LastPass review: tested in 2025
Being behind major reports like The Mother of All Breaches and WhatsApp Data Leak, our in-house cybersecurity experts conduct independent, unbiased testing and thorough analysis of password managers, helping users confidently manage their credentials and sensitive information.
We prioritize transparency by openly sharing detailed descriptions of our in-house testing procedures and methodologies.
Learn more
LastPass is one of the most well-known password managers, offering a user-friendly interface, strong encryption, and essential features like password sharing, multi-factor authentication, and a secure vault. However, its reputation has taken a hit due to past security incidents, most notably a data breach in 2022 that exposed user information.
Since then, LastPass has taken steps to rebuild trust and improve its security framework. In this updated LastPass review, the Cybernews team and I re-evaluated the service to see how it holds up today, looking at its current security measures, ease of use, pricing, and overall value.
While LastPass has made progress, some users remain cautious due to its breach history. If you're exploring alternatives, services like NordPass offer strong encryption along with privacy-focused tools such as email masking and password health reports.




Our in-house research team thoroughly analyzes password managers, and our team of experts uses the gathered insights and hands-on experience to evaluate each provider accordingly. Find out how we assess password managers.
LastPass review – at a glance
Encryption: | AES-256 |
Zero-knowledge architecture: | ✅ Yes |
Third-party audits: | ✅ Independently audited |
MFA: | ✅ Yes |
Account-recovery option: | ✅ Yes |
Secure password sharing: | ✅ Yes |
Autofill: | ✅ Yes |
Data leak scanning: | ✅ Yes |
Password limits: | ✅ None |
Compatible with: | Windows, macOS, Linux, Android, iOS |
Supported browser extensions: | Chrome, Firefox, Opera, Safari, Edge |
Free version: | ✅ Available |
Coupon codes: | LastPass Discount Codes |

Our opinion about LastPass
In our May 2025 LastPass review, we found that the service offers an impressive range of features and a user-friendly experience, making it easy to manage and secure passwords across devices. Its affordable plans and robust toolset, like password sharing and dark web monitoring, are undeniably appealing. However, LastPass’ history of data breaches raises concerns about its ability to fully protect sensitive user information. While it remains a functional and feature-rich option, I find it hard to recommend LastPass over competitors with stronger security records.
Who should use LastPass?
- Individuals. If you’re a beginner and have not used a password manager before, LastPass’ intuitive interface and functions make password management very simple. The browser extension’s autofill function can help if you have trouble remembering your logins.
- Families. With the family plan, you can add up to 6 people to your subscription – friends or family members – and share logins and other important information securely.
- Businesses. With plans for teams and businesses, each person gets their vault, and password sharing and access management between employees become a simple process.
Is LastPass safe?
No, I can't say that LastPass is entirely secure, given its history of security breaches that compromised users’ data. Since the LastPass experienced incidents in 2015, 2021, and 2022, its reliability got compromised. As not only technical information of the provider was affected but also users' personal data, I don't recommend LastPass for users looking for a secure password manager.
Despite the fact that LastPass employs virtually unbreakable AES-256 encryption, incidents in the past have proven that the password manager is vulnerable. During the major data breach in 2022, cybercriminals were able to steal credentials from a LastPass engineer and gain access to the cloud-based development environment.
Although the company dealt with the breach immediately, LastPass wasn’t able to prevent a secondary attack, during which hackers gained access to both encrypted and unencrypted user data, putting 25 million users at risk.
In conclusion, even if LastPass is taking all the measures to prevent data breaches in the future, it has clearly failed its users in the past, which is a significant blow to the company’s reputation. It’s possible that LastPass won’t experience any breaches in the future. But when it comes to password security, I don’t want to blindly recommend this password manager based only on hope. Instead, I suggest taking a look at the best password managers with a proven track record of security, like NordPass or 1Password.
LastPass feature overview
LastPass has features that cover all essential needs. In theory, it lets you keep usernames, passwords, and other sensitive data well protected. Take a quick look at what is included in its security and privacy suite.
Feature | What it does |
2FA, multi-factor authentication, and LastPass Authenticator | 2FA and MFA allow you to combine even more factors for authentication and secure your logins to online services other than LastPass. |
One-time passwords (OTPs) | Log in to LastPass without using your master password. A one-time password expires after a set time and keeps your account secure. |
Password generator | With a password generator, you’ll get unique passwords that have a variety of numbers, symbols, and capital and lowercase letters. |
Country restriction | Country restriction lets users select specific countries from which logins are allowed. This feature is simple to use and helps travelers protect their passwords from unauthorized access while abroad. |
Password vault | LastPass keeps your passwords in an online vault. You can access it on your desktop, web, or mobile device. The vault is encrypted, so your usernames and passwords are well protected. |
Credit monitoring | The credit monitoring feature enables users to better monitor their credit reports and protect themselves against identity theft. |
Security Challenge | A simple analytical tool that goes through all of your stored passwords and evaluates their complexity. |
To provide a more detailed view, I, with the help of the Cybernews team, I reviewed each feature separately. Keep reading to see what makes each LastPass security tool useful.
2FA, multi-factor authentication, and LastPass Authenticator
To make the data even safer, LastPass supports two-factor authentication and multi-factor authentication.
2FA is designed to keep your most sensitive information safe by making you take additional steps before accessing the LastPass vault, where your passwords and usernames are kept. There are many options you can choose for your second factor, including:
-
LastPass Authenticator
- Smartphone apps (Google Authenticator, Microsoft Authenticator, Symantec VIP, and others)
- Software-based services (LastPass Grid, LastPass Sesame, and others)
- Hardware tokens (YubiKey, RSA SecurID)
You can get the LastPass Authenticator app for free on Google Play, Apple Store, and Windows Store.
MFA allows you to combine even more factors for authentication and secures your logins to online services other than LastPass. You can choose which services to apply MFA to and which devices to trust.
Due to its usefulness for managing permissions, security levels, and high level of customizability, LastPass MFA (a separate app) is a B2B-oriented feature available with the MFA, Teams, Enterprise, and Identity plans. However, advanced multi-factor authentication options are available for individual premium users as well.
You can manage LastPass 2FA and MFA through the Multifactor Options section of your online dashboard.
One-time passwords (OTPs)
If you’re accessing your web vault from a device that doesn’t belong to you, you can’t know whether the device has a keylogger or other software that could capture your keystrokes. LastPass has a potential solution there with the one-time password feature. Using it, you can log in without revealing your master password.
You can generate LastPass one-time passcodes after you’ve logged in to your account. You can use them afterward, and each passcode will expire after use. It means it’s impossible to log in to an account twice with the same passcode. Plus, you can print or store them using other methods to use later or in emergency recovery.
LastPass password generator
One of the best features that LastPass offers is its password generator. It helps you create strong passwords for your most visited websites and apps.
A password generator creates passwords for you, which means you don’t have to worry about qwerty or 123456789 not being strong enough to protect your privacy online. With a password generator, you’ll get unique passwords that have a variety of numbers, symbols, and capital and lowercase letters.
What I liked about the LastPass password generator is that you can control how strong your password will be. For example, I could choose to include or skip numbers and symbols, select the length of my password, or make it easy to read and say.

However, note that the password in the screenshot above is not particularly strong. You should increase the length and add both numbers and symbols to the password to make it stronger. After all, using LastPass means you don’t have to memorize your passwords.
While I always recommend going for the long and hard passwords, having the option to customize them is a huge advantage.
LastPass country restriction
LastPass includes a handy feature called Country Restriction that lets users select specific countries from which logins are allowed. This enhances security, particularly when traveling or staying in different countries. This feature is simple to use and helps travelers protect their passwords from unauthorized access while abroad.
One thing to remember is that you can change your virtual location by using a virtual private network (VPN). Thus, you can bypass the country restriction altogether.
Password vault
LastPass keeps your passwords in an online vault. You can access it on your desktop, web, or mobile device. As the vault is encrypted, your usernames and passwords are well protected.
Something I appreciated about LastPass is that I could also access the online storage (or vault) when offline. If you want to log in to your vault when offline, just make sure you've logged in to your vault at least once with an internet connection. This way, your device caches a local version of your encrypted data to the device.
LastPass credit monitoring
LastPass users from the US can take advantage of a free credit monitoring alert feature, which ensures real-time protection, as you're notified if your credit report suddenly changes. The credit monitoring feature enables users to better monitor their credit reports and protect themselves against identity theft.

After completing these steps, you will be asked to create a new Form Fill Profile or select an existing one.
To enable the credit monitoring feature from an existing profile, find your profile on the left and click Enable Credit Monitoring. If you need to, you can also edit Form Fill and enable the credit monitoring feature afterward.

LastPass Security Challenge
When storing data in a password vault, one of the most appealing points of a password manager is that there’s everything in one place. It also means that it’s possible to evaluate whether the password is secure. You can do it by hand or use the LastPass Security Challenge.
LastPass Security Challenge is a simple analytical tool that goes through all of your stored passwords and evaluates their complexity. If you’re reusing passwords with little to no uniqueness, you’ll immediately notice low-security challenge scores indicated in red. I liked that it also evaluates your master password’s complexity. So, you’ll not only reinforce the passwords that you use on other accounts but will be able to switch to a stronger master password.

LastPass web client
LastPass web client is the place where users keep their usernames and passwords. It can also help you manage your account’s settings and the information stored in the vault.

Your web vault is organized similarly to your desktop (or local) vault. The best part is that it's OS-neutral. You will be able to use this version with nearly all web-enabled devices.
LastPass plans and pricing
LastPass offers Free, Premium, Families, Teams, and Business plans to meet different needs. Each plan provides various features and security levels. Below, you'll find a table with the key features and prices for each plan.
Features | Free | Premium | Families | Teams | Business |
Price | Free | $3.00/month | $4.00/month | $4.25/month | $7.00/month |
Users | 1 | 1 | 6 | 50 | Unlimited |
Unlimited devices | ❌ No | ✅ Yes | ✅ Yes | ✅ Yes | ✅ Yes |
Unlimited passwords | ✅ Yes | ✅ Yes | ✅ Yes | ✅ Yes | ✅ Yes |
2F authentication | ✅ Yes | ✅ Yes | ✅ Yes | ✅ Yes | ✅ Yes |
Secure password vault | ✅ Yes | ✅ Yes | ✅ Yes | ✅ Yes | ✅ Yes |
Save and autofill passwords | ✅ Yes | ✅ Yes | ✅ Yes | ✅ Yes | ✅ Yes |
Secure notes | 50MB of storage | Unlimited storage | Unlimited storage | Unlimited storage | Unlimited storage |
Emergency access | ❌ No | ✅ Yes | ✅ Yes | ❌ No | ❌ No |
Dark web monitoring | ✅ Yes | ✅ Yes | ✅ Yes | ✅ Yes | ✅ Yes |
Admin control | ❌ No | ❌ No | ❌ No | ✅ Yes | ✅ Yes |
Single sign-on (SSO) | ❌ No | ❌ No | ❌ No | ❌ No | ✅ Yes |
LastPass free version
The LastPass Free plan includes essential password management features, such as storing unlimited passwords, autofill, password generation, dark web monitoring, and secure notes. However, it limits usage to one device type, either computer or mobile and offers 50MB of encrypted storage. This plan is a good choice for those who are comfortable with basic password security and don’t have a lot of sensitive data to protect.
LastPass Premium
For $3.00/month, the LastPass Premium plan adds advanced features like one-to-many sharing, emergency access, and 1GB of encrypted file storage. It supports unlimited devices and offers more robust security and convenience features. I recommend this plan for anyone who needs to access their accounts on multiple devices and isn’t satisfied with the free plan limitations.
LastPass Families
Priced at $4.00/month, the LastPass Families plan supports up to six users, providing each with a vault. It includes all Premium features plus a shared family dashboard for easy management and secure sharing of passwords among family members. The plan is great for families, households, or friends sharing streaming service accounts.
LastPass Teams
At $4.25/user/month, the LastPass Teams plan is designed for small businesses, offering secure password sharing, admin control, and user management for up to 50 users. It ensures collaborative and secure password management within small teams. Any team will benefit from this plan, especially if you use a lot of tools and need to share access securely with multiple users at once.
LastPass Business
The LastPass Business plan costs $7.00/user/month and includes advanced security features such as single sign-on, multi-factor authentication (MFA), and detailed compliance reporting. It supports unlimited users and integrates with various business tools. I recommend this plan as a comprehensive solution for larger organizations.
Subscriptions and refund policy
The paid single-user and family plans come with a 30-day trial. It includes all the free and premium features of LastPass. Once the term ends, the user must pay for the chosen plan until the end of the subscription, unless the plan is canceled before the 30 days elapse.
The 14-day trial offered for business clients includes unlimited password storage and sharing, as well as user management and quick-to-setup security policies. A credit card is not required to sign up for this trial.
Although this may seem like a standard and straightforward process, some users report issues. For example, I had some difficulties with canceling subscriptions due to confusing interfaces and unclear cancellation options.
Our research team also reported on some users experiencing issues when communicating with the LastPass customer support team regarding cancellations. They noted delayed responses and overall unhelpful assistance.
Finally, what I found most disconcerting was that some LastPass users reported they were charged even after canceling the subscription.
To sum up, if you plan to use LastPass, I recommend you review all subscription and refund policies carefully to make sure you understand the terms and know what to do in case you want to cancel a subscription.
How does LastPass work?
LastPass is quite easy to set up and requires only a few simple steps to get started:
-
Create your LastPass account and download the apps and browser extensions to protect your passwords on all devices.
-
Create your master password, which you will use to log in to LastPass.
- Set up master password recovery. It’s available as a mobile app recovery on iOS, a hint or a reminder, an SMS recovery, or as a one-time password.
-
If you used a different password manager previously or saved passwords on your browser, import all your passwords to LastPass. You can import passwords to LastPass from Chrome, Firefox, Opera, and Safari and password managers like Bitwarden, Dashlane, KeePass, Keeper, 1Password, and Roboform.
- Alternatively, you can start adding passwords and other data to your account from scratch.
LastPass compatibility and ease of use
To test LastPass, I used a MacBook Air (macOS Sonoma 14.5), a OnePlus (Android 15), and Chrome and Firefox browsers. LastPass supports macOS, Windows, Linux, iOS, and Android and offers extensions for Chrome, Firefox, Edge, and Safari.
The setup was quick, requiring only an email and a master password. I found the interface intuitive, with features like a password generator and autofill working seamlessly on tested sites such as Facebook, Amazon, and Twitter.
Browser extensions | The LastPass browser extensions have an intuitive and accessible user interface, allowing quick item creation and customization options like autofill and autologin, with seamless autofill performance on major websites. |
Desktop app | The LastPass desktop application is easy to set up and mirrors the web version. However, it has issues like difficulty editing some saved items and autofill not detecting known websites, although it includes a Quick Search feature for finding credentials. |
Mobile app | The LastPass mobile app guides you through setup with ease-of-use features like biometric login and autofill, mirroring the browser extension interface and functioning flawlessly without any issues. |
When testing web and desktop apps, I found the web app version to be more reliable. It was more consistent with autofill detection and editing saved items. The mobile app is user-friendly, guiding through setup with features like biometric login and autofill, and it works flawlessly. Overall, I can say that LastPass is highly compatible and easy to use across devices despite minor issues with the desktop application.
LastPass browser extensions
When I tested the LastPass browser extensions on Chrome and Firefox, I found the user interface intuitive and user-friendly. All features were easily accessible, making the experience smooth and efficient. Creating new items was quick, and I appreciated the customization options for enabling autofill and autologin.

The autofill feature worked seamlessly across all the websites I tested, including Facebook, Amazon, and Twitter, without any issues. The password generator was handy, offering customizable options for secure passwords. Overall, I found the LastPass browser extensions reliable and consistent. It made my password management straightforward and stress-free.
LastPass desktop application
The LastPass desktop application for Mac is quick and easy to set up, just like the web app. The interface is identical to the web version, providing a consistent user experience.

However, I had some issues with the desktop application. I couldn’t edit some saved items, and autofill sometimes failed to detect known websites. By contrast, NordPass doesn’t have such issues. Despite these shortcomings, the desktop app includes a Quick Search feature that lets me locate and copy credentials without opening the application.
LastPass mobile app
The LastPass mobile application for OnePlus guided me through the setup process immediately after opening, offering to enable ease-of-use features like biometric login and autofill. The interface closely resembles the LastPass browser extension, so I found it user-friendly and intuitive.

All items are quickly accessible, and features are well labeled under their respective sections. I experienced no issues, and every feature worked flawlessly, ensuring a smooth and efficient mobile password management experience.
LastPass customer support
Option | Availability |
24/7 live chat | ❌ No (Personal and Business plan users only) |
Email support | ✅ Yes |
Knowledge base | ✅ Yes |
How-to guides | ✅ Yes |
Phone support | ❌ No (Personal and Business plan users only) |
LastPass’ customer support is quite limited when it comes to different ways that users can access help. There’s a chatbot that attempts to solve your problem using the questions and information you type in. The experience is very enjoyable, as the bot provides several options to choose from for every answer, leading to the final solution.
If the problem cannot be resolved, you can enter an email address into a support form, which registers your support ticket. In my experience, the support team responded within a day, and the issue was resolved after a single response, demonstrating efficient support.

There’s also a knowledge base that you can use to find guides for common problems and issues that LastPass users are likely to encounter. There’s a very convenient search bar that you can use to immediately get a list of all relevant articles.
24/7 web support and phone support are only available to Personal and Business plan users.
LastPass alternatives
If you're not sure if LastPass is good for you, take a look at some of th alternatives, including their price, login options, business plan availabilities, and more.
Rating | Price | Free version | Biometric login | Multi-factor authentication | Business plan | Open-source | |
---|---|---|---|---|---|---|---|
NordPass | $1.38/month | Yes | Yes ✅ | Yes ✅ | Yes ✅ | No ❌ | |
1Password | $2.99/month | 14-day trial | Yes ✅ | Yes ✅ | Yes ✅ | Yes ✅ | |
RoboForm | $0.99/month | Yes | Yes ✅ | Yes ✅ | Yes ✅ | No ❌ | |
Keeper | $1.67/month | Yes, and a 30-day trial | Yes ✅ | Yes ✅ | Yes ✅ | Yes ✅ | |
Dashlane | $3.75/month | Yes | Yes ✅ | Yes ✅ | Yes ✅ | Yes ✅ (Android and iOS apps) |
LastPass review: final verdict
It is still difficult to consider LastPass as trustworthy as some other top password managers on the market due to LastPass’ history of serious data breaches and overall security issues.
Despite offering an intuitive application, being easy to use, and including numerous useful features like one-time passwords, data breach monitoring, and credit monitoring, LastPass still has some drawbacks. It has faced security issues before, and the free version is limited to one device type and lacks direct customer support. The desktop app also struggles with editing saved items and autofill detection.
Overall, other password managers might be more reliable. NordPass and 1Password remain my top recommendations. LastPass can still be a good option for some due to its extensive features and ease of use, but users should stay updated on its security practices and carefully consider their needs.
How I tested LastPass password manager
I used our standard method for testing password managers. I tested LastPass by starting with its free desktop and mobile versions to evaluate its core features like password generation, storage, and syncing. Next, I tested the browser extensions to assess how effectively they capture and autofill login credentials.
After upgrading to the premium plan, I explored advanced features such as secure password sharing, dark web monitoring, and password health checks. Finally, I assessed its encryption standards, multi-factor authentication options, and overall user experience, ensuring that LastPass is intuitive, responsive, and secure for managing passwords across multiple devices.
FAQ
Is it safe to use LastPass anymore?
No, LastPass is considered no longer safe as it has experienced significant data breaches that have impacted its reputation. While it uses strong encryption and offers various security features, users should weigh these concerns when deciding if it's right for them.
Why did LastPass fail?
LastPass failings can be attributed not only to the breaches but also to handling the aftermath. Some criticize the password manager for taking months to notify users, not providing useful mitigation instructions, downplaying the severity of the data breach, and ignoring technical issues that have been known for years.
Who owns LastPass?
As of May 2024, LastPass is an independent password and identity management company directly controlled by private equity firms Francisco Partners and Elliott Management. Previously, it belonged to GoTo, which acquired LastPass in 2015.
Are LastPass notes encrypted?
Yes, LastPass notes and passwords are encrypted. Only you know your master password, which means that you can decrypt your vault with a decryption key derived from your master password. This is called zero-knowledge architecture, and no one should be able to access your notes and passwords.
When was LastPass last hacked?
LastPass was hacked in late 2022. The real effects of the breach were revealed in 2023. Threat actors successfully breached password vaults with both encrypted and unencrypted data of 25 million users.
How many times has LastPass been hacked?
LastPass has experienced three security incidents. In 2015, LastPass users’ email addresses and password reminders were leaked. In 2021, the company experienced a security incident when third-party trackers were found in the password manager’s Android application. In 2022, hackers breached the data of 25 million users.
Is LastPass still free?
Yes, LastPass still offers a free plan, which includes essential features like password storage, a password generator, and autofill. However, this free version limits users to one device type (desktop or mobile).