Before I started using LastPass, my password game was weak. The most I did was use numbers, but they were always the same numbers. I occasionally capitalized the first letter of whatever very common English word I was using, and I never used symbols because I didn’t want to have to type symbols.
I’m only telling you this because I’ve been using LastPass for so long, I can’t remember when I started. I used LastPass’s extremely generous free version for years and years … until last year, when LastPass announced free users would now be limited to access on only one type of device — computer or mobile. I wasn’t against paying for a service, but I figured I would check out the other options before locking myself in.
LastPass does many things very well — it syncs quickly and works seamlessly across multiple platforms and its free tier is still somewhat generous for a free tier (but not generous enough). But LastPass has also had some security issues in its past, including one data breach (though no encrypted information was leaked). No password manager is immune to security issues, but there are others, such as 1Password, with cleaner track records.
Costs and What’s Covered in LastPass
LastPass offers three plans for personal users: Free, Premium (one user) and Family (up to six users).
LastPass’s free plan includes unlimited password storage, automatic syncing and two-factor authentication (2FA) with LastPass’s Authenticator app. Free users also have access to LastPass’s password generator, its one-to-one sharing service, and security notes.
LastPass’s free plan used to allow unlimited syncing across different device types, but this changed in March 2021. Free users are now limited to one device type: Computer (desktops and laptops) or mobile (phones, tablets and smart watches). There’s no limit to the number of devices you can sync within your chosen category, but you’ll need to upgrade if you want to access your passwords on both your phone and your computer.
LastPass’s Premium plan is $36 per year, almost exactly the same price as competitors such as 1Password ($35.88) and Keeper ($34.99). Premium users get the same features as free users, plus unlimited syncing between device types, one-to-many sharing and 1GB of file storage. Paying also gets you extra security features, including emergency access, advanced multi-factor authentication, a security dashboard for analyzing password integrity and monitoring the dark web and access to email support.
LastPass’s Family plan has the same features as the Premium plan, as well as unlimited shared folders between users. At $48 per year for up to six people, LastPass Family is cheaper than the competition — 1Password’s and Keeper’s family plans only cover five people and cost $59.88 and $74.99 per year, respectively.
LastPass has desktop apps for PC (Windows 8.1 or later) and macOS (the two most recent versions) and browser extensions for Chrome, Firefox, Safari, Opera, Microsoft Edge and Internet Explorer. LastPass also offers two mobile apps: LastPass Password Manager lets you access your passwords and LastPass Authenticator provides 2FA. Both mobile apps are available on Android (6.0 or higher) and iOS (13 or higher).
Setup and Web/Desktop in LastPass
To get started with LastPass, you’ll need to sign up using your email address and a strong master password that is at least 12 characters long and includes upper case letters, numbers, and symbols. You can also fill out an optional password hint (not a security question).
You will then be prompted to install the LastPass browser extension for your browser. LastPass offers both basic and “full” versions of its browser extensions; the full versions feature extra functionality via a binary component. The initial prompt will direct you to the basic version of your browser extension; to get the full version, you’ll need to download it directly from LastPass.
Once you’re logged in, LastPass will redirect you to your password vault. On the right side of the vault you’ll see the “starter kit,” or a series of steps that walk you through setting up your account. You don’t need to set up your account immediately, but completing all of the objectives in the starter kit will earn you a 10 percent discount on a paid plan.
LastPass has desktop apps for Windows and macOS, but they’re a little redundant — they allow you to access your password storage but not your account settings, while the web vault lets you access both.
The web vault is relatively straightforward: A collapsible left menu holds a list of different item types (passwords, notes, addresses, payment cards and bank accounts are the default categories) as well as links to the security dashboard, sharing center, emergency access, account settings, advanced options, and help. You can add new entries by clicking the red plus sign in the lower right corner; LastPass has several templates for different item types (including passports, insurance policies and software licenses) as well as the option to create custom templates. If you need to store information that doesn’t fit in a template, you can store it as a note.
If you already have your passwords stored somewhere, or if you’re thinking of storing your passwords somewhere else, you can find the import and export tools in advanced options. LastPass imports from 30+ different formats, including several that no longer exist; with a little editing, you can also import your own Excel file.
About a year ago I tried to export my passwords from LastPass and I kept getting a disorganized window full of text instead of the promised CSV file. I eventually found that exporting to CSV only worked through the browser extension and not the vault. I don’t think this is a dealbreaker, especially because LastPass works very smoothly most of the time, but it was a surprising problem.
You might not even have to go into the web vault too often, because you can access most of LastPass’s features from the browser extension. You can search, add and edit entries in your vault from the browser extension, as well as generate secure passwords (and see a history of recently-generated passwords).
This is a super minor detail, but I appreciate that LastPass’s browser extension has a dropdown button for copying your username or password for an entry — some password managers have one-click copying buttons and I am always accidentally clicking them when I’m trying to do something like edit an entry with a new randomly-generated password.
Mobile Apps for LastPass
LastPass offers a pretty seamless experience across platforms, which is probably why limiting free users to one device type felt like such a personal attack. Like its browser extension, LastPass’s mobile app is pretty robust and lets you access most of LastPass’s features. For extra security, it also supports biometric authentication (Face ID or Touch ID).
The mobile app is divided into three sections: Vault, Security, and Settings. You can launch, edit, and add new entries to your vault, generate secure passwords, take the security challenge, and change phone-related settings. You will still need to use the web vault to access the security dashboard and turn on some of the more advanced security features, such as dark web monitoring and multi-factor authentication.
I have had a couple of issues getting the mobile app to populate credit card forms, but for the most part, the mobile app is excellent. I’ve had other password managers get tripped up on app permissions or fail to sync quickly enough between devices for my liking, but I can save a password in LastPass on my desktop, open the mobile app immediately, and it’s already there.
Security in LastPass
LastPass’s security protocols are the same as most of its competitors: AES-256 encryption and zero-knowledge technology, meaning your data is encrypted locally and cannot be accessed or recovered by LastPass.
Free and paid LastPass users have access to 2FA through LastPass’s Authenticator app (LastPass also works with other authenticator apps, such as Microsoft Authenticator and Google Authenticator). Paid users can set up additional forms of multi-factor authentication, such as fingerprint readers and hardware keys.
LastPass doesn’t know your master password and cannot recover it for you. You can recover your account, though, should you lose your master password — and yes, this does make it less secure, but security is about finding a balance between convenience and total lockdown.
There are actually several ways to recover your account: You can get a one-time recovery password from a recognized device/browser, you can revert to an old master password, you can sign in with biometrics on your mobile device, you can get a reset code via text, and you can use the password hint you may have entered during sign up. You probably shouldn’t set up all of these options (especially not the last two), but at least there are options.
LastPass follows the same strict security protocols as its competitors, but the company has had multiple security concerns in the past: In addition to the data breach in 2015, bugs have been found in LastPass’s browser extension and unnecessary trackers have been found in its mobile app. It’s not the only password manager to have had security snafus, but it has been more consistently plagued by vulnerabilities (especially in the app and browser extensions) and privacy concerns than managers such as 1Password and Dashlane.
Back when LastPass offered unlimited syncing and device switching for unpaid users, it was sort of a no-brainer for everyone to sign up. But limiting free users to one device type has definitely made other password managers worth a look — even if LastPass’s free version does have features you won’t see in many other free password managers.
If you’re looking for something completely free, Bitwarden’s free service doesn’t run as smoothly as LastPass’s, but it does offer syncing across unlimited devices. If you’re willing to pay for a password manager, LastPass is a more seamless cross-platform tool than other services I’ve used (including Keeper and Dashlane), and the Family plan is an especially good deal. It’s not perfect — no password manager is — but LastPass may be your best option.