Probably the password manager with the best free plan, LastPass offers a decent experience overall. However, for those wanting to get the most out of their password manager, the LastPass paid plan disappoints when compared to others. Read our full LastPass review for the details.
Free plan available
LastPass is one of the premiere ways to get your Google passwords to a more secure place. Sitting alongside our best password managers, LastPass offers a user experience that’s second to none, with one of the best free plans we’ve ever seen. However, LastPass’ 2015 data breach should be on your radar.
In this LastPass review, we’re going to talk about the breach, as well as all the other aspects of LastPass. We’re going to cover every angle of its popular free password manager, from importing your Google Chrome passwords to getting into the technical details about security. At the end, we’ll give you our verdict.
For the short answer, it’s hard not to recommend LastPass. It’s easy to use, from setup to password management, and comes with an impressive range of free features. The 2015 security breach raises some red flags. However, LastPass handled it well enough to be worthy of a second chance.
- Excellent free plan
- Easy to use
- Autofill works like a charm
- Application autofill
- Great business pricing
- LastPass Authenticator
- Limited support options
- Data breach on record
- No refund policy
LastPass is one of the most feature-dense password managers around. Fit with autofill for your browser and desktop, a thorough security challenge and an easy-to-use two-factor authentication app, LastPass goes beyond other password managers in terms of features.
Autofill on Chrome and Desktop
LastPass supports autofill through its browser extensions, and it works well. However, Premium subscribers can also take advantage of autofill for applications. As we’ll get to in the “ease of use” section below, LastPass doesn’t have a local application, but paying subscribers can download a lightweight tool to bring the extension to your desktop.
If you’re, say, signing into Adobe Creative Cloud, LastPass can autofill your login, so long as you’re subscribed to Premium. Based on our testing, the autofill works well, no matter if you’re using it in the browser or on desktop. That’s true for passwords, but also for forms and credit cards, even if LastPass doesn’t detect the correct field.
Through the browser extension, you can find and fill items, so if LastPass doesn’t pick up that there’s, say, a credit card field, you can still autofill. It’ll do its best to fill all relevant fields, and it’s right most of the time. For example, if you’re filling in your credit card information through this process, LastPass might occasionally miss the security code.
Taking the LastPass Security Challenge
Like other leading password managers, LastPass offers a security dashboard in your vault (read our Sticky Password review for another example). LastPass goes beyond showing compromised, weak, reused and old passwords, though. Your master password and overall security are taken into account.
You’re given three scores: one for your master password, one for your standing compared to other LastPass users and one for your overall security score. Furthermore, LastPass will automatically send emails to any addresses in your online accounts that have been compromised.
Below your scores, you can see all of your online accounts, as well as their password strength and when the password was last changed. Like Dashlane, LastPass offers a limited password changer that allows you to update old, weak passwords with a single click. The list of supported sites isn’t too lengthy, but it still supports eBay, Facebook and Twitter.
The password changer was supposed to work, at least. When we were testing it on two eBay accounts and Twitter, LastPass consistently timed out. It would take less time to just manually update your password.
Thankfully, LastPass also detects when you change a password and asks if you want to update your entry. Unlike the automatic password changer, this feature works.
Although not a feature of the password manager, per se, LastPass offers one of the best 2FA apps around. LastPass Authenticator allows you easily enable two-factor authentication on major websites, including Dropbox, Facebook, Google, Evernote and Amazon (read our Dropbox review and Evernote review).
In addition to standard time-based codes, LastPass Authenticator also supports SMS codes and, best of all, push notifications. That makes it easy to enable 2FA on commonly accessed sites, when all you have to do is push a button to confirm on your mobile device.
LastPass Features Overview
LastPass is one of the cheapest password managers around, but more than that, it’s the best free password manager. With multi-device sync, unlimited storage for a single user and autofill support, the Free plan outshines Premium in a number of ways. That said, the price of a Premium subscription isn’t too high.
Before getting to LastPass Free, let’s talk about Premium. For $3 per month — triple the price of LastPass’ original price — you get all of the features of a normal password manager. That includes syncing, the security challenge, multi-factor authentication and unlimited storage.
The Premium plan comes with a few more features than the Free plan, though. Most notably, you can share items with multiple users — called “one-to-many” sharing — and autofill your passwords on local applications. Premium subscribers also have access to more multifactor options and emergency access (read our Keeper review to learn about that last one).
LastPass Free and Family Price
LastPass Free is the star of the show for one reason: multi-device sync. Other free plans, even good ones like Dashlane, struggle to keep up with LastPass (read our Dashlane review). Without spending a dime, you get full protection for a single user, one-to-one sharing, autofill and, most importantly, multi-device sync.
Syncing across devices is usually a paid feature, as we’ve seen with multiple free password managers, including NordPass (read our NordPass review). LastPass still reserves some features for its paid plan, including one-to-many sharing and emergency access, but you can stay protected on all of your devices without spending a dime.
The Family plan’s pricing is very inexpensive, too. For $4 per month billed annually, you can get six user accounts and a family dashboard, which is a better rate than even 1Password. That said, you’re limited to those six users.
There isn’t a refund policy on either plan, or at least not one set in stone. User reports suggest that you could get a partial refund if you bug LastPass enough, but there isn’t a concrete policy. The Free plan comes with a 30-day trial of Premium and seems to serve the purpose that a money-back guarantee would.
LastPass Business Pricing
LastPass offers a range of plans targeted at businesses. There are four options ranging from $3 to $8 per user, depending on the number of users, the type of multiple-factor options you need and the reporting options you desire. Outside of the Teams plan, all other business plans are purchased through contact only.
The business pricing isn’t bad, though LastPass lacks the features and integrations of a services like Zoho Vault. We like the multi-factor options with LastPass Authenticator, SSO options and reporting. However, Zoho still wins when it comes to integration with third-party applications.
From the browser to your mobile device, LastPass understands the elements that create a great user experience. LastPass is simple to use across your devices, fit with multiple organization options and a quick setup. However, there isn’t a local application, which could cause some issues when trying to access your passwords offline.
LastPass is a browser-only experience. That’s a pro in the sense that you can easily access your vault, independent of the operating system your computer is using. However, there are downsides, too. You can’t access your passwords offline unless you export, and you need to have a browser window open just to access your entries.
Although we’d prefer a local application in addition to the browser interface, LastPass works wonders with what it offers. By default, entries are laid out in a tiled interface, though you can change them to a list. In addition to showing large icons for each of your entries, LastPass gives multiple filtering and organization options.
LastPass automatically generates a few folders based on your entries. For example, our 300 or so passwords received “business,” “shopping” and “social” tags.
Folders are the only way to organize your entries, though. LastPass doesn’t have a tagging system like 1Password or a folder hierarchy like RoboForm (read our RoboForm review). Still, the organization works.
Importing and Adding Passwords to LastPass
LastPass makes getting set up easy if you’re coming from another password manager. Unlike a lot of other password managers, there wasn’t anything wrong with our import process. LastPass supports nearly every password manager around, as well as generic CSV files. That said, there isn’t an automatic import process.
Adding entries manually isn’t difficult, either. Clicking the big “plus” button at the bottom of the screen will bring up a list of categories. The categories correspond to the left-side menu, including passwords, notes, addresses, credit cards and bank accounts. However, there are a lot of other categories you can add.
Those include software licenses, WiFi passwords and more (you can see the full list above). Additionally, you can create custom categories. The template can have as many fields as you want, all with their own names. That said, you can’t edit existing entries. If you want something custom, you have to start from scratch.
No matter if you use one of the existing templates or create your own, new categories will show up in the left-side menu. It’s important to note, though, that custom templates are lumped together under a “custom items” label.
Using the LastPass Chrome Extension
Most of your time with LastPass will be spent with the Chrome extension, and thankfully, that’s a good thing. LastPass clearly understands how important the browser experience is, and it has made one of the best password manager extensions. Instead of trying to be a screen-filling browser UI, the extension is designed to be its own thing.
That doesn’t mean you’re missing out on critical features. The extension allows you to quickly search your vault, view recent entries, generate strong passwords and more. As mentioned in the “features” section, autofill works flawlessly, too. The LastPass Chrome extension wins on every front.
LastPass on Android and iOS
The browser and extension experience are mirrored on mobile. LastPass earned a nod in our best password manager for iOS guide, and is just as good on Android. You can view and edit your entries, take the security challenge and, of course, autofill your passwords.
Autofill on mobile simply works, no matter if you’re on iOS or Android. You can set LastPass up with biometric authentication, making it easy to log in and fill passwords. By default, LastPass will sign you out of your account on mobile. However, it quickly authenticates and jumps back to the app you’re trying to log in to.
LastPass suffered a breach in 2015, which pushed it into the spotlight as the cybersecurity community discussed if password managers were truly secure or not. Although scary, the breach didn’t actually compromise any user data. LastPass uses a secure architecture that can stand up to even the most strict scrutiny.
The model is built around being zero-knowledge. You have a master password, and that master password is the key to unlocking your account and vault contents. However, LastPass never sees nor stores it.
Instead, your master password is sent through more than 100,000 rounds of PBKDF2 hashing in order to generate an encryption key and authentication hash (read our description of encryption to learn more about hashing).
After hashing, your master password will look like a bunch of gibberish. LastPass uses that gibberish, along with additional hashing, to generate an authentication key. That key is matched against the server, and if it lines up, your account unlocks.
It’s a long process, but the important note here is that LastPass never sees your master password. In fact, it never leaves your computer.
Concurrently, you master password is used to generate an encryption key, which unlocks your vault. Your vault contents are secured with AES-256, which is some of the toughest stuff around. It would take a hacker multiple billion years to crack a single password.
When LastPass Was Hacked
In 2015, LastPass was hacked. Thankfully, LastPass was very forthcoming about the hack, letting its users know right away, unlike NordVPN (read our NordVPN review). The attackers were able to access and steal data in the LastPass cloud, but they didn’t access any sensitive information. Because of the zero-knowledge model, no vaults were compromised.
Still, it’s a little too close for comfort. In 2019, Google began warning users about a LastPass phishing scheme, too. Project Zero, Google’s security analysis team, found a vulnerability where LastPass could leak a user’s password through an outdated cache. This vulnerability was, thankfully, fixed swiftly by LastPass.
What’s important here is not that LastPass was hacked, but how it responded to the security breach. According to search volume, LastPass is the most in-demand password manager around. That means it has a big target on its back. The hack, given the volume of users, comes at little surprise.
It’s important to remember how popular LastPass is when judging its security architecture. LastPass can’t totally prevent an attack on its servers. That said, it has taken all proper measures to ensure that if there is an attack, no sensitive data is released. We saw that in the 2015 breach.
Is LastPass Secure?
LastPass has a secure architecture that will keep your passwords safe. Although it was breached in 2015, only encrypted data was stolen. No plaintext passwords or user data was uncovered. LastPass can go toe-to-toe with any other commercial password manager when it comes to security, making it safe to use.
LogMeOnce, the company behind LastPass, lumps its tech support in with other products. Still, it’s easy to find answers. The knowledgebase is filled mainly with articles on getting LastPass set up. There are a few troubleshooting articles, if you can call them that, but they’re mainly focused on the lesser-known features of LastPass.
Business subscribers get much deeper support, with advanced topics covered in detail. Although not too dense, the knowledgebase is impressive. LastPass provides detailed articles, as well as video tutorials. If you’re looking for further answers, you can post on the LastPass forums, though you may not receive a reply right away.
However, the self-help options are not a supplemental support resource. You’ll need to find an article before getting the option to contact support. Instead of having a support page, there’s simply a link to a contact form on the bottom of each article.
No matter if you’re paying or not, you can contact support, though paying users get priority support. Even so, the process shouldn’t be as convoluted as it is. We understand adding a contact button at the bottom of articles, but that shouldn’t take the place of a dedicated contact page.
LastPass is almost too easy to recommend. Its free plan provides unlimited password storage across all of your devices, while Premium subscribers get a few extra goodies. However, not all that glitters is gold. LastPass has a few issues, mainly when it comes to support. If you can look past that, though, it’s a wonderful password manager.
What do you think of LastPass? Are you going to sign up for a free plan? Let us know in the comments below and, as always, thanks for reading.
What Is LastPass?
LastPass is a free password manager that offers unlimited password storage and multi-device sync. There’s also a Premium plan available that adds application autofill, priority support and one-to-many sharing. No matter which plan you choose, LastPass can work on any computer that supports Google Chrome.
How to Import Passwords Into LastPass
You can import passwords into LastPass from other password managers, Google Chrome and generic CSV files. To do so, open your vault, click on “more options,” expand the “advanced” tab and select “import.” From there, LastPass will guide you through the process, depending on the platform you’re importing from.
What Is LastPass Premium?
LastPass Premium is the paid password manager from LastPass. For $3 per month, Premium adds priority support, application autofill and one-to-many sharing. Premium includes all of the features of LastPass Free, too. That means unlimited password storage, multi-device sync and the security challenge.
How Much Is LastPass?
LastPass is $3 per month for a Premium subscription. There’s also a Family plan, which covers six users with a Premium membership for only $4 per month. No matter which plan you choose, LastPass bills annually, bringing the price for a subscription to $36 for Premium and $48 for Family. There’s also a Free plan, which you can use for as long as you want without spending a dime.