LastPass is one of the premier ways to get your Google passwords to a more secure place. Sitting alongside our best password managers, LastPass offers a user experience that’s second to none, though its 2015 data breach should be on your radar. In this LastPass review, we’re going to talk about the breach, as well as all of the other aspects of LastPass.
We’ll cover every angle of this popular password manager, from importing your Google Chrome passwords to getting into the technical details about security. At the end, we’ll give you our verdict.
- LastPass is an easy-to-use and inexpensive password manager that ticks all the boxes, so long as you’re willing to pay for a Premium or Families subscription.
- The March 2021 update to LastPass significantly reduced the usefulness of its free version, as free users can now use the password manager on only a single device type (either desktops or mobile devices).
- Beyond simple password storage, LastPass Premium and Families offer several advanced features like dark web monitoring, shared folders (Families plan only), encrypted file storage and a security audit.
For the short answer, it’s hard not to recommend LastPass. It’s easy to use, from setup to password management, but sadly, its free plan has lost a lot of utility with the newest version of LastPass. Plus, the 2015 and 2022 security breaches raise some red flags. However, LastPass handled it well enough to be worthy of another chance.
Updated this review to reflect the Aug. 2022 news of LastPass’ security incident.
LastPass Video Review
LastPass is a free password manager that offers unlimited password storage and multi-device sync (as long as the devices are of the same type). There’s also a Premium plan available that adds application autofill, priority support and one-to-many password sharing. No matter which plan you choose, LastPass can work on any computer that supports Google Chrome, Firefox, Edge or Opera.
You can import passwords into LastPass from other password managers, Google Chrome and generic CSV files. To do so, open your vault, click on “more options,” expand the “advanced” tab and select “import.” From there, LastPass will guide you through the process, depending on the platform from which you’re importing.
LastPass Premium is the paid password manager plan from LastPass. For $3 per month, Premium adds priority support, application autofill, support for multiple device types and one-to-many sharing. Premium includes all of the features of LastPass Free, too. That means unlimited password storage, multi-device sync and the security challenge.
LastPass is $3 per month for a Premium subscription. There’s also a Families plan, which covers six users with a Premium membership for only $4 per month. No matter which plan you choose, LastPass bills annually, bringing the price for a subscription to $36 for Premium and $48 for Families. There’s also a free plan, which you can use for as long as you want without spending a dime.
Strengths & Weaknesses
- Excellent free plan
- Easy to use
- Autofill works like a charm
- Application autofill
- Great business pricing
- LastPass Authenticator
- Limited support options
- Data breach on record
- No refund policy
LastPass is one of the most feature-rich password managers around. Fitted with autofill for your browser and desktop, a thorough security challenge and an easy-to-use two-factor authentication app, LastPass goes beyond other password managers.
Like most quality password managers, LastPass comes with a solid password generator that helps you create a secure password with a single click. This LastPass password generator is customizable, which allows you to specify how long the generated secure password should be and what type of characters to include.
Autofill on Chrome and Desktop
LastPass supports autofill through its browser extensions, and it works well. However, Premium subscribers can also take advantage of autofill for desktop applications.
If you’re, say, signing into Adobe Creative Cloud, LastPass can autofill your login credentials. Based on our testing, the autofill works well, no matter if you’re using it in the browser or on desktop. That’s true for passwords but also forms and credit cards, even if LastPass doesn’t detect the correct field.
Through the LastPass browser extension, you can find and fill items, so if LastPass doesn’t pick up that there’s, say, a credit card field, you can still autofill. It’ll do its best to fill all relevant fields — and it’s right most of the time. For example, if you’re filling in your credit card information through this process, LastPass might occasionally miss the security code.
Taking the LastPass Security Challenge
Like other leading password managers, LastPass offers a security dashboard in your vault (read our Sticky Password review for another example). LastPass goes beyond showing compromised, weak, reused and old passwords, though. Your master password and overall security are taken into account, too.
You’re given three scores in the admin dashboard: one for your master password, one for your standing compared to other LastPass users and one for your overall security score. Furthermore, LastPass will automatically send emails to any addresses in your online accounts that have been compromised.
Below your scores, you can see all of your online accounts, as well as their password strength and when the password was last changed. Like Dashlane (read our Dashlane review), LastPass offers a limited password changer that allows you to update old, weak passwords with a single click. The list of supported sites isn’t too lengthy, but it still supports eBay, Facebook and Twitter.
The password changer was supposed to work, at least. When we were testing it on two eBay accounts and Twitter, LastPass consistently timed out. It would take less time to just manually update your password.
Thankfully, LastPass also detects when you change a password and asks if you want to update your entry. Unlike the automatic password changer, this feature works.
Although not a feature of the password manager, per se, LastPass offers one of the best 2FA apps around. “LastPass authenticator” allows you to easily enable two-factor authentication on major websites, including Facebook, Google, Amazon, Dropbox and Evernote (read our Dropbox review and Evernote review).
In addition to standard time-based codes, “LastPass authenticator” also supports SMS codes and, best of all, push notifications. That makes it easy to enable 2FA on commonly accessed sites when all you have to do is push a button to confirm on your mobile device.
LastPass Features Overview
|Backup and recovery|
LastPass is one of the cheapest password managers around and used to be one of the best free password managers. Sadly, an update to the free version of LastPass has greatly reduced its utility, but upgrading to a Premium subscription won’t break the bank.
- Unlimited storage
- Priority support One-to-many sharing Application autofill Multi-device sync
- Protection for six users Family dashboard Unlimited shared folders Multi-device sync
- Price per user Admin dashboard 5-50 users Standard reporting Multi-device sync
- Price per user Includes all Teams features Unlimited users 3 SSO apps with MFA LastPass Families for employees
Before we get to LastPass Free, let’s talk about the Premium plan. For $3 per month, you get all the features of a normal password manager. That includes syncing, the security challenge, multi-factor authentication options and unlimited storage.
The Premium plan comes with a few more features than the free version, though. Most notably, you can share items with multiple users — called “one-to-many” sharing — through the sharing center and sync passwords between mobile devices and computers. Premium subscribers also have access to more multi-factor options and emergency access (read our Keeper review to learn about that last one).
Another great feature of the Premium plan is something called “dark web monitoring.” This adds a level of security to your passwords by notifying you if your accounts or email addresses appear on any popular dark web marketplaces, where such information is bought and sold by cybercriminals.
LastPass Free and Families Price
LastPass Free gets a lot right — you can share passwords, sync multiple devices, use the password generator and secure password vault — but it has a significant Achilles’ heel. Although you used to be able to sync your passwords across all of your devices, you now have to choose whether you want to use the password manager on computers or mobile devices, not both.
You still get access to all the other features you used to, but this new limitation will probably be a deal-breaker to many users looking for a free method of syncing passwords between their phone and their computer.
If this is a crucial feature for you, you’ll have to fork over the cash for either the Premium or Families plan or look elsewhere. Our list of LastPass alternatives will give you plenty of options to choose from, with Bitwarden (read our Bitwarden review) topping the list as one of the last remaining password managers to offer multi-device sync for free.
The Families plan’s pricing is very inexpensive, too. For $4 per month billed annually, you can get six user accounts and a family dashboard, which is a better rate than even 1Password (read our Dashlane vs 1Password comparison). That said, you’re limited to those six users. You also get access to unlimited shared folders with the Families plan, which can be handy.
There isn’t a refund policy on either plan — or at least not one set in stone. User reports suggest that you could get a partial refund if you bug LastPass enough, but there isn’t a concrete policy. The free version comes with a 30-day trial of Premium and seems to serve the purpose that a money-back guarantee would.
LastPass Business Pricing
LastPass offers a range of plans targeted at businesses. There are four options ranging from $3 to $8 per user, depending on the number of users you have, the type of multi-factor options you need and the reporting options you desire.
The business pricing isn’t bad, though LastPass lacks the features and integrations of services like Zoho Vault. We like the multi-factor options with “LastPass authenticator,” SSO options and reporting. However, Zoho still wins when it comes to integration with third-party applications.
From the browser to your desktop to your mobile device, LastPass understands the elements that create a great user experience. LastPass is simple to use across your devices, fit with multiple organization options and a quick setup.
LastPass can be used within a browser, which is a pro in the sense that you can easily access your LastPass vault, independent of the operating system your computer is using. However, the desktop app comes in useful for accessing your passwords offline.
LastPass works wonders with what it offers. By default, entries are laid out in a tiled user interface, though you can change them to a list. In addition to showing large icons for each of your entries, LastPass gives multiple filtering and organization options.
Furthermore, LastPass automatically generates a few folders based on your entries. For example, our 300 or so passwords received “business,” “shopping” and “social” tags.
Folders are the only way to organize your entries, though. LastPass doesn’t have a tagging system like 1Password or a folder hierarchy like RoboForm (read our RoboForm review). Still, the organization works. Read our 1Password vs LastPass comparison.
Importing and Adding Passwords to LastPass
LastPass makes getting set up easy if you’re coming from another password manager. Unlike a lot of other password managers, there wasn’t anything wrong with our import process. LastPass supports nearly every password manager around, as well as generic CSV files. That said, there isn’t an automatic import process.
Adding entries manually isn’t difficult, either. Clicking the big “plus” button at the bottom of the screen will bring up a list of categories. The categories correspond to the left-side menu, including passwords, secure notes, addresses, payment cards and bank accounts. However, there are a lot of other categories you can add.
Those include software licenses, WiFi passwords and more (you can see the full list above). Additionally, you can create custom categories. The template can have as many fields as you want, all with their own names. That said, you can’t edit existing entries. If you want something custom, you have to start from scratch.
No matter if you use one of the existing templates or create your own, new categories will show up in the left-side menu. It’s important to note, though, that custom templates are lumped together under a “custom items” label.
Using the LastPass Chrome Extension
Most of your time with LastPass might be spent with the Chrome extension, and thankfully, that’s a good thing. LastPass clearly understands how important the browser experience is, and it has made one of the best password manager extensions. Instead of trying to be a screen-filling browser UI, the extension is designed to be its own thing.
That doesn’t mean you’re missing out on critical features, though. The extension allows you to quickly search your LastPass vault, view recent entries, generate strong passwords and more. As mentioned in the “features” section, autofill works flawlessly, too. The LastPass Chrome extension wins on every front.
LastPass on Android and iOS
The browser and extension experience are mirrored on the mobile apps. LastPass earned a nod in our best password manager for iOS guide and is just as good on Android. You can view and edit your entries, take the security challenge and, of course, autofill your passwords.
Autofill through the mobile apps simply works, no matter if you’re on iOS or Android. You can set LastPass up with biometric authentication, making it easy to log in and fill passwords. By default, LastPass will sign you out of your account on mobile. However, it quickly authenticates and jumps back to the app you’re trying to log in to for access.
Unfortunately LastPass doesn’t have the cleanest track record for breaches.
LastPass suffered a breach in 2015, which pushed it into the spotlight as the cybersecurity community discussed if password managers were truly secure or not. It suffered another security scare in 2021 too. Then LastPass suffered another hack in August 2022.
Although scary, none of the breaches actually compromised any user data. LastPass uses a secure architecture that can stand up to even the most strict scrutiny.
The model is built around being zero-knowledge. You have a master password, and that master password is the key to unlocking your LastPass account and web vault contents. However, LastPass never sees nor stores it.
Instead, your master password is sent through more than 100,000 rounds of PBKDF2 hashing in order to generate an encryption key and authentication hash (read our description of encryption to learn more about hashing).
After hashing, your master password will look like a bunch of gibberish. LastPass uses that gibberish, along with additional hashing, to generate an authentication key. That key is matched against the server, and if it lines up, your LastPass account unlocks.
It’s a long process, but the important note here is that LastPass never sees your master password. In fact, it never leaves your computer. This is great for security, but the downside is that, should you forget your master password, LastPass will not be able to perform account recovery for you.
Concurrently, your master password is used to generate an encryption key, which unlocks your web vault. Your vault contents are secured with 256-bit AES encryption, which is some of the toughest stuff around. It would take a hacker several billion years to crack a single password.
When LastPass Was Hacked in 2015
In 2015, LastPass was hacked. Thankfully, LastPass was very forthcoming about the hack, letting its users know right away, unlike NordVPN which waited a while (read our NordVPN review).
The cyberattackers were able to access and steal data in the LastPass cloud, but they didn’t access any sensitive information. Because of the zero-knowledge model, no vaults were compromised.
Still, it’s a little too close for comfort. In 2019, Google began warning users about a LastPass phishing scheme, too — something that appeared again in 2020. Project Zero, Google’s security analysis team, found a vulnerability where LastPass could leak a user’s password through an outdated cache. This vulnerability was, thankfully, fixed swiftly by LastPass.
What’s important here is not that LastPass was hacked, but how it responded to the security breach. According to search volume, LastPass is the most in-demand password manager around. That means it has a big target on its back. The hack, given the volume of users, comes as little surprise.
It’s important to remember how popular LastPass is when judging its security architecture. LastPass can’t totally prevent an attack on its servers. That said, it has taken all of the proper measures to ensure that if there is a cyberattack, no sensitive data is released. We saw that in the 2015 breach.
The 2022 Hack
On Aug. 25, 2022, LastPass announced that its developer systems were hacked, and that they had discovered the security incident two weeks prior.
The hacker took portions of source code and some proprietary information, but the tool continued to function as normal and the company says no customer passwords or data were compromised.
Is LastPass Secure?
LastPass has a secure architecture that will keep your passwords safe. Although it was breached in 2015, only encrypted data was stolen. No plaintext passwords or user data was uncovered. LastPass can go toe-to-toe with any other commercial password manager when it comes to security, making it safe to use.
LogMeIn, the company behind LastPass, lumps its tech support in with other products. Still, it’s easy to find answers, starting with the knowledgebase, which is filled mainly with articles on getting LastPass set up. There are a few troubleshooting articles, if you can call them that, but they’re mainly focused on the lesser-known features of LastPass.
Business subscribers get much deeper support, with advanced topics covered in detail. Although not too dense, the knowledgebase is impressive. LastPass provides detailed articles, as well as video tutorials. If you’re looking for further answers, you can post on the LastPass forums, though you may not receive a reply right away.
However, the self-help options are not a supplemental support resource. You’ll need to find an article before getting the option to contact support. Instead of having a support page, there’s simply a link to a contact form on the bottom of each article.
No matter if you’re paying or not, you can contact support, though paying users get priority tech support that responds quicker than support for free users. Even so, the process shouldn’t be as convoluted as it is. We understand adding a contact button at the bottom of articles, but that shouldn’t take the place of a dedicated contact page.
There is a chatbot nicknamed “Sparky”, but just like most automated customer support he pretty much amounts to a search bar that talks back to you.
LastPass is almost too easy to recommend. Its free version provides unlimited password storage (though only on one device type), while Premium subscribers get a few extra goodies. However, not all that glitters is gold. LastPass has a few issues, mainly when it comes to support. If you can look past that, though, it’s a wonderful password manager.
What do you think of our LastPass password manager review? Are you going to sign up for a free plan, despite the new limitations? Let us know in the comments below and check out our Bitwarden vs LastPass comparison, too. As always, thanks for reading.