German, was answered in English and not to our satisfaction. Only after posing a question in English did we get an informative answer.
LastPass has a nicely stocked help center but could do with a bit of work when it comes to live support.
Score: 3.7 / 5
In the past, LastPass was particularly appealing owing to its generous free version. Unfortunately, in 2021, this was changed and the free version was limited in terms of features. You can still sync data between devices, but only across one type.
This means that free users of LastPass can use the service either on their computer or their smartphone. You can change the device type, but comfortably using these on both types isn't possible. This differentiation is somewhat complicated and not clearly communicated in LastPass's pricing information.
Even though the free version has lost some of its shine, LastPass remains relatively affordable. Private users can book either a Premium subscription or a Family one, the latter coming with six premium licenses. Beyond that, LastPass offers two different Business subscriptions, the costs for which depend on the size of the team. The Teams package is envisioned for groups of up to 50 people; beyond that, you'll want to look at LastPass Enterprise.
Below, we've provided a summary of current prices:
|Base price per month||$0.00||$3.00||$4.00|
|Price per user||$0.00||$0.00||$0.00|
|Contract period (months)||0||12||12|
|Number of Users||1||1||6|
|Number of passwords||unlimited||unlimited||unlimited|
|Number of Devices||1||unlimited||unlimited|
|Sync multiple devices|
|Two factor authentication|
Cloud / SaaS
Cloud / SaaS
Cloud / SaaS
LastPass can be trialed for two weeks for free, however, no refunds are offered.
LastPass certainly hasn't reinvented the wheel, but what it does, it does well, and at a relatively affordable price. Anyone who looks back on the generous free version of LastPass will likely lament the new restrictions to one device type.
A Premium subscription to LastPass is also one of the most reliable and versatile password managers on the market, offering a feature-rich browser extension in addition to one of the most user-friendly web vaults.
LastPass enjoys a decent reputation among its users, as can be seen in its predominantly positive customer ratings.
If, on the other hand, you long for the old free version of LastPass and are craving a password manager without too many limitations, for example in terms of cross-device syncing, you should consider NordPass or Bitwarden.
Some of the best alternatives to LastPass can be found below: