So much of what we do today is online: banking and shopping, consuming media, chatting with friends, and playing games. That creates many accounts and memberships, and each one requires a password. To manage it all, some people use the same simple password for every site, while others keep their passwords in a spreadsheet or on a piece of paper in their desk drawer or on post-it notes around their monitor. All of these are bad ideas.
The best way to manage passwords is with a password manager, and LastPass is a good one, especially if you’re looking for a free solution. It’s available for Mac, Windows, Linux, iOS, Android and Windows Phone, and extensions are available for most web browsers. I’ve used it, and recommend it.
The software has been around for quite a while and has good reviews. As the password management category has become more crowded, LastPass has made changes to keep up with the competition, especially since it was acquired by LogMeIn in 2015. The app’s price has been increased (from $12/year in 2016 to $36/year in 2019), its interface has been updated, and the way support is handled has changed. This has all been controversial with some long-term users, but in general, LastPass remains a quality product.
Despite the price rise, LastPass continues to offer a very capable free plan—probably the best in the business. There is no limit to the number of passwords you can manage, or the number of devices you can sync them too. It allows you to generate strong passwords, share them with others, keep secure notes, and audit the health of your passwords. That’s all that many users need.
The company also offers a Premium plan for $36/year and a Family plan for $48/year (that supports up to six family members). These plans include more advanced security and sharing options, 1 GB of file storage, the ability to fill in passwords on Windows applications, and priority support. A 30-day free trial is available, as is a Team plan for $48/year/user along with other business and enterprise plans.
- Excellent security
- Usable free plan
- Security Challenge password audit
- Premium plan doesn’t offer enough value
- Support is not what it used to be
Why Should You Trust Me?
My name is Adrian Try, and I’ve been using password managers for over a decade. I used LastPass for five or six years from 2009, both as an individual and a team member. My managers were able to give me access to web services without me knowing the passwords, and remove access when I no longer needed it. And when people moved on to a new job, there were no concerns about who they might share passwords with.
I set up different user identities for my different roles, partly because I was bouncing between three or four different Google IDs. I set up matching profiles in Google Chrome so that whichever job I was doing I had the appropriate bookmarks, open tabs and saved passwords. Changing my Google identity would automatically switch LastPass profiles. Not all password managers are so flexible.
Since then I’ve been using Apple’s iCloud Keychain that allows me to sync my passwords to all of my devices for free, something LastPass’ free plan didn’t do at the time but does now. Writing this series of reviews on password managers is welcome because it gives me the opportunity to see how the landscape has changed, what features are now being offered by full-featured apps, and which program best meets my needs.
So I logged into LastPass for the first time in many years and was gratified to see all of my passwords are still there. The web app looks different and has new features. I installed the browser extensions and took it through its paces over a week or so. Read on to see if it’s the best password manager for you.
LastPass Review: What’s In It For You?
LastPass is all about keeping your passwords and private information secure, and I’ll list its features in the following eight sections. In each subsection, I’ll explore what the app offers and then share my personal take.
1. Securely Store Your Passwords
The best place for your passwords isn’t on a sheet of paper, a spreadsheet, our your memory. It’s a password manager. LastPass will securely store your passwords on the cloud and sync them to every device you use so they’re available whenever and wherever you need them.
But isn’t that like putting all your eggs in one basket? What if your LastPass account was hacked? Wouldn’t they get access to all your other accounts? That’s a valid concern. But I believe that by using reasonable security measures, password managers are the safest places to store sensitive information.
Good security practice starts with choosing a strong LastPass Master Password and keeping it safe. That’s important because you’re the only one who knows the master password. Losing your master password is like losing the keys to your safe. Make sure it doesn’t happen, because if it does, LastPass won’t be able to help. They don’t know your master password or have access to your information, and that’s a good thing. Even if LastPass was hacked, your data is safe because without the master password it’s securely encrypted.
I read through hundreds of user reviews of LastPass, and you wouldn’t believe how many people gave LastPass Support the lowest possible score because they couldn’t help them when they lost their own master password! That’s obviously not fair, though I sympathize with those users’ frustration. So choose a memorable master password!
For additional security, LastPass uses two-factor authentication (2FA). When you try to log in on an unfamiliar device, you’ll receive a unique code by email so you can confirm that it’s really you logging in. Premium subscribers get additional 2FA options.
How do you get your passwords into LastPass? The app will learn them each time you log in, or you can manually enter them into the app.
There are also quite a number of import options, allowing you to bring in passwords stored in another service.
These don’t import directly from the other app. You’ll first need to export your data into a CSV or XML file.
Finally, LastPass offers several ways to organize your passwords. You can do this by setting up folders, or if some of your passwords are related to the different roles you have, you can set up identities. I found this particularly helpful when I had a different Google ID for each role.
2. Generate Strong, Unique Passwords for Each Website
Weak passwords make it easy to hack your accounts. Reused passwords mean that if one of your accounts is hacked, the rest of them are also vulnerable. Protect yourself by using a strong, unique password for every account. If you like, LastPass can generate one for you every time.
The LastPass website offers ten tips for creating the best passwords. I’ll summarize them:
- Use a unique password for each account.
- Don’t use personally identifiable information in your passwords like names, birthdays and addresses.
- Use passwords that are at least 12 digits long and contain letters, numbers, and special characters.
- To create a memorable master password, try using phrases or lyrics from your favorite movie or song with some random characters added unpredictably.
- Save your passwords in a password manager.
- Avoid weak, commonly used passwords like asd123, password1, or Temp!. Instead, use something like S&2x4S12nLS1*, JANa@sx3l2&s$, 49915w5$oYmH.
- Avoid using personal information to answer security questions—anyone can find out your mother’s maiden name. Instead, generate a strong password with LastPass and store it as the answer to the question.
- Avoid using similar passwords that differ by just a single character or word.
- Change your passwords when you have a reason to, like when you’ve shared them with someone, a website has had a breach, or you’ve been using it for a year.
- Never share passwords via email or text message. It’s more secure to share them using LastPass (see below).
With LastPass, you can create a strong, unique password automatically, and never have to type or remember it, because LastPass will do that for you.
You can specify that the password is easy to say…
…or easy to read, to make the password easier to remember or type when necessary.
My personal take: We’re tempted to use weak passwords or reuse passwords to make it easier to remember them. LastPass removes that temptation by remembering and typing them for you and offers to create a strong password for you every time you create a new account.
3. Automatically Log into Websites
Now that you have long, strong passwords for all of your web services, you’ll appreciate LastPass filling them in for you. There’s nothing worse than trying to type a long, complex password when all you can see is asterisks. If you install the LastPass browser extension, it will all happen right there on the login page. If you have multiple accounts, LastPass will display a menu of options.
The easiest way to install extensions is with the LastPass Universal Installer for your operating system. This will automatically install LastPass in every browser on your system, and add some features that you’ll miss out on if you just install the browser extension manually.
You’ll be offered a choice of browsers. You probably want to leave them all selected so LastPass can fill in your passwords whichever one you happen to be using.
Then you’ll need to sign into your LastPass account on each browser. You may also need to activate the extension first, as I did with Google Chrome.
One concern: the Mac installer is still only 32-bit, and will not work with macOS Catalina. I assume LastPass will fix this very soon.
You might be concerned about LastPass automatically typing your password, especially for financial accounts. You wouldn’t want that to happen if someone else borrows your computer. You can configure the app to ask for your master password every time you log in to a site, but that could become tedious. Instead, set up your most sensitive accounts to require a password reprompt.
My personal take: Complex passwords are no longer difficult or time-consuming. LastPass will type them for you. For extra security, you can require that your master password is typed before it does this. That’s the best of both worlds.
4. Grant Access Without Sharing Passwords
Instead of sharing passwords on a scrap of paper or a text message, do it securely using LastPass. Even the free account can do this.
Notice that you have the option of the recipient not being able to view the password. That means they’ll be able to access the website, but not share the password with others. Imagine being able to share your Netflix password with your kids knowing they can’t pass it on to all their friends.
The Sharing Center shows you at a glance which passwords you’ve shared with others, and which they’ve shared with you.
If you’re paying for LastPass, you can simplify things by sharing entire folders. You could have a Family folder to which you invite family members, and folders for each team you share passwords with. Then to share a password, you’d just add it to the right folder.
My personal take: As my roles in various teams evolved over the years, my managers were able to grant and withdraw access to various web services. I never needed to know the passwords, I would just be automatically logged in when navigating to the site. That’s especially helpful when someone leaves a team. Because they never knew the passwords to begin with, removing their access to your web services is easy and foolproof.
5. Automatically Log into Apps on Windows
It’s not just websites that need passwords. Many applications also require you to log in. If you’re a Windows user and a paying customer, LastPass can handle that as well.
My personal take: This is a great perk for paying Windows users. It would be nice if paying Mac users could also be automatically logged into their applications.
6. Automatically Fill in Web Forms
Once you’re used to LastPass automatically typing passwords for you, take it to the next level and have it fill in your personal and financial details as well. The Addresses section of LastPass allows you to store your personal information that will be filled in automatically when making purchases and creating new accounts—even when using the free plan.
The same goes for the Payment Cards section…
…and the Bank Accounts section.
I tried creating some personal details in the LastPass app, but for some reason it kept timing out. I’m not sure what the problem was.
So I opened my LastPass vault in Google Chrome, and successfully added an address and credit card details. Now when I need to fill in a form, LastPass offers to do it for me.
My personal take: Automatic form filling is the next logical step after using LastPass for your passwords. It’s the same principle applied to a wider range of sensitive information and will save you time in the long run.
7. Securely Store Private Documents and Information
LastPass also offers a Notes section where you can store private information safely and securely. Think of it as a digital notebook that’s password-protected where you can store sensitive information such as social security numbers, passport numbers, and the combination to your safe or alarm.
You can attach files to these notes (as well as addresses, payment cards, and bank accounts, but not passwords). Free users are allocated 50 MB for file attachments, and Premium users have 1 GB. To upload attachments using a web browser you will have had to have installed the “binary enabled” LastPass Universal Installer for your operating system.
Finally, there’s a wide range of other personal data types that can be added to LastPass.
LastPass now lets you store 13 other types of personal data. These include logical items such as driver’s licenses, passports, and social security numbers. There are also some odd ones, like database and server logins, and software licenses. I had to resort to Google to remind myself what an SSH Key is. When you create an instance of an item type, that type appears on the left-rail menu, which scrolls if necessary. (PCMag Australia)
These need to be filled in manually, rather than just taking a photo, but you can add a photo of, say, your driver’s license as a file attachment.
My personal take: You probably have a lot of sensitive information and documents that you’d like to have available at all times, but hidden away from prying eyes. LastPass is a good way to achieve that. You rely on its strong security for your passwords—your personal details and documents will be similarly protected.
8. Evaluate Your Passwords with “Security Challenge”
Finally, you can perform an audit of your password security using LastPass’ Security Challenge feature.
This will go through all of your passwords looking for security concerns including:
- compromised passwords,
- weak passwords,
- reused passwords, and
- old passwords.
I performed a security challenge on my own account and received three scores:
- Security score: 21% – I have a lot of work to do.
- LastPass standing: 14% – 86% of LastPass users are doing better than I am!
- Master password: 100% – my password is strong.
Why is my score so low? Partly because I haven’t used LastPass for many years. That means all of my passwords are “old”, because even if I changed them recently, LastPass doesn’t know about it. A second concern is duplicate passwords, and in fact I do reuse the same password from time to time, though not the same password for every site. I need to improve here.
Finally, 36 of my passwords are for sites that have been compromised. That doesn’t mean my own password was necessarily compromised, but it’s a good reason to change my password just in case. Each of these breaches took place over six years ago, and in most cases, I already changed the password (though LastPass doesn’t know that).
Like Dashlane, LastPass offers to automatically change the passwords of some sites for me, which is incredibly handy, and even available to those using the free plan.
My personal take: Just because you start to use a password manager doesn’t mean you can become complacent about security. LastPass helps you identify security concerns, lets you know when you should change a password, and in many cases will even change it for you at the press of a button.
Reasons Behind My Reviews and Ratings
LastPass is a full-featured password manager and includes helpful features like a password changer, Password Challenge audit, and identities. It works on virtually all desktop and mobile operating systems and web browsers.
LastPass offers the best free plan that I’m aware of, and is my recommendation if that’s what you’re after. Despite significant price rises over the last few years, LastPass’s Premium and Family plans are still competitive, and worth considering, though I recommend you check out the competition as well.
Ease of Use: 4.5/5
Once installed, LastPass is easy to use and navigate. There are several ways to install the LastPass browser extension, and you’ll miss out on some important features you don’t use the binary-enabled LastPass Universal Installer. In my mind they could make this a little clearer on the Downloads page.
The LastPass Support page offers searchable articles and video tutorials that cover “Get Started”, “Explore Features” and “Admin Tools”. Business users can register for free live training. A blog and community forum are also available.
You can submit a support ticket, but there are no links to do this on the Support page. To submit a ticket, search the help files for “How do I create a ticket?” then click on the “Contact Support” link at the bottom of the page. This really makes it seem that the support team doesn’t want you to contact them.
Help and phone support is not offered, but this isn’t unusual for a password manager. In user reviews, many long-term users complain that support is not as reliable since LogMeIn started providing it.
Alternatives to LastPass
Dashlane: Dashlane (Windows, Mac, Android, iOS, Linux) is a safe, simple way to store and fill passwords and personal information. Manage up to 50 passwords with the free version, or pay $39.96/year for the premium version. Read our full review here.
1Password: AgileBits 1Password (Windows, Mac, Android, iOS, Linux) is a full-featured, premium password manager that will remember and fill in your passwords for you. The Personal plan costs $35.88/year, the Family (5 family members included) costs $59.88/year, and the Team plan $47.88/user/year. A free plan is not offered. Read our full review of 1Password here.
Roboform: Roboform (Windows, Mac, iOS, Android) is a form-filler and password manager that securely stores all of your passwords and logs you in with a single click. A free version is available that supports unlimited passwords, and the $23.88/year Everywhere plan offers sync across all devices (including web access), enhanced security options, and priority 24/7 support. Read our review here.
Sticky Password: Sticky Password (Windows, Mac, Android, iOS, Chrome, Firefox, Safari, Internet Explorer, Opera and more) saves you time and keeps you safe. It automatically fills in online forms, generates strong passwords, and automatically logs you into the websites you visit. The free version gives you password security without sync, backup and password sharing. The Premium version costs $29.99/year or $149.99 lifetime. Read our full review here.
Keeper Password Manager: Keeper (Mac, Windows, Linux, iOS, Android, Chrome, Firefox, Safari, Internet Explorer, Edge, Opera) protects your passwords and private information to prevent data breaches and improve employee productivity. There are a wide variety of plans available, including a free plan that supports unlimited password storage. The max bundle plan costs $59.97/year. Read our detailed review here.
Abine Blur: Abine Blur protects your private information, including passwords and payments. Besides password management, it also offers masked emails, form filling, and tracking protection. A free version is available, and the Premium version costs $39/year basic, or $99/year unlimited. Read our full Blur review here.
McAfee True Key: True Key (Windows, Mac, iOS, Android, Chrome, Firefox, Microsoft Edge) auto-saves and enters your passwords, so you don’t have to. A limited free version allows you to manage 15 passwords, and the premium $19.99/year version handles unlimited passwords. Read our review here.
If you’re not already using a password manager, your first step might be to use a free one, and LastPass offers the best free plan I’m aware of. Without paying a cent, the app will manage an unlimited number of passwords, sync them to every device, generate strong, unique passwords, store sensitive information, and let you know which passwords need to be changed. That’s all that most users need.
With such a good free plan, why would you pay for Premium? While the extra storage and enhanced security may tempt some, I suspect that the Family and Team plans offer more incentive. The ability to set up shared folders is a huge benefit here.
With significant price increases over the last few years, LastPass’ Premium and Family plans are now comparable with 1Password, Dashlane and others, and a few competitors are significantly cheaper. That means it’s no longer a clear winner for those willing to pay for a password manager. I recommend you take advantage of the 30-day trial periods of several products to see which best meets your needs.