Is LastPass Password Manager worth using?
Manage your passwords with LastPass: An in-depth review
Have you ever struggled to remember a password for an account? It happens, we use a lot of accounts, and a different one for each. That makes it difficult to recall the passphrases, but you should not use passwords that are easy to guess either. This is why many prefer using a password manager to store them safely, generate secure passwords, etc. There are plenty of good ones you can choose from. LastPass Password Manager has been around for a long time, and we are going to take a look at everything it has to offer, and compare it with the competition.
LastPass key takeaways
- Generate secure passwords
- Autofill
- Encrypted Vault
- Secure Password Sharing
- Cross-platform access
LastPass main features & specifications summary
- Rating: 4.3/5
- Browser compatibility: Chrome, Firefox, Edge, Safari, Brave, Vivaldi, Opera
- Pricing: Freemium
- Features: Secure password generation, Password sharing, Cross-platform availability
LastPass pros & cons
Pros
- User-friendly
- Generate secure passwords
- Security check to analyze for weak passwords
- Available for all major platforms
- 2-factor authentication
- Browser-based (no desktop application required)
- Multiple recovery options
- Dark web monitoring (to check if your logins have been leaked)
- Can store addresses, notes, credit cards, etc
Cons
- Free accounts are limited to 1 device
- No email support for free users
- Not open source
- Premium subscription is expensive
- Telemetry enabled by default
- Mobile app is sub par compared to rivals
Download options for LastPass
- Chrome browser: https://chrome.google.com/webstore/detail/lastpass-free-password-ma/hdokiejnpimakedhajhdlcegeplioahd
- Firefox browser: https://addons.mozilla.org/en-US/firefox/addon/lastpass-password-manager/
- Safari browser: https://lastpass.com/misc_download2.php
- Edge browser: https://microsoftedge.microsoft.com/addons/detail/lastpass-free-password-m/bbcinlkgjjkejfdpemiealijmmooekmp
- Brave browser: https://chrome.google.com/webstore/detail/lastpass-free-password-ma/hdokiejnpimakedhajhdlcegeplioahd
- Opera browser: https://addons.opera.com/en/extensions/details/lastpass/
- Vivaldi browser: https://chrome.google.com/webstore/detail/lastpass-free-password-ma/hdokiejnpimakedhajhdlcegeplioahd
LastPass alternatives
Here is a comparison table of 6 alternative password managers to LastPass:
What is LastPass Password Manager?
LastPass is a cloud-based password manager available for computers and mobile devices. The encrypted vault data is stored securely on the company's servers. The database can be accessed across platforms: Windows, macOS, Linux, Android, iOS, and all major browsers.
Why do you need it?
It can be difficult to remember the passwords for each and every account that you have for online services. Trying to figure out a strong password is tough too, because if you forget it, that’s going to be a problem. The LastPass extension addresses both issues, and all you need to remember is a single master password to access all your logins. The password manager autofills your username and password without the need for typing the information manually.
How does LastPass work?
Your online credentials are locked in the LastPass vault. The only way to unlock it is by using the master password. Once the database is open, you can make changes to it, add new accounts, access/edit/manage your logins, open the corresponding pages with a click, etc.
LastPass features analysis
Let’s take a closer look at the best features of LastPass, to better understand what it has to offer.
Generate secure passwords
Have you ever tried coming up with a unique password with numbers, special characters, etc? It’s not as easy as it sounds. I think it’s easier to remember a complex password over time, than to actually come up with one. You don't have to think too hard about this, because LastPass Password Manager has a built-in password generator, which you can use to create unique, strong passphrases with a simple click of the mouse.
It allows you to select the rules for generating the passwords, such as using lower case, upper case letters, numbers, symbols, and the length of the password. Once the password is generated, you can save it to the vault, and access it the next time you want to login to the website you were on.
Autofill
Typing your username and password manually can become a chore, especially if they are long and contain special characters. Make a mistake and you have to start over, and that’s especially annoying if your passphrases are lengthy. Copying and pasting them from the password manager isn’t the most convenient method either. And what if you paste it into the wrong window, say a social network site, or a chat? That's not good.
LastPass Password Manager supports autofill, so you don’t have to enter your passwords manually. When you visit a web page that contains a login form, the extension will check your vault to see if the site's URL matches an associated account. And if it finds a match, LastPass will fill the username and password fields automatically, thus saving you the manual effort and time.
Dark Web Monitoring
Have you ever been a victim of a password breach or leak? It can be a traumatic experience. But more importantly, how do you know if one of your logins are compromised? LastPass' Dark Web Monitoring feature keeps an eye on such leaks, say if a social network's servers are hacked. LastPass will check the leaked credentials, and when it finds your username or password has been exposed by the breach, it sends you an email to alert you about it. Then you can act quickly to change your password, and secure your online identity.
Save Notes, Addresses, Credit Cards
LastPass isn't merely a password manager. You can use it to save notes securely, and access them from the vault. It also lets you save your address, which can be a huge time-saver, when you are filling up a form to sign up for a service. Don't type it out, autofill can do the job in a couple of clicks. You may also save your credit card information securely. When you are making an online purchase, don't bother looking at your wallet and taking the card out. Your payment information saved in the LastPass vault, can be used for payments.
Secure Password Sharing
Do you share online accounts with your family? A lot of people do that, for example, to share their Netflix subscription. How do you do that? You either tell them the password or send it to them. The latter isn’t a good idea, because in case it is intercepted by someone else, your account can be misused, aka identity theft.
LastPass Password Manager allows you to securely share passwords with other users, without actually allowing them to view what the passphrase is. This way, your family and friends can access Netflix (or whatever you’re sharing) but they have no idea what the password is, let alone have trouble remembering them. That is amazing, isn’t it? You may optionally allow them to view the password if required.
Emergency Access
The Emergency Access option in LastPass, when enabled, allows your trusted contacts to access your vault in case of emergency. You can set the number of days after which the contact can request access to the account, and you may decline the request within the same time period.
How to use the LastPass browser extension
LastPass is very user-friendly. But if you’re new to password managers, don’t worry about it. We are here to guide you through the setup process, and to help you configure the add-on. Here’s how to use it.
Step 1: Install the LastPass browser extension
Go to the official listing of the LastPass extension, we have provided links for all major browsers above. Choose the one that is appropriate, and install the plugin. You don’t need to install the LastPass desktop application, unless you want to use some of the advanced features.
Step 2: Log into your account
Sign in to your LastPass account if you have one. If you don’t have an account, you can sign up for free, and doing so gives you a free 30 day trial of LastPass Premium (no credit card required).
Step 3: Create your master password
You’ll be asked to create a master password to protect your vault. Don’t use stuff that others can guess like your birthday, nicknames, email address, etc. Choose something unique, which isn’t a pronounceable word. A combination of uncommonly used words is strong and easy to remember, though you may want to add a number and an upper case letter into the mix. If you forget your master password, you may recover it using a one-time recovery password, or your password hint, or biometrics (Android and iOS), or through SMS account recovery.
Step 4: Start adding passwords
Now that you have signed in to your LastPass account, you can access your vault. This is where the usernames and passwords are stored. But since you have just started, your vault is empty.
There are several ways using which you can store your logins in the vault. You may manually add the passwords from the vault. Or, you can go to the websites where you have an account, and manually sign-in to them. When you do that, LastPass will offer to store the data in your vault. Allow it, and the next time you visit the web page, the password manager will autofill the login credentials for you.
If you’re coming from a different password manager, you can import your passwords from the database to LastPass. It supports CSV, XML, Text files, etc, to make the process easier.
Step 5: Consider changing your passwords with the password generator
When was the last time you changed your email’s password, or your bank’s or social accounts’? You may want to update the passwords, and LastPass can come in handy here. The built-in password generator makes the task simpler.
Step 6: Enable 2-factor authentication
Since your LastPass account is a cloud-based one, you need to protect it by enabling 2-factor authentication, to prevent hackers from accessing your logins. LastPass supports many multifactor authentication apps including LastPass Authenticator, Google Authenticator, Microsoft Authenticator, etc. If you prefer using a different app like Authy, AndOTP or Aegis, you can use that too.
Premium users get two additional methods to unlock the vault, you may use a YubiKey USB device or the fingerprint scanner on your device. Business users have one more option, to use the Salesforce Authenticator.
Step 7: Take the security check
Are your passwords secure? Have you reused the same password on multiple sites? This is actually pretty common. But that doesn’t mean it’s a good thing. LastPass has a built-in security audit function, called Security Dashboard, which can be used to check your login information for potential issues, like duplicated passwords, weak passwords, etc. When it finds a problem, the password manager will alert you, and you can use the password generator to replace a weak password with a secure one.
Step 8: Enable log out after browser is closed
LastPass, by default, does not lock your vault when you close the browser. So, if you were logged in and finished your browsing session, and someone else opened the browser, they can access your vault.
This is not good for privacy and security, so you should go to the Extension Preferences > General > Security, and toggle the box that says Log out when all browsers are closed. You may optionally enable the 2nd setting as well, which will lock the vault after a specific number of minutes.
Step 9: Disable telemetry
The password manager extension collects some anonymous data as you use it. You can disable LastPass’ telemetry collection, by navigating to the Account Settings > General > Show Advanced Settings > Privacy.
There are three options in this section, that you should turn off. “Track History, Help Improve LastPass, and Enable App Attribution".
Step 10: Download the mobile apps
LastPass has official mobile apps for both iOS and Android. Download the app on your smartphone or tablet, and login to your account. LastPass' autofill feature works on both mobile operating systems, regardless of the browsers you use. All changes you make to the vault are synchronized across the platforms.
Frequently asked questions about LastPass
Is LastPass safe to use?
LastPass stores your credentials in a database that is encrypted with a master password. This master password is the key that is used to encrypt and decrypt the vault. The password manager encrypts the vault locally on your device, before it sends the database to be stored on its servers. Only you have access to the key, so even if LastPass suffers from a server breach, your logins are safe, since they are encrypted with a passphrase only known to you. The password manager uses 256-bit AES Encryption to secure your vault. A one-way salted hashing is done by including your username to the master password, after with LastPass hashes the data using PBKDF2-SHA256 rounds to further strengthen the security.
LastPass has had a few security issues in the past, though the vulnerabilities were patched quite quickly. The vault's contents were never affected by these flaws, so yes it is safe to use the service.
How does LastPass make money?
LastPass offers a premium service, which offers some extra features. Premium subscribers are the revenue generators for the company, there are no ads in the free version.
What browsers does LastPass support?
LastPass supports all major browsers including Google Chrome, Mozilla Firefox, Microsoft Edge, Opera Browser, Brave Browser and Vivaldi.
What is the difference between LastPass Free and Premium?
You can try LastPass Premium for free for 30 days. The main drawback of the free account is that it is limited to 1 device, but with a premium subscription, you can use the service on any number of devices. The pro version supports one-to-many sharing, which allows you to share your passwords with multiple users, as opposed to 1 user with the free model.
Going premium gives you 1GB of online storage space, which you can store sensitive documents safely in the cloud. Security Dashboard, Darkweb Monitoring, Emergency Access, and Email Support are the other features exclusive to the premium subscription of the password manager. LastPass Premium includes a free 30-day trial of ExpressVPN.
Bottom line, is LastPass worth it?
LastPass is easy to use, offers all the core features that you'd expect from a password manager, and for the price of free I don't have any complaints with the extension, except for the telemetry, but that can be disabled. That said, the main issue with the free version is that synchronization is restricted to a single device, PC or mobile. Let's face it, if you rely on a password manager, you probably want to use it on your computer and smartphone. But LastPass Premium isn't cheap, the company charges you $3 a month, and that’s before taxes. So, you could wind up paying well over $36 for a year’s subscription.
On the other hand, Bitwarden is the perfect free alternative for LastPass alternative, since it offers nearly the same experience of LastPass (free), but without limiting you to a single device. The service’s extensions and mobile apps are open source, unlike its rival’s proprietary software. The LastPass mobile app is not great, it's clunky. Bitwarden's app has a better GUI, and just works better. Or, you could opt for an offline program such as KeePass Password Safe on your PC, an unofficial open-source mobile app like Keepass2Android Password Safe or AuthPass, and a browser extension like Kee. Store your encrypted database in a cloud storage service, and there's your free cross-platform synchronization.
Disclaimer
Ghacks strives to be a trusted and unbiased website. In some specific cases, we may earn an affiliate commission or write a sponsored article, but an explicit disclaimer will always tell our readers when an advertiser or an affiliate partner is supporting one of our articles. If no disclaimer (as in this case), it means that we work with total editorial independence.
LastPass is no longer free in any way.
It cost me $36 (U.S.) a year, which is not a lot.
I have been using it for a long time and it works very well.
I use Bitwarden as a back up and it works very well, too.
The free version is great is all you need is the password manager.
I’ve used LastPass. Then I was asked to change my master password due to conflicts. Three months later and I can’t get into my account. All my passwords are locked. No phone technical support, email support was “sorry”. I’ve changed password managers and will never go back to thos poorly supported product.
Same thing happened with me, used LastPass, disabled master password revert setting, and all of a sudden I was locked out of account even though I didn’t changed master password – just one setting, yet LastPass would show my master password incorrect. Then I deleted my LastPass account, switched to Bitwarden and so far so good. Since then keeping encrypted backups of Bitwarden in cloud storage as well, just in case.
Something really stinks about this “article”.
True, all the trolls suggesting it’s an ad.
I use Bitwarden, not LastPass but seriously some stupid folks saying this is an advertisement article. Seriously folks it only takes a couple of minutes to check it on any other article here at Ghacks if things are same or not. And if it is indeed an advertisement then author states as such in the beginning. Trolls, time has come to take some reading lessons.
Salient software question: How does ***** make money?
LastPass was obviously hoping their free users would see the benefit and upgrade to paid. You can’t help wondering how that worked out for them. Some probably started paying. LastPass would not shed a tear about those they lost, which were not a source of profit.
I had to turn on my adblocker in order to see your full table — the ads obscured the last two columns
For several years I was a happy LastPass user, and a staunch evangelist. Over the past couple of years they’ve been making changes that I wasn’t entirely happy with, but I stuck with it. A few weeks ago, though, I switched to Bitwarden. Why? Well, here’s what happened. I put a new hard drive in my laptop, and reinstalled the OS. I added the browser extension for LastPass to my browser, and tried to log in. I have a long, complicated password, and 2FA (Authy). This, however, was apparently not enough for LastPass. I got a pop-up saying something like “This device isn’t recognized. To log in, you’ll have to use the link we sent to your email”. Are you kidding me? The whole point of using a password manager is that you don’t have to remember individual passwords, like the one for your email account. So how in the world does LastPass expect someone to log into their email if they can’t open the password manager? I’m still shaking my head over the level of incompetence and stupidity this represents. In my case it wasn’t an insurmountable problem, as I have a separate KeePass database of critical passwords, but if I didn’t I would have been in serious trouble. Nevertheless, this incident convinced me that Lastpass cannot be relied upon, and it’s time to move on. The icing on the cake is that I find I actually prefer using Bitwarden.
+1. This “review” is an embarrassment.
I used LP for years. It became unstable on Firefox, their free-version support became awful, and they pulled features from the free version.
Switched most of my clients to free, solid, open-source KeePass and they’re happy.
Switched those who needed a cloud PW manager to free, solid, open-source Bitwarden and they’re happy.
I hope this isn’t the future of ghacks.
Paid advertisement not being shown as a PAID ADVERTISEMENT until the end of the article. Omitted from the title and rss feed unlike every other PAID ADVERTISEMENT you have done in the past.
Stop doing that or I’ll go elsewhere for my news.
Lastpass is garbage now. Bitwarden is far superior and open source.
This is not a sponsored post/advertisement.
With Microsoft Authenticator app and Edge browser password sync being available, there is no reason to use any of these online password managers anymore.
Unless you’re one of the 96% of Internet users that don’t use Edge.
Still deleting comments?
Closed source + online = dangerous (gets hacked, no control over data, etc).
Use open-source / offline PM: e.g Keepass
We are not deleting comments, but comment moderation may prevent comments from appearing immediately.
LastPass used to be pretty great. But these days their free product isn’t as functional as Bitwarden, and their paid product doesn’t hold a candle in either ease of use or reliability to 1Password.
It’s still better than NO password manager, and it’ll definitely do its job, but… I dunno, personally I find it impossible to recommend at any price given the other options out there.
Yes!
Never ever trust an online (closed source) Password manager! Servers get hacked + you don’t know how secure their software is
use something like keepass. Open source and offline!
The free version is limited to ONE TYPE of device. I am using the free version on 5 laptops and 3 desktops. You would only need to pay if you wanted to utilize Lastpass on both PCs and smartphones.
Con:
LastPass doesn’t support Vivaldi on Android, and refuses to do so, or even give a competent reply to questions about this.
Feb 16: ‘LastPass Free will be severely limited on March 16, 2021’
Feb 17: ‘How to migrate from LastPass to Bitwarden Password Manager’
Feb 20: ‘Migrating from LastPass to an alternative password manager? KeePass vs Bitwarden, which one will you choose?’
Aug 24: sponsored one-sided promo with the fact ‘disclosed’ by a single, as-inconspicuous-as-possible word ‘Advertisement’ at the absolute bottom of the article, conveniently omitted from the RSS version too.
This isn’t how you ‘regain the trust of users’, Softonic.
No wonder you want to remain ‘annoymous’ – did no one tell you to ‘look before you leap (to conclusions) or to ‘think before keyboarding’ or even ‘YOU are the problem’.
This is not an advertisement. Your ad-blocker is blocking the ad at the bottom of pages but does not remove the line “advertisement”.
Just thought I’d point out that even with ublock disabled on Ghacks I don’t see any adverts in Vivaldi. Ad-block is off in Vivaldi as well.
The word ‘Advertisement’ appears at the bottom of every Ghacks article. It does not indicate the article is a paid advert.
Maybe do at least a tiny bit of research before rushing into print. Or have you perhaps been conditioned to expect such behaviour by your Softonic gurus?
> with the fact ‘disclosed’ by a single, as-inconspicuous-as-possible word ‘Advertisement’ at the absolute bottom of the article
This is not actually an ad – the word ‘Advertisement’ at the bottom of articles appears when your adblocker removes the actual ad which is generally placed in that location.
Where you see “Advertisement” there is a video advertisement below, if you do not see it perhaps you have something blocking that particular revenue stream.
If this site ever does run sponsored articles I would hope they make it clear, like they do with the “Ghacks Deals”.
Unfortunately they delete a lot of posts.
Last post got deleted (nice move ghacks!).
Here again:
never use an online and closed-source service as a Password manager. Servers get hacked and you have no control over your data and how it is stored.
Use a open source solution which is ideally offline as well. Like KeePass or other services!
Example: https://blog.lastpass.com/2015/06/lastpass-security-notice/
We are not deleting posts, moderation may prevent posts from being published immediately, e.g. if they contain links.
While I agree it does seem like a one-sided promo, every Ghacks article has the ‘Advertisement’ at the bottom of each page.
It’s like a placeholder for an advert that isn’t used.
well said, Posts like this need to be clearly marked as an advertisement, in their own category and in the title. Shameful.
What this guy said.
Does “advertisement” apply to the article, or is it just the place another ad would appear if you didn’t have an adblocker installed?