Few password managers are as known as LastPass. Started in 2008, it had its share of awards and scandals, wins, and losses. So, it’s a pretty long time in the industry.
Even though the service is a real veteran among cybersecurity tools, is it the best option overall?
So, in this LastPass review, I will examine the service in detail. Continue reading to learn all there is to know about this product in terms of security, ease of use, pricing, and more. Let’s see how good this password manager is.
|Platforms:||Windows, macOS, Android, iOS|
LastPass review – pros and cons
- Free version
- Multi-factor authentication
- Supports most platforms and browsers
- 30-day free trial of Premium
- Offline access to your vault
- U2F is not supported
- No live chat
- No cross-device support for free users
- Free users can’t submit tickets
- Has had a big data breach recently
- Android app includes trackers
LastPass features overview
Let’s see what security and privacy features LastPass offers to keep usernames, passwords, and other sensitive data well protected.
2FA, Multi-factor authentication, and LastPass Authenticator
To make the data even safer, LastPass supports 2-factor authentication (2FA) and multi-factor authentication (MFA).
2FA is designed to keep your most sensitive information safe by making you take additional steps before accessing the LastPass vault where your passwords and usernames are kept. There are many options you can choose for your second factor, including their very own LastPass Authenticator and:
- Smartphone apps (Google Authenticator, Microsoft Authenticator, Symantec VIP, etc.)
- Software-based services (LastPass Grid, LastPass Sesame, others)
- Hardware tokens (YubiKey, RSA SecurID)
You can get the LastPass Authenticator app for free on the Google Play, Apple Store, and Windows Store.
MFA allows you to combine even more factors for authentication and secures your logins to online services other than LastPass. You can choose which services to apply MFA to, which devices to trust, etc.
Due to its usefulness for managing permissions, security levels, and high level of customizability, LastPass MFA (which is a separate app) is a B2B-oriented feature available with the MFA, Teams, Enterprise, and Identity plans. However, advanced multi-factor authentication options are available for individual Premium users as well.
You can manage LastPass 2FA and MFA through the Multifactor Options section of your online dashboard.
One-Time Passwords (OTPs)
If you’re accessing your web vault from a device that doesn’t belong to you, you might be walking into a trap. You can’t know whether the device has a keylogger or other software that could be capturing your keystrokes. LastPass has a potential solution there with their one-time passcodes feature. That way, you can log in without revealing your master password.
You can generate LastPass one-time passcodes after you’ve logged in to your account. You can use them afterward, and each passcode will expire after use. It means that it’s impossible to log in to an account twice with the same passcode. Plus, you can print them or store them in other methods to use later or in emergency recovery.
LastPass password generator
One of the best features that LastPass offers is its password generator. This will help you create strong passwords for your most visited websites and apps.
What a password generator does is it creates passwords for you. Therefore, you don’t have to worry about qwerty or 123456789 not being strong enough to protect your privacy online. With a password generator, you’ll get unique passwords that have a variety of numbers, symbols, capital and lowercase letters.
What’s great about LastPass password generator is that you can control how strong your password will be.
For example, you can choose to include or skip numbers and symbols, select the length of your password, or make it easy to read and say.
However, note that the password in the screenshot above is not particularly strong – I would advise you to increase the length and add both numbers and symbols to the password. After all, using LastPass means you don’t have to memorize your passwords.
While we always recommend to go for the long and hard when it comes to passwords, having an option to customize them is a huge advantage.
LastPass country restriction
When you create your LastPass account, LastPass restricts you to the country you’re in. However, if you travel regularly, you can add additional countries.
To do that, follow these steps:
- Go to your LastPass Vault.
- On the left, click Account Settings.
- Click the General tab, and then click Show Advanced Settings.
- Enable Only allow login from selected countries checkbox.
- Choose the countries you wish to add to your list.
- To save, click Update.
- If asked, provide your Master Password.
- Click Confirm.
That’s all there is – now you are no longer restricted to one country.
One thing to remember is that you can change your virtual location by using a Virtual Private Network (VPN). Thus, you can bypass the country restriction altogether.
LastPass keeps your passwords in an online vault. You can access it on your desktop, web, or mobile device. As the vault is encrypted, your usernames and passwords are well protected against prying eyes.
One good thing about LastPass is that you can access its online storage (or vault) offline as well. If you want to log into your vault when offline, just make sure you’ve logged into your vault at least once with an Internet connection. This way, your device caches a local version of your encrypted data to the device.
LastPass credit monitoring
LastPass users from the US can take advantage of a free credit monitoring alert feature.
With it, you get real-time protection, as you’re notified if your credit report suddenly changes. The credit monitoring feature enables users to better monitor their credit report and protect themselves against identity theft.
To enable this feature, follow these steps:
- Log in to your LastPass account.
- On the left menu, click More Options.
- Click Advanced > Credit Monitoring.
- Select Enable Credit Monitoring.
After completing these steps you will be asked to create new Form Fill Profile or select an existing one.
To enable credit monitoring feature from an existing profile, find your profile on the left and click Enable Credit Monitoring. If you need, you can also edit form-fill, and enable the credit monitoring feature afterward:
LastPass security challenge
When you’re storing in a password vault, one of the most appealing points of a password manager is that there’s everything in one place. It also means that it’s possible to evaluate whether the password is secure. You can do it by hand, or you could use the LastPass security challenge.
LastPass security challenge is a simple analytical tool that goes through all of your stored passwords and evaluates their complexity. If you’re reusing passwords use with little to none uniqueness, you’ll immediately notice low-security challenge scores indicated in red. The good thing is that it also evaluates your master password’s complexity. So, you’ll not only reinforce the passwords that you use on other accounts but will be able to switch to a stronger master password.
Is LastPass safe enough?
LastPass is a closed source password manager. Plus, they never reached out to third party audit agencies to verify whether they’re operating securely. You’ll have to take their word for it for pretty much everything they offer. This isn’t made any better with the fact that the company suffered from a successful hacking attempt.
The service uses military-grade AES-256-bit encryption to lock your secure vault. Only your master password can unlock the vault, and it’s never sent directly to them. LastPass receives only the data that was already pre-encrypted on your local device. What is sent to their servers is only encrypted chunks of data. Even their developers cannot unencrypt it at will because of the additional hashing algorithm. It means that everything you store in LastPass should be safe from external intrusions.
Did LastPass get hacked?
In 2019 Travis Ormandy, Google Project Zero researcher, found the LastPass browser extension vulnerability, which could be used to steam user data. The vaults themselves remained secure. However, it was possible to gain hashed user’s master passwords, email addresses, and password reminder questions via the exploit. It meant that a hacker could take over someone’s LastPass account by abusing the recovery options.
The consensus is that around 16 million users could have gotten their credentials exposed. The developers reacted swiftly and rolled out the patches as soon as they could. However, the damage persists to this day, and LastPass still drags the black spot on their reputation.
Ease of use and setup
Using LastPass is an intuitive and easygoing experience.
For example, to import passwords to LastPass, follow these steps:
- Open your browser
- Click on the inactive LastPass icon in your toolbar
- Enter your username and your master password
- Click Log In
- In your web browser toolbar, click the LastPass icon
- Click Import
If you ever need to export your passwords from the vault, here’s what you need to do:
- Go to your LastPass vault
- On the left, select More Options
- Go to Advanced > Export
- If asked, provide your master password
- Click Continue
- Select More Options in the left navigation
- Go to Advanced > Export
LastPass web client
LastPass web client is the place where users keep their usernames and passwords. What is more, using it, you can manage your account’s settings and the information stored in the vault.
For the sake of comfort, your web vault is organized similarly to your desktop (or local) vault. The best part is that it’s OS-neutral. You will be able to use this version with pretty much all web-enabled devices.
LastPass browser extensions
One great thing about LastPass is that it offers extensions for the most popular browsers. That includes Chrome, Firefox, Opera, Safari, and Edge. You can get your browser extension after creating your account.
Installing LastPass browser extensions is easy – simply confirm the installation when prompted after you create your LastPass account, or download the app to your device.
With the LastPass extension, you’ll forget about your passwords altogether – LastPass will remember your logins and automatically fill them in for you when needed.
LastPass offers apps for both Android and iOS. You can get them on Google Play and the Apple Store, respectively. Both apps are easy-to-use and designed to be as user-friendly as possible. Unfortunately, the Android client has seven trackers that you can’t opt-out of and which collect information about your online activities.
After you get your mobile app, feel free to explore its settings:
For example, you can choose AutoFill feature for LastPass to fill in the website forms for you:
You can also create passwords with the Password Generator feature on your mobile device:
Naturally, you won’t have as many options for generating passwords on your mobile device, but it still does the job.
After downloading one of the mobile apps, users also get the Authenticator app, which is one of the MFA elements created to add an extra layer of security on your most sensitive information.
Plans and pricing
LastPass is sometimes called a freemium password manager. It means that the product is offered for free, but those who wish to explore more of its features have to pay.
To see what you get when opting for one of the three plans – Free, Premium, and Families – let’s discuss them one by one.
Before I do that, however, let’s get one thing out of the way: payment options only include credit cards, which is a bummer.
|Free (1 user)||Secure password vault, autofill, password generator, security dashboard, 2FA, LastPass Authenticator, secure notes||$0.00|
|Premium (1 user)||Everything in Free + file sharing, Dark Web monitoring, emergency access, priority tech support, LastPass for applications, 1GB file storage, advanced 2FA||$3.00/month|
|Families (6 users)||Everything in Premium + family manager dashboard, unlimited shared folders||$4.00/month|
LastPass free option offers the essentials that you’d expect from a password manager. However, you will be restricted to the device type. It means that if you download the desktop app, you’ll be able to use it only on desktop clients. The same with mobile apps, so there are no cross-device type capabilities.
You can get 30 days of Premium to see how their unlocked version feels like. Otherwise, with the free version, you get:
- Secure password vault
- Access on all devices
- Autofill feature
- Password generator
- Security dashboard
- Multi-factor authentication (only the basic options)
- LastPass Authenticator
- Secure notes
The free version on its own is pretty restrictive, so it does make sense to opt-in for paid plans.
To see what is the difference between LastPass Free and LastPass Premium, let’s look at what additional features the Premium plan offers for $3/month, billed annually.
- File sharing with many people
- Cross-device capabilities
- Dark web monitoring feature
- Emergency access
- Priority tech support
- LastPass for applications
- 1GB encrypted file storage
- Advanced multi-factor authentication options
You can find the comparison of all the features you get with each plan you opt for on LastPass website.
When it comes to the Families plan, you get all the features Free and Premium users do, as well as:
- Family manager dashboard
- Unlimited shared folders
Families plan can be used by 6 users for $4/month, billed annually, so it should be more than enough for many households.
When a problem arises, LastPass users can count on the customer support. They can go to the LastPass Support page and type in an issue they’re encountering in the search bar:
For example, I wrote autofill and instantly got the articles that you see in the picture above. After clicking on one of them, you’ll find an answer and detailed instructions, if needed.
Account and password recovery
LastPass Password recovery is not as self-explanatory as it may sound. Actually, LastPass doesn’t know your master password, therefore it cannot send it to you. While this may cause difficulties accessing your vault, the main purpose of keeping your password completely private is protecting you against online fraudsters.
When facing problems accessing your account, try the following steps:
- Take advantage of a password hint that you set up when creating your account. The hint is not the password itself, but it can help you remember your master password. Even though creating a hint is not mandatory, we highly recommend doing so as it may help to recover your LastPass account.
- Go to LastPass Account Recovery page on their website. Here you can activate your local One Time Password. With it, account recovery may be possible. Something to keep in mind is that recovering your account with a one time password is only possible on desktop devices.
- Try accessing your account through the LastPass website and through the browser add-on. If you can login via only one of them, the LastPass browser add-on may be the one to blame. In such a case, clear your browser cache, and contact LastPass customer support.
If the above-mentioned tips don’t work for you, you may have lost access to your LastPass account for good. Recovering the password is not an easy task with this password manager.
Most common LastPass issues
So, what are some of LastPass’ shortcomings and how can you fix them?
While some users have trouble configuring multi-factor authentication or importing their passwords from browsers and other password managers, there are two most common issues that LastPass users run into.
The first one involves setting up the Chrome extension and the other is about making autofill work. Below are the solutions to these two LastPass problems.
LastPass Chrome extension not working
There are a few options to try if your LastPass Chrome extension is not working:
- Reinstall or update your Chrome extension. To do that, go to the LastPass website, and download the latest version of Chrome extension.
- If the extension is listed, but not enabled, enable it. To do that, go to chrome://extensions in your Chrome address bar.
- If LastPass is hidden from your browser, reveal it. To do that, click the Customize Toolbar icon, then right-click the LastPass icon, and select Show in toolbar.
LastPass autofill not working
If your LastPass autofill is not working, you may need to enable it in your Preferences. To do that, follow these steps:
- Go to your browser, and click on the inactive LastPass icon.
- Provide your username and master password.
- Click Log In. You should now see an enabled LastPass icon that is now in red.
- Go to Account Options > Extension Preferences.
- Enable Automatically Fill Login Information.
- To confirm, click Save.
Best alternatives to LastPass
Overall, LastPass is a go-to password manager when you need a high-quality product that is free. However, if for some reason it doesn’t tick all the right boxes for you, find some reliable alternatives to this product:
- Dashlane. It is one of the biggest competitors for LastPass. For more information, read our Dashlane vs. Lastpass comparison.
Before purchasing any of them, make sure you do your research on how well they are suited to your needs. And as always, whenever you choose any product that is completely free, think twice. Sometimes, if you’re not spending a single dollar, you’re paying with your personal information.
Find out more alternatives to LastPass from this guide.
Altogether, LastPass is one of the most widely used password managers available on the market today. And not without reason.
Even if you decide to stick with a free version, you get more than enough features to keep your usernames and passwords well protected. If you decide to upgrade, your options expand even further.
More password manager reviews
Zoho Vault review: great password management solution for multiple users
1Password vs. LastPass: how do these password managers compare?
Bitwarden review: password manager both for personal use and organizations
LastPass is safe because it uses the AES 256-bit cipher to encrypt your passwords. Passwords reach their servers only in an encrypted form. It ensures that even if hackers managed to breach the server, your data would still be safe. It’s impossible to reverse engineer it to retrieve your master password. LastPass employees, too, cannot see the password that you’re uploading to the cloud.
Yes, LastPass is a trustworthy company, and they have fixed most of the security flaws in their product. So, as long as you don’t reuse your passwords and follow the best practices when creating passwords, you should be in the clear. Considering that you can set up multi-factor authentication, it adds a layer of protection.
You can try LastPass Premium for free. When your trial or subscription expires, your account will convert to a regular Free version. Once that happens, you will not be able to continue using premium features. However, you will not lose your data, and you will be able to continue using it.
LastPass makes password management considerably easier, from generating safer passwords to storing them in a vault. Using unique passwords for every account is cumbersome, and insecure passwords are one of the data pieces that are most common to leak in cases of data breaches.
LastPass is owned by LogMeIn, an American company located in Boston, MA. Last year, Francisco Partners and Evergreen Coast Capital, the affiliates of Elliot Management Corporation, bought the company. The deal was closed this year and was worth around $4.3 billion.