LastPass Fast FactsOur rating: 3.4 stars out of 5 Pricing: Starts at $3 per month Key features
|
In 2022, LastPass experienced two major data breaches that resulted in customer data being stolen. This data consisted of encrypted fields such as website usernames and passwords, secure notes and form-filled data and unencrypted data such as website URLs.
While LastPass offers a decent password manager experience with its slew of two-factor authentication options and consistent password capture and replay, its recent security incidents prevent us from recommending their service.
Is LastPass safe?
Because of the most recent data breaches, I wouldn’t say LastPass is safe to use. In 2022, LastPass experienced two major data breaches that led to both LastPass customer and company data being stolen. The first incident, which occurred in August 2022, involved a software engineer’s corporate laptop being compromised.
According to LastPass, the incident allowed a bad actor “to gain access to a cloud-based development environment and steal source code, technical information, and certain LastPass internal system secrets.” The company reiterated that “[n]o customer data or vault data was taken during this incident.”
Unfortunately, LastPass disclosed a second breach on November 22, 2022, wherein the data gained in the August 2022 breach was utilized to access LastPass customer data. In particular, the threat actor gained “unauthorized access to cloud backups” that included “system configuration data, API secrets, third-party integration secrets and encrypted and unencrypted LastPass customer data.” This customer data consisted of encrypted fields such as website usernames and passwords, secure notes, and form-filled data and unencrypted data such as website URLs.
LastPass has said that the encrypted data remains secure with 256-bit AES encryption so long as the user’s master password makes use of their password best practices, such as having a 12-character minimum and not reusing the master password on other sites. In January 2024, LastPass announced that the company will enforce a requirement for all customers to use a master password with at least 12 characters. In the past, a 12-character master password was the default setting, but customers still had the ability to choose a master password with fewer characters. It is the company’s hope that efforts such as these will “create stronger and more resilient encryption keys for accessing and encrypting [customer] LastPass vault data.”
While LastPass continues to implement security and privacy changes to their platform, the risk simply isn’t worth taking given the company’s tumultuous history of breaches. Aside from the 2022 breaches, LastPass has had security incidents since 2011. There’s even been a report linking the stolen LastPass accounts from November 2022 to a string of cryptocurrency heists.
You might be better off using more secure password managers, such as Dashlane or Keeper as both companies have yet to report data breaches.
Is LastPass free?
LastPass has a free version, albeit with limited features. It offers an unlimited number of password storage and comes with one account. Compared to a premium LastPass subscription, their free tier will only allow for one device type. This means that you’ll only be able to use LastPass Free on either a computer or a mobile device.
Other limitations include not having LastPass’ One to Many password sharing feature, no emergency access capabilities and the lack of advanced multi factor authentication options such as YubiKey and fingerprint authentication.
If you’re looking for a free version to use long term, I recommend trying out Bitwarden’s free version. It offers the same unlimited number of password storage as LastPass but also allows access to vaults on an unlimited number of user devices, compared to LastPass’ one-device type limit.
LastPass Pricing
Like most password managers, LastPass categorizes its pricing into Single Users & Families and Business customers. Let’s take a look at the first group or plans.
Plan | |||
---|---|---|---|
Price | |||
No. of accounts | |||
No. of device types | |||
Notable features |
|
|
|
LastPass’ Premium and Families plans are on par with most of its competition. Its $3 per month Premium plan falls in the middle of similar subscriptions from Dashlane ($3.33 per month) and RoboForm ($1.99 per month).
The story is the same for its Families plan priced at $4.00 per month covering six accounts, compared to Bitwarden’s Families plan, which is priced at $3.33 per month for six users and 1Password’s Families subscription at $4.99 for five members.
If you’re specifically interested in a family plan, I really like Dashlane’s Friends and Families plan for $4.99 per month. It may look more expensive, but it covers up to 10 members for just an additional $1-$2.
LastPass’ Business plans consist of LastPass Teams and Business.
Plan | ||
---|---|---|
Price | ||
Number of users | ||
Notable features |
|
|
LastPass’ Teams plan at $4.00 per user, per month is on the pricier end. If we compare it to 1Password’s Teams Starter Pack, you can cover 10 users for $19.95. The same number of users through LastPass Teams would amount to $40—a big jump in price. Bitwarden’s Teams Starter plan is similar, priced at $20 for up to 10 users.
LastPass Teams allows up to 50 users, which may be beneficial to smaller teams with more than 10 members. However, it’s important to reiterate that you won’t get the same level of security with LastPass compared to other password managers.
LastPass Business is in the middle range in terms of comparable plans to the competition. LastPass Business at $7 per user, per month is in between Bitwarden’s Enterprise plan for $6 per user and Dashlane’s $8 per user.
LastPass offers a free 30-day trial for its Premium and Families plan, and a 14-day trial for its Teams and Business subscription. If you really want to try LastPass, going for one of these trials is your best option in terms of pricing.
Key features of LastPass
Aside from password generation, autofill and multifactor authentication, LastPass includes a few interesting features that make it stand out from the competition.
One-Time Passwords
LastPass allows you to create a set of temporary, one-time passwords (OTPs) whenever you want to access your vault from a public computer and don’t want to enter your master password.
OTPs can be useful for people who frequently travel and don’t bring their own computer or device all the time. These allow users to access their vaults remotely without having to worry about keyloggers or malware stealing their master passwords whenever they use public wifi.
Country Restriction
Another travel-friendly feature is LastPass’ Country Restriction toggle. This allows users to only allow logins from selected countries, adding an additional layer of security whenever you’re traveling or in another country.
This is a convenient set-and-forget feature that travelers can utilize to protect their passwords from being illegally accessed by malicious third-parties whenever they’re abroad.
Take note that these country restrictions can be bypassed if you use a virtual private network or VPN, as VPNs can make it appear that you’re in another country or location other than your own.
Security Dashboard
LastPass also includes a password health feature called Security Dashboard. It gives you a Security score that analyzes user security, checks if you have any at-risk passwords, and allows you to manage trusted devices.
It also features a dark web monitor that checks whether a particular email address you have is compromised or is involved in a data breach at another company or service.
I personally like how LastPass bundles both its security score and dark web monitoring into one page—giving users easy access to the two complementary tools in one place.
LastPass authentication and security options
LastPass comes with an impressive amount of multi factor authentication (MFA) options. For free users, there’s LastPass MFA, Google Authenticator, Microsoft Authenticator, Toopher, Duo Security and Grid.
Meanwhile, Premium users can set up a YubiKey USB as their second factor, as well as fingerprint or smart card authentication. LastPass Business users also get access to Salesforce authentication.
In terms of security options, LastPass allows you to set trusted devices that let you skip MFA. While I personally don’t recommend this because of the risk of exposure, it may be convenient to turn this on if you’re only accessing your vault from one machine or location. LastPass also keeps a record of the mobile devices with access to your LastPass account and your location history.
LastPass interface and performance
I used LastPass’ web vault for most of my testing and I found the interface to be fairly intuitive. Everything from my vault to more advanced options or settings like emergency access and MFA were placed where I expected them to be.
Design-wise, I think LastPass’ interface looks a bit dated compared to the competition. Dashlane and Keeper, for example, have more graphical designs compared to LastPass’ very plain interface. I also found navigating through the LastPass interface to be a bit clunky, with some settings taking a bit longer to load compared to the competition.
For performance, however, I encountered zero issues with LastPass’ password capture and replay capabilities. Its autofill feature was also reliable, filling in username and password fields without any hiccups.
I also really liked how the LastPass vault lets you launch the particular app associated with a given login.
With this, one can theoretically use LastPass as a sort of command center where you can launch and sign into your most used apps and services easily.
Overall, while I wished LastPass had a more updated design, it provided an easy to understand user experience.
LastPass mobile app
The experience on LastPass mobile app is more or less the same with its web application.
I used LastPass’ Android counterpart on my Google Pixel 6 for this review and it inherits the same intuitive user interface of its web app.
By default, LastPass mobile blacks out screenshots within the app—an underrated security feature that prevents bad actors from stealing data on your mobile vault. Fingerprint login on the app also worked well, and I really liked the security features included in the app such as an automatic lock when the app is on idle and account recovery via biometrics.
It inherits the same older-looking design of the web app but this means you aren’t missing much if you only plan to use the mobile app over the web version.
LastPass pros
- Multiple authentication options.
- Intuitive user interface.
- Useful one-time password feature.
- Country restriction functionality.
LastPass cons
- Has been involved in two major data breaches.
- History of smaller security incidents since 2011.
- Dated interface design.
- Clunky web app experience.
LastPass alternatives
Given LastPass’ recent security incidents, I’ve listed three alternative password managers that have not been involved in breaches and will provide more security for your data.
Keeper
For larger businesses, Keeper is a great pick; as it offers customized bundles and curated pricing for enterprise customers. It also has a Business Starter subscription for teams of 10 people and a Business plan tailored towards small-to-medium sized businesses.
Bitwarden
If security is a top priority, Bitwarden is one of the best. It is open source, which means that its source code can be reviewed, analyzed and audited by the public. It also runs on a zero-knowledge architecture and implements end-to-end encryption for its password storage.
1Password
For an all-around experience, 1Password is a safe bet. It comes with an intuitive and modern-looking user interface that’s coupled with high-end encryption for your data. It also offers a unique Travel Mode feature that can benefit users who regularly go abroad for business trips.
Is LastPass worth it?
No, LastPass’ recent data breaches prevent us from considering it a worthy password manager. This is unfortunate, as LastPass offers a decent password management experience with its extensive MFA options, and reliable password capture and replay.
However, these features don’t mean a thing if LastPass can’t reliably keep your sensitive information secure and out of bad actors’ hands. At this moment, LastPass fails to hit this mark.
In terms of features, options such as Bitwarden and 1Password can provide the same password management experience without any history of data breaches or hacking.
Review Methodology
My review of LastPass involved a detailed assessment of its security features, price and real-world performance. I had hands-on experience with LastPass through a 30-day trial of its Premium plan.
To test LastPass, I used its web vault application and browser extension on my Windows laptop and its mobile app on my Google Pixel 6.
I rated LastPass on everything from its password management features to its pricing based on an internal algorithm to get a rating of 3.4 out of 5 stars. The scoring was based both on LastPass on its own and in relation to other password managers in the market.