1Password vs. LastPass

LastPass vs 1Password

1Password and LastPass are the names that will likely pop up the most when you’re Googling which password manager to get. Both companies are counting 12+ years on the security tools market, and both of their flagship products are highly advanced. If you want to buy either of these, you may be wondering which password manager is better for you – 1Password or LastPass?

This comparison will help you to find an answer to this question. I’ll do that by stacking what each service offers in each key area: features, pricing, security, and apps. This will help you make an informed decision on what you’re getting and whether the service will suit your needs. Let’s jump right in and find out.

Features overview

LastPass features:

  • Encryption: AES-256-bit
  • Platforms: macOS, Windows, Linux, Chrome, iOS, Android
  • Browser extensions: Chrome, Opera, Firefox, Internet Explorer, Safari
  • Trial: Free version and a 30-day trial of Premium
  • Price: starts from $3.0/month

1Password features:

  • Encryption: AES-256-bit
  • Platforms: macOS, Windows, Linux, Chrome, iOS, Android
  • Browser extensions: Chrome, Firefox, Edge, Brave, Safari
  • Trial: 30-day trial of Premium
  • Price: starts from $2.99/month

1Password or LastPass: which one is more secure?

1Password and LastPass are on point when it comes to security. Both password managers send only encrypted data to the provider’s servers. Multi-factor security slightly tips in the LastPass favor. However, data storage options are undeniably better on 1Password’s end. Privacy and third-party audits are areas in which 1Password wipes the floor with LastPass. Overall, the champion in the security category is undoubtedly 1Password.

Winner: 1Password

Encryption

Since both 1Password and LastPass are market leaders, there are no real surprises in encryption. 1Password uses industry-standard 256-bit AES encryption with PBKDF2 password hashing for the master password to make it resilient against brute force attacks. The provider even takes it one step further and adds a 128-bit secret key on top of the master password. The forced secret key on login might seem like overkill, but the fact remains that it’s the most secure setup you could find among password managers.

1Password login screen

LastPass is no slouch when it comes to encryption standards. They use the same 256-bit AES encryption with PBKDF2 SHA-256 for master passwords. They also work similarly, never sending unencrypted data outside your device and decrypting it only on a device level.

LastPass is by no means an insecure password manager, it should do the job just fine in most cases. However, the necessary secret key makes a major difference in the device’s security status. 1Password is ultimately the superior choice because it locks your data behind more doors.

Multi-factor security

In 1Password’s case, multi-factor security is built into the client because it requires two passwords on every new device. Aside from this secret key, it’s possible to set up two-factor authentication via authenticator apps like Authy or Microsoft Authenticator. There’s an option to send push notifications to confirm login requests via Duo Security. It’s also possible to use Windows fingerprint or Apple’s FaceID. However, that’s about it. You won’t find 3rd party authenticators or USB tokens. Those two might be vital if you’re a business owner.

Lastpass mfa options

What LastPass does well are their multi-factor authentication options. Ultimately, they have the most of all password managers. The list includes TOTP (time-based one-time password) apps, physical authenticators, smart cards, and more. The kicker is that you can use several authentication options. You can even enable them all and require to use the TOTP app, biometrics, PIN, and smart card – all at the same time.

From multi-factor authentication options, there are many reports that FaceID sometimes doesn’t work well with 1Password. On the other end, there’s a LastPass that allows you to create several layers of protection. It would be tough for any hacker to jump through that many hoops. LastPass is the ultimate winner because of more supported authentication methods and the possibility to combine them.

Data storage

As is common among password managers, 1Password can hold your most essential documents in a secure vault. The limit for Individual, Families users is 1 GB and it’s 5 GB for business users. Each file cannot exceed 2 GB size, so overall you get much better flexibility considering what other password managers offer.

If you’re planning to use LastPass to similar ends, it’s also possible. Free users get 50 MB of encrypted storage, and it’s 1 GB for paid users. 1 GB for paid users is a widespread password manager standard. There is a downside that each file cannot exceed 10 MB in size – could give you some problems if your phone camera is very high quality and you want to take a picture of your ID card.

LastPass gives 50 MB for free users, whereas all 1Password offers are to paying users only. However, when we stack paid LastPass and 1Password data storage options, the latter is undoubtedly less restrictive. With 1Password, you could store incriminating videos that would exceed 50 MBs pretty quickly. LastPass, in this sense, is just inferior.

Privacy policy

Even though 1Password is a closed source project, its developers are upfront about how everything works under the hood. They are freely sharing their Security Design White paper, where every part of how 1Password works is detailed. If you want a summary, 1Password respects your privacy. Your data is stored in encrypted form only, and there is no selling of customer information. It does make sense, considering that 1Password is paid-only and doesn’t have a free version. Naturally, there cannot be any capitalizing on free users’ data because there are no free users.

1Password company is in Canada, and it’s clear that they store their data in data centers in the US. It’s not clear in what data center. That might be because of the constant flux between their partners in those matters. They have been recently acquired by Accel company, which invested $200 million to the company, it didn’t change 1Password’s stance on privacy.

LastPass is certainly less considerate for its customers’ privacy. Their privacy policy is on the website of their parent company LogMeIn – it doesn’t discriminate between different products. As such, it’s ambiguous which data LastPass collects. What is clear is that they state that they may use your data for marketing purposes. Also, LogMeIn is based in the US, adding other possible privacy concerns.

Overall, 1Password distinguishes itself with a no-nonsense attitude towards your privacy. The same doesn’t apply to LastPass, who will happily collaborate with marketers to keep their free version afloat. It’s something that should be looked down upon, making LastPass tonight’s biggest loser.

Third-party security audits

When it comes to third-party security audits, there’s only one thing that you should know. 1Password has undergone several security audits. The complete number might depend on the size of the auditing agency that you’d find credible. In either case, there are seven independent audits. You can familiarize yourself with each of them, including the detailed audit reports on this page. The most noteworthy are Service Organization Control Type 2 certificate, private bug bounty program for Bugcrowd, Inc., and Independent Security Evaluators penetration and code test. That’s a feat of strength that few password managers can boast.

In contrast, LastPass has only one of them. What’s even worse than the lower total number is that this was an audit of their internal compliance to the security and privacy regulations. It should mean to you that they passed their staff compliance audit, rather than through penetration testing of their software. LastPass pales in comparison in this sense. They are making 1Password a clear winner.

1Password and LastPass: which one offers better value for money?

Anyone looking for the lowest overall costs won’t find anything better than LastPass. Whereas, 1Password is for people who don’t mind paying a couple of dollars every month. If you commit for a more extended plan, 1Password for individual users costs as much as LastPass. However, at the same price, you do get more value with 1Password. You can even try it free for 30 days.

Winner: Tie

1Password or LastPass: Free vs. Premium plans

There couldn’t be more different password managers than 1Password and LastPass. One offers a free version forever, while the other wants you to whip out your credit card. Suppose you’re only interested in free password managers with an option to upgrade. In that case, that could settle the argument right there. With the free version of LastPass, you get unlimited password storage in your vault, access on all your devices, a password generator, multi-factor authentication, and 50 MB of data storage. You’ve got to admit, that’s a pretty fantastic offer in itself, and it doesn’t cost a dime.

When we look at the services you have to pay for, the scales tip in 1Password’s favor. First of all, you can try the service for 30 days for free without providing any payment information. Secondly, there is an introductory price option: $8.99 for the first six months. After that period, the regular renewal price is $3.99/month. You can also choose annual subscription and pay $35.88 upfront for a whole year, which translates into $2.99/month.

1password pricing options

If you need a password manager for more users, there’s an option to pick the Families plan for $4.99/month. You can then share this plan among five family members. These users will then share passwords, credit card information, secure notes, and more. Plus, you’ll be able to help out locked out family members should they forget their passwords. If you need any more members, you can invite them for an extra $1/month to your total price.

1Password also has offers for Teams and Business users. The former costs $3.99/month and the latter $7.99/month. Teams include unlimited shared vaults, admin controls, and 1 GB document storage per person. 1Password business, on top of that, has 5 GB of document storage per person, 20 guest accounts, custom roles, usage reports, and more.

LastPass pricing options

LastPass offers a lot more of subscription plans. Individual users can choose between LastPass Premium for $3/month and Families for $4/month. Compared to the free version, LastPass Premium adds one-to-many sharing, dark web monitoring, emergency access, priority tech support, and autofill applications.

Overall, LastPass didn’t implement discounts based on the length of your subscriptions. This means that 1Password could be cheaper and offer more features if you decide to commit to annual plans. On the other hand, if you’re on a tight budget, you can get LastPass for free. So it comes to this, LastPass is the best value option if you don’t spend a dime. If you’re willing to take the financial burden of $3/month, 1Password provides a more comprehensive suite of features.

1Password vs. LastPass: ease of use and setup

Both password managers have created a wide array of options for their users. You can pick between the usual set of apps and clients. The main difference points include browser add-ons. 1Password is lacking in this department, forcing its users to install a desktop app if they want the browser add-on to work. However, 1Password is noticeably superior when it comes to mobile apps, especially its iOS variants. It allows you to store items even on your Apple Watch. Overall, 1Password still comes off as the superior choice compared to what LastPass has to offer.

Winner: 1Password

Web client

It’s most likely that your journey with either service will start via a web client. When you create a 1Password account, you’ll be able to manage your vault right off the bat. The sign up procedure not only requires you to confirm your email with a confirmation code, but it will also enforce a randomly generated 34-character Secret Key. Plus, your login might belong in 3 different regions: 1Password.ca, 1Password.eu, ent.1password.com, or 1Password.com. Although it might seem confusing, it works to your safety advantages. There is much more variation than just your email/master password combination. The redeeming aspect is that you only have to type in these things once. Your browser or app will remember the data. You’ll only need to confirm your identity with a master password. 1Password’s web client offers more or less the same vault management options as those available on the apps.

lastpass web client screenshot

LastPass has a slightly different take on their web client. While 1Password limits some features to the web and adds others to the downloadable apps, LastPass is doing the opposite. They are trying to provide identical functionality regardless of login method.

Desktop apps

1Password apps come in different versions. If you have a newer computer, you’ll be able to download 1Password Version 7. If you have an older computer, you can use 1Password 4. It’s rare that a password manager willingly extends support for older machines. With that said, they are no longer supported as fully and only receive the most critical security updates. All the current apps are available for macOS, Windows, and Linux.

1Password desktop app

You can manage your vault in 1Password desktop the same way you would on the web client. The difference is that the apps add advanced options. For example, on Mac, you can enable Spotlight and 3rd party app integrations. This allows searching the data stored in the items and more. On Windows, you can add a Proxy server and enable Encrypting the file system when saving documents. This protects the records from attackers with physical access to your computer. These additional tweaks are what makes 1Password a better sell than just the barebones browser client.

last pass desktop app

In contrast, LastPass creates zero initiative to switch to a desktop app. Everything you can do on your web client, you can also do on their desktop app. In reality, you can better manage multi-factor authentication options via web client, expand your plans, and more. It raises the question about the purpose of the app. 1Password easily overpowers LastPass when it comes to their desktop apps.

Browser extensions

If you think that 1Password’s browser extension will provide convenience, prepare for confusion. There are actually two separate versions that you can find: 1Password X and an extension that requires a desktop app. The latter was the first introduction, so it worked with Mac and Windows. Then 1Password X was released for ChromeOS and Linux users. 1Password X is newer but it underdeveloped at this point and doesn’t support biometrics authentication.

The simple extension works only as a supplement to the app, not as a substitute. This begs the question why you should bother installing both: the app and the extension when there’s 1Password X?

Well, 1Password doesn’t support Safari, and there’s no Touch ID. So, you have to use the older version if you need these features for your extension.

1password browser extension screenshot

LastPass doesn’t shoot itself in the leg the same way. You can use their browser extension separately from the apps. This is the right way to do it. You get much more flexibility as a user. The extensions are available to Chrome, Firefox, Edge, Edge Legacy, Opera, and even Safari. So, ultimately not only do you get more fleshed-out browser add-ons, but you also get more supported browsers.

Mobile apps

1Password apps are available for iOS and Android devices. Both are identical from the features perspective: you can set up both apps to autofill passwords not only on the web but on apps as well. In the iOS case, everything is rather straightforward. You’re asked to switch iCloud Keychain in place of 1Password. If you’re using Android, it depends on your version. Currently, 1Password supports autofill on apps and browsers from Android version 5 to the current 10th. So, 1Password pretty much covers all bases.

Feature-wise, the most noteworthy addition on iOS is the possibility to add items to the Apple Watch keychain. That way, you can store passwords in the storage on your watch. It protects your items with your Apple Watch rather than your master password. Android devices don’t have an equivalent feature.

LastPass android app screenshot

LastPass also features autofill for Android and iOS. However, the difference is that LastPass will require the Android 8 framework to work. If you have a phone that runs on an older model Android, you’re out of luck. You can also set up biometrics authentication if you forget your master password.

1Password works on more Android versions and supports iOS Apple Watch integrations. These are strong selling points that make it a better overall product.

1Password vs. LastPass: customer support

Since 1Password is positioning itself as a premium password manager, it comes with more customer support options. You can contact them via Twitter, email, or community forums. Email seems like a no-brainer, but many users report that they got in touch faster by using Twitter or the forums. Live chat would be the best option, but seeing how little password manager providers can do to help you out, this is no surprise.

When it comes to LastPass, if you’re using the Free version, you’re left without customer support. You’ll only be able to read the FAQ section. Paid users can get Premium Support tickets. So, essentially, customer support in LastPass’ case is left behind a paywall.

Both services look equally poor from a customer support standpoint. 1Password seems a little better because of their community forums, which give them a narrow edge. LastPass should be an example of how not to implement customer support. Giving this option only to paying users is cruel.

Winner: 1Password

Bottom line

It’s never easy to compare services that operate on two different business models. 1Password is a paid-only service, while LastPass can be either free or paid. Hence, the answer to which one is better depends on your select price point. If you’re on a strict budget and prefer having a free option but an inferior overall service, it’s LastPass for you. If you don’t mind paying every month for a subscription, 1Password is a hands-down better premium service. Better security measures, fewer limitations, and advanced customization options give it the lead.

If you aren’t content with only two password manager options, you’ll be interested to know that there’s a whole wide world out there. Please read up on our best password manager’s top list .

FAQ

Is LastPass better than 1Password?

Both are good services. However, they both have a slight edge in different areas. LastPass is one of the most generous free password managers. Whereas, 1Password is an overall better premium password manager.

Can 1Password import from LastPass?

It can, and that’s not all. It also supports imports from Dashlane, RoboForm, Encryptr, Chrome, and more.

Which is better for business: 1Password or LastPass?

Surprisingly enough, business users might lean towards LastPass. This is because it supports several layers of multi-factor authentication and custom single sign-on policies. Also, depending on your enterprise, it might even be cheaper.

Related articles:
Comments 2
  1. Alex Calderon says:

    I am able to use the 1Password Chrome extension without the need to install software on the computer. Might want to double-check that.

    • Justinas Mazūra says:

      That’s because you’re using 1Password X password manager. It doesn’t require an app and I was using 1Password extension which does require it 😀
      Regardless, I will update the comparison as noted.

Leave a Reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

Subscribe for Security Tips and CyberNews Updates

© 2020 CyberNews – Latest tech news, product reviews, and analyses.