LastPass Review 2023: is it safe and reliable?
LastPass is a great password manager. It has a simple and secure interface, strong encryption, and a host of useful features like password sharing, two-factor authentication, and digital legacy. However, LastPass is not without its drawbacks. For instance, it has been recently hacked, and encrypted user data was acquired by threat actors. Additionally, LastPass does not offer the same level of control over your data as some other password managers, and some users have reported that the service can be slow and unreliable at times.
If you’re looking for a more trustworthy provider that has never been breached, then NordPass might be the better choice for you.
- Next-gen security
- User-friendly apps
- Secure password generator
In this review, we thoroughly examined LastPass and the features this password manager offers. So, continue reading to learn all there is to know about this product in terms of security, ease of use, pricing, and more.
|🥇 Overall rank:||#6 out of #15|
|💵 Price:||From $3.00/month|
|✂️ Free version:||Yes|
|🌐 Browser extensions:||Chrome, Firefox, Opera, Safari, and Edge|
|🔥 Coupons:||Cybernews Password Manager Coupons|
LastPass review – pros and cons
- Free version
- Multi-factor authentication
- Supports most platforms and browsers
- 30-day free trial of Premium
- Offline access to your vault
- Recent had a big data breach
- No cross-device support for free users
- Free users can't submit tickets
- Android app includes trackers
- No live chat
Visit LastPass to learn more about the features
LastPass security breach
A 2022 LastPass incident happened in August 2022. The company's source code was accessed through a compromised developer account. However, no vault data or master passwords were compromised and users weren't asked to take any further action. This can be seen as a positive – despite the scale of the attack, the overall damage was minimal.
However, not even 5 months later, another LastPass breach occurred. This time, a threat actor used information obtained in the August breach to gain access to internal LastPass systems. User details such as email addresses, telephone numbers, and IP addresses were exposed.
LastPass also disclosed that the hacker also was able to obtain a copy of an encrypted backup of the user passwords, website usernames, and form-filling data. The passwords remain safe unless the hacker can crack the encryption. However, among the exfiltrated information, were unencrypted URLs, which may or may not include sensitive data such as account tokens and API keys and credentials.
And although user passwords remain under encryption – for now – this is the third consecutive LastPass breach. In 2019, a researcher found a LastPass browser extension vulnerability. If exploited, the vulnerability could’ve exposed 16 million users' credentials, including master passwords, email addresses, and password reminder questions.
Is LastPass still safe?
The honest answer is no, LastPass is no longer safe to use after the most recent breach. Although the data acquired by the threat actor is encrypted, including user passwords, notes, and other information, the encryption might not be invincible and could be cracked.
Something that adds to questionable LastPass security practices is that is a closed-source password manager. This means that no one can really inspect the code for vulnerabilities (which have been found in the past). Plus, they never reached out to third-party audit agencies to verify whether they were operating securely. You’ll have to take their word for it for pretty much everything they offer.
All in all, the latest breaches showed that LastPass’s systems are not unbreakable, and user data is at risk.
Should you leave LastPass?
Yes, you should leave LastPass and like many others, move on to safer options. The latest LastPass breach left sensitive user data vulnerable to exploitation. Even though the backup vaults with user passwords and notes are encrypted, it is likely that the encryption could be cracked.
And considering that this is not the first time LastPass has been hacked, it is in your best interest to switch to a more secure password manager.
- Next-gen security
- User-friendly apps
- Secure password generator
LastPass features overview
LastPass has features to offer that cover all essential password manager’s needs. It lets you keep usernames, passwords, and other sensitive data well protected. Take a quick look at what includes the security and privacy suite of it.
- 2FA, Multi-factor authentication, and LastPass Authenticator
- One-Time Passwords (OTPs)
- Password generator
- Country restriction
- Password vault
- Credit monitoring
- Security challenge
The list seems promising, right? To enlighten you even more, we have reviewed each feature separately. So, scroll down and find out what’s so good about each security tool that LastPass provides you with.
Also, there are more great options to help you manage your credentials. Check out our list of other best LastPass alternatives.
2FA, Multi-factor authentication, and LastPass Authenticator
To make the data even safer, LastPass supports 2-factor authentication (2FA) and multi-factor authentication (MFA).
2FA is designed to keep your most sensitive information safe by making you take additional steps before accessing the LastPass vault where your passwords and usernames are kept. There are many options you can choose for your second factor, including their very own LastPass Authenticator and:
- Smartphone apps (Google Authenticator, Microsoft Authenticator, Symantec VIP, etc.)
- Software-based services (LastPass Grid, LastPass Sesame, others)
- Hardware tokens (YubiKey, RSA SecurID)
You can get the LastPass Authenticator app for free on the Google Play, Apple Store, and Windows Store.
MFA allows you to combine even more factors for authentication and secures your logins to online services other than LastPass. You can choose which services to apply MFA to, which devices to trust, etc.
Due to its usefulness for managing permissions, security levels, and high level of customizability, LastPass MFA (which is a separate app) is a B2B-oriented feature available with the MFA, Teams, Enterprise, and Identity plans. However, advanced multi-factor authentication options are available for individual Premium users as well.
You can manage LastPass 2FA and MFA through the Multifactor Options section of your online dashboard.
One-Time Passwords (OTPs)
If you’re accessing your web vault from a device that doesn’t belong to you, you might be walking into a trap. You can’t know whether the device has a keylogger or other software that could be capturing your keystrokes. LastPass has a potential solution there with their one-time passcodes feature. That way, you can log in without revealing your master password.
You can generate LastPass one-time passcodes after you’ve logged in to your account. You can use them afterward, and each passcode will expire after use. It means that it’s impossible to log in to an account twice with the same passcode. Plus, you can print them or store them in other methods to use later or in emergency recovery.
LastPass password generator
One of the best features that LastPass offers is its password generator. This will help you create strong passwords for your most visited websites and apps.
What a password generator does is it creates passwords for you. Therefore, you don’t have to worry about qwerty or 123456789 not being strong enough to protect your privacy online. With a password generator, you’ll get unique passwords that have a variety of numbers, symbols, capital and lowercase letters.
What’s great about LastPass password generator is that you can control how strong your password will be.
For example, you can choose to include or skip numbers and symbols, select the length of your password, or make it easy to read and say.
However, note that the password in the screenshot above is not particularly strong – I would advise you to increase the length and add both numbers and symbols to the password. After all, using LastPass means you don’t have to memorize your passwords.
While we always recommend to go for the long and hard when it comes to passwords, having an option to customize them is a huge advantage.
LastPass country restriction
When you create your LastPass account, LastPass restricts you to the country you're in. However, if you travel regularly, you can add additional countries.
To do that, follow these steps:
- Go to your LastPass Vault.
- On the left, click Account Settings.
- Click the General tab, and then click Show Advanced Settings.
- Enable Only allow login from selected countries checkbox.
- Choose the countries you wish to add to your list.
- To save, click Update.
- If asked, provide your Master Password.
- Click Confirm.
That’s all there is – now you are no longer restricted to one country.
One thing to remember is that you can change your virtual location by using a Virtual Private Network (VPN). Thus, you can bypass the country restriction altogether.
LastPass keeps your passwords in an online vault. You can access it on your desktop, web, or mobile device. As the vault is encrypted, your usernames and passwords are well protected against prying eyes.
One good thing about LastPass is that you can access its online storage (or vault) offline as well. If you want to log into your vault when offline, just make sure you've logged into your vault at least once with an Internet connection. This way, your device caches a local version of your encrypted data to the device.
LastPass credit monitoring
LastPass users from the US can take advantage of a free credit monitoring alert feature.
With it, you get real-time protection, as you're notified if your credit report suddenly changes. The credit monitoring feature enables users to better monitor their credit report and protect themselves against identity theft.
To enable this feature, follow these steps:
- Log in to your LastPass account.
- On the left menu, click More Options.
- Click Advanced > Credit Monitoring.
- Select Enable Credit Monitoring.
After completing these steps you will be asked to create new Form Fill Profile or select an existing one.
To enable credit monitoring feature from an existing profile, find your profile on the left and click Enable Credit Monitoring. If you need, you can also edit form-fill, and enable the credit monitoring feature afterward:
LastPass security challenge
When you’re storing in a password vault, one of the most appealing points of a password manager is that there’s everything in one place. It also means that it’s possible to evaluate whether the password is secure. You can do it by hand, or you could use the LastPass security challenge.
LastPass security challenge is a simple analytical tool that goes through all of your stored passwords and evaluates their complexity. If you’re reusing passwords with little to none uniqueness, you’ll immediately notice low-security challenge scores indicated in red. The good thing is that it also evaluates your master password’s complexity. So, you’ll not only reinforce the passwords that you use on other accounts but will be able to switch to a stronger master password.
Ease of use and setup
Using LastPass is an intuitive and easygoing experience.
For example, to import passwords to LastPass, follow these steps:
- Open your browser
- Click on the inactive LastPass icon in your toolbar
- Enter your username and your master password
- Click Log In
- In your web browser toolbar, click the LastPass icon
- Click Import
If you ever need to export your passwords from the vault, here’s what you need to do:
- Go to your LastPass vault
- On the left, select More Options
- Go to Advanced > Export
- If asked, provide your master password
- Click Continue
- Select More Options in the left navigation
- Go to Advanced > Export
LastPass web client
LastPass web client is the place where users keep their usernames and passwords. What is more, using it, you can manage your account’s settings and the information stored in the vault.
For the sake of comfort, your web vault is organized similarly to your desktop (or local) vault. The best part is that it's OS-neutral. You will be able to use this version with pretty much all web-enabled devices.
LastPass browser extensions
One great thing about LastPass is that it offers extensions for the most popular browsers. That includes Chrome, Firefox, Opera, Safari, and Edge. You can get your browser extension after creating your account.
Installing LastPass browser extensions is easy – simply confirm the installation when prompted after you create your LastPass account, or download the app to your device.
With the LastPass extension, you’ll forget about your passwords altogether – LastPass will remember your logins and automatically fill them in for you when needed.
LastPass offers apps for both Android and iOS. You can get them on Google Play and the Apple Store, respectively. Both apps are easy-to-use and designed to be as user-friendly as possible.
After you get your mobile app, feel free to explore its settings:
For example, you can choose AutoFill feature for LastPass to fill in the website forms for you:
You can also create passwords with the Password Generator feature on your mobile device:
Naturally, you won't have as many options for generating passwords on your mobile device, but it still does the job.
After downloading one of the mobile apps, users also get the Authenticator app, which is one of the MFA elements created to add an extra layer of security on your most sensitive information.
But it's worth mentioning that the Android client has seven trackers that you can't opt-out of and which collect information about your online activities. These include AppsFlyer, Google Analytics, Google CrashLytics, Google Firebase Analytics, Google Tag Manager, MixPanel, and Segment.
All of these trackers, except for the latter two, are common for other password managers as well. They are used for analytics and crash reporting to optimize and improve the products.
MixPanel and Segment, on the other hand, are used for user profiling and marketing purposes. However, LastPass representatives have assured that no personally identifiable data or vault activity can be passed through these trackers.
Plans and pricing
LastPass is sometimes called a freemium password manager. It means that the product is offered for free, but those who wish to explore more of its features have to pay.
To see what you get when opting for one of the three plans – Free, Premium, and Families – let’s discuss them one by one.
Before I do that, however, let’s get one thing out of the way: payment options only include credit cards, which is a bummer.
|Free (1 user)||Secure password vault, autofill, password generator, security dashboard, 2FA, LastPass Authenticator, secure notes||$0.00|
|Premium (1 user)||Everything in Free + file sharing, Dark Web monitoring, emergency access, priority tech support, LastPass for applications, 1GB file storage, advanced 2FA||$3.00/month|
|Families (6 users)||Everything in Premium + family manager dashboard, unlimited shared folders||$4.00/month|
Password managers' price comparison
Also, there are other great password managers out there. Here is a of their subscription prices for you to compare with that LastPass is offering:
|Price||from $1.43/month||from $0.99/month||from $1.75/month||from $3.00/month|
LastPass free option offers the essentials that you’d expect from a password manager. However, you will be restricted to the device type. It means that if you download the desktop app, you’ll be able to use it only on desktop clients. The same with mobile apps, so there are no cross-device type capabilities.
You can get 30 days of Premium to see how their unlocked version feels like. Otherwise, with the free version, you get:
- Secure password vault
- Access on all devices
- Autofill feature
- Password generator
- Security dashboard
- Multi-factor authentication (only the basic options)
- LastPass Authenticator
- Secure notes
The free version on its own is pretty restrictive, so it does make sense to opt-in for paid plans.
To see what is the difference between LastPass Free and LastPass Premium, let’s look at what additional features the Premium plan offers for $3.00/month, billed annually.
- File sharing with many people
- Cross-device capabilities
- Dark web monitoring feature
- Emergency access
- Priority tech support
- LastPass for applications
- 1GB encrypted file storage
- Advanced multi-factor authentication options
You can find the comparison of all the features you get with each plan you opt for on LastPass website.
When it comes to the Families plan, you get all the features Free and Premium users do, as well as:
- Family manager dashboard
- Unlimited shared folders
Families plan can be used by 6 users for $4.00/month, billed annually, so it should be more than enough for many households.
LastPass video review
When a problem arises, LastPass users can count on the customer support. They can go to the LastPass Support page and type in an issue they're encountering in the search bar:
For example, I wrote autofill and instantly got the articles that you see in the picture above. After clicking on one of them, you'll find an answer and detailed instructions, if needed.
Account and password recovery
LastPass Password recovery is not as self-explanatory as it may sound. Actually, LastPass doesn’t know your master password, therefore it cannot send it to you. While this may cause difficulties accessing your vault, the main purpose of keeping your password completely private is protecting you against online fraudsters.
When facing problems accessing your account, try the following steps:
- Take advantage of a password hint that you set up when creating your account. The hint is not the password itself, but it can help you remember your master password. Even though creating a hint is not mandatory, we highly recommend doing so as it may help to recover your LastPass account.
- Go to LastPass Account Recovery page on their website. Here you can activate your local One Time Password. With it, account recovery may be possible. Something to keep in mind is that recovering your account with a one time password is only possible on desktop devices.
- Try accessing your account through the LastPass website and through the browser add-on. If you can login via only one of them, the LastPass browser add-on may be the one to blame. In such a case, clear your browser cache, and contact LastPass customer support.
If the above-mentioned tips don’t work for you, you may have lost access to your LastPass account for good. Recovering the password is not an easy task with this password manager.
Most common LastPass issues
So, what are some of LastPass' shortcomings and how can you fix them?
While some users have trouble configuring multi-factor authentication or importing their passwords from browsers and other password managers, there are two most common issues that LastPass users run into.
The first one involves setting up the Chrome extension and the other is about making autofill work. Below are the solutions to these two LastPass problems.
LastPass Chrome extension not working
There are a few options to try if your LastPass Chrome extension is not working:
- Reinstall or update your Chrome extension. To do that, go to the LastPass website, and download the latest version of Chrome extension.
- If the extension is listed, but not enabled, enable it. To do that, go to chrome://extensions in your Chrome address bar.
- If LastPass is hidden from your browser, reveal it. To do that, click the Customize Toolbar icon, then right-click the LastPass icon, and select Show in toolbar.
LastPass autofill not working
If your LastPass autofill is not working, you may need to enable it in your Preferences. To do that, follow these steps:
- Go to your browser, and click on the inactive LastPass icon.
- Provide your username and master password.
- Click Log In. You should now see an enabled LastPass icon that is now in red.
- Go to Account Options > Extension Preferences.
- Enable Automatically Fill Login Information.
- To confirm, click Save.
Best alternatives to LastPass
Overall, LastPass is a go-to password manager when you need a high-quality product that is free. However, if for some reason it doesn’t tick all the right boxes for you, find some reliable alternatives to this product.
Whether you're looking for a service to securely store or sync your credentials across devices, NordPass ticks all the boxes. Your vault is protected with military-grade encryption, so no one will be able to just sift through your passwords. Yet, the versatility of this tool means that you'll be able to access the same vault on any device of your choice. Leave iOS-macOS limitations behind.
There are more nice extras like OCR scanning for IDs, so you won't have to type in that data on your browser. Then, there's a Data Breach scanner that alerts you if your password ends up in a leak. This is a full suite aimed at protecting your credentials and everything in-between.
Read more: NordPass review
If you want a safe and secure password manager that is also easy to use, RoboForm is for you. It is equipped with both industry-standard, super-secure AES-256 encryption, and multi-factor authentication to keep all your credentials inaccessible to anyone but you. It also includes features such as a password generator, secure sharing, and dark web monitoring, making navigating the online space more manageable and safer. One of the best things about RoboForm is that it is really affordable, too. The prices for the RoboForm premium version starts at $0.99/month.
Read more: RoboForm review
LastPass is one of the most widely used password managers available on the market today. Security is one of its main appeals. The tool uses AES-256 encryption, the golden standard of the industry. It also offers two-factor authentication and multi-factor authentication, which makes the app as secure as you want it to be.
There are also out-of-the-box features that include One-Time Passwords and the possibility to restrict the app’s usage in different countries. Meanwhile, Credit Monitoring will let you know if your credit report suddenly changes. These and other features will let you feel completely safe.
Even if you decide to stick with a free version, you get more than enough features to keep your usernames and passwords well protected. If you decide to upgrade, your options expand even further, as described in this LastPass review.
More password manager reviews from CyberNews
Zoho Vault review: great password management solution for multiple users
1Password vs. LastPass: how do these password managers compare?
Bitwarden review: password manager both for personal use and organizations
Is LastPass safe to use?
LastPass is safe because it uses the AES 256-bit cipher to encrypt your passwords. Passwords reach their servers only in an encrypted form. It ensures that even if hackers managed to breach the server, your data would still be safe. However, LastPass has been breached numerous times, and the latest breach of 2022 left encrypted user data at risk of being decrypted and exploited.
Is LastPass trustworthy?
Yes, LastPass is a trustworthy company, and they have fixed most of the security flaws in their product. So, as long as you don’t reuse your passwords and follow the best practices when creating passwords, you should be in the clear. Considering that you can set up multi-factor authentication, it adds a layer of protection.
What happens when your LastPass free trial expires?
You can try LastPass Premium for free. When your trial or subscription expires, your account will convert to a regular Free version. Once that happens, you will not be able to continue using premium features. However, you will not lose your data, and you will be able to continue using it.
Why use LastPass?
LastPass makes password management considerably easier, from generating safer passwords to storing them in a vault. Using unique passwords for every account is cumbersome, and insecure passwords are one of the data pieces that are most common to leak in cases of data breaches.
Who owns LastPass?
LastPass is owned by LogMeIn, an American company located in Boston, MA. Last year, Francisco Partners and Evergreen Coast Capital, the affiliates of Elliot Management Corporation, bought the company. The deal was closed this year and was worth around $4.3 billion.
Are LastPass notes encrypted?
Yes, LastPass notes and passwords are encrypted. Only you know your master password, which means that only you can decrypt your vault with a decryption key derived from your master password. This is called zero-knowledge architecture, and no one should be able to access your notes and passwords.
Is LastPass authenticator safe?
Yes, the LastPass authenticator is a safe tool for multi-factor authentication. It adds a layer of security in case your passwords ever get compromised.
Who doesn’t lose or misplace their cell? LassPass should allow the authentication code to be sent to more than one device (a previously identified emergency contact). I love the idea of multi factor but until a better solution is found, it’s not something I would recommend
I immediately contacted last pass support.. I was told depending on browser settings your site password may be visible?!!! ..
WTF - I thought to myself, "last pass is supposed to be a secure way to share passwords" I say.. support replied.. "it is mentioned in support pages".. Didn't have time too look.. I asked if passwords can be shared with individuals. They stated yes. I am now very disappointed, and will be searching for another vendor before creating folders and sharing secure site password with our 100+ employees.
Keep in mind that one-to-many sharing is a premium feature.
Your email address will not be published. Required fields are marked