LastPass quick detailsOur score: 3.4 stars out of 5.
|
In 2022, LastPass skilled two main knowledge breaches that resulted in buyer knowledge being stolen. This knowledge consisted of encrypted fields comparable to web site usernames and passwords, safe notes and form-filled knowledge, and unencrypted knowledge comparable to web site URLs.
Whereas LastPass provides an honest password supervisor expertise with its slew of two-factor authentication choices and constant password seize and replay, its latest safety incidents stop us from recommending their service.
Is LastPass secure?
No, LastPass isn’t secure to make use of as a result of its unlucky knowledge breaches lately. LastPass skilled two main knowledge breaches that led to each LastPass buyer and firm knowledge being stolen. The primary incident, which occurred in August 2022, concerned a software program engineer’s company laptop computer being compromised.
In line with LastPass, the incident allowed a nasty actor “to achieve entry to a cloud-based growth setting and steal supply code, technical data, and sure LastPass inside system secrets and techniques.” The corporate reiterated that “[n]o buyer knowledge or vault knowledge was taken throughout this incident.”
LastPass disclosed a second breach on November 22, 2022, whereby the information gained within the August 2022 breach was utilized to entry LastPass buyer knowledge. Particularly, the menace actor gained “unauthorized entry to cloud backups” that included “system configuration knowledge, API secrets and techniques, third-party integration secrets and techniques, and encrypted and unencrypted LastPass buyer knowledge.” This buyer knowledge consisted of encrypted fields comparable to web site usernames and passwords, safe notes, and form-filled knowledge and unencrypted knowledge comparable to web site URLs.
LastPass has stated that the encrypted knowledge stays safe with 256-bit AES encryption as long as the person’s grasp password makes use of their password greatest practices, comparable to having a 12-character minimal and never reusing the grasp password on different websites. In January 2024, LastPass introduced that the corporate will implement a requirement for all clients to make use of a grasp password with a minimum of 12 characters. Prior to now, a 12-character grasp password was the default setting, however clients nonetheless had the flexibility to decide on a grasp password with fewer characters. It’s the firm’s hope that efforts comparable to these will “create stronger and extra resilient encryption keys for accessing and encrypting [customer] LastPass vault knowledge.”
In Could 2024, LastPass introduced it could separate from earlier dad or mum firm GoTo and can now function as an impartial firm underneath LMI Mum or dad, L.P. The corporate additionally stated it is going to spend money on the institution of a devoted menace intelligence crew, “designed to guard the broader LastPass group by proactively monitoring for, analyzing, and serving to to mitigate potential threats.”
Whereas LastPass continues to implement safety modifications to rebuild public belief, I imagine the danger merely isn’t value taking given the corporate’s historical past of breaches.
Simply final March 2025, it’s been reported {that a} $150 million cryptocurrency cyberheist was probably as a result of dangerous actors using the stolen LastPass vaults in 2022, cracking a person’s grasp password, and subsequently utilizing one of many saved passwords to illegally entry a crypto pockets.
In my opinion, you’re significantly better off utilizing safer password managers like Bitwarden, Dashlane, or Keeper — all three of which have but to be concerned in any kind of knowledge breach or hack.
Is LastPass free?
LastPass has a free model, albeit with restricted options. It provides a vast variety of password storage and comes with one account. In comparison with a premium LastPass subscription, the free tier will solely permit for one system sort. Which means you’ll solely be capable of use LastPass Free on both a pc or a cell system.
Different limitations embody not having LastPass’ One-to-Many password sharing function, no emergency entry capabilities, and the dearth of superior multi-factor authentication choices comparable to YubiKey and fingerprint authentication.
In the event you’re on the lookout for a free model to make use of long-term, I like to recommend attempting out Bitwarden’s free model. It provides the identical limitless variety of password storage as LastPass but in addition permits entry to vaults on a vast variety of person units, in comparison with LastPass’ one-device sort restrict.
LastPass pricing
Like most password managers, LastPass categorizes its pricing into Single Customers & Households and Enterprise clients. Let’s check out the primary group or plans.
| Plan | Free | Premium | Households |
|---|---|---|---|
| Value | Free | $3 per 30 days | $4.00 per 30 days |
| No. of accounts | 1 | 1 | 6 |
| No. of system sorts | 1 (both laptop or telephone) | Limitless | Limitless |
| Notable options |
|
|
|
LastPass’ Premium and Households plans are on par with most of its competitors. Its $3 per 30 days Premium plan falls in the midst of comparable subscriptions from Dashlane ($4.99 per 30 days) and RoboForm ($1.66 per 30 days).
The story is similar for its Households plan, priced at $4.00 per 30 days, protecting six accounts. As of March 2025, it sits in the same value vary with Dashlane’s Buddies and Households plan for $7.49 per 30 days that accommodates 10 customers.
In the event you’re particularly focused on a household plan, Bitwarden’s Households plan at $3.33 per 30 days for six customers is presently one of the best deal. It covers the identical most of six customers at a extra reasonably priced value. It additionally has a great safety status as an open-source password supervisor. To be taught extra, learn our full Bitwarden evaluate.
LastPass’ Enterprise plans encompass LastPass Groups and Enterprise.
| Plan | Groups | Enterprise |
|---|---|---|
| Value | $4.00 per person per 30 days | $7.00 per person per 30 days |
| Variety of customers | 50 customers or much less | Limitless |
| Notable options |
|
|
LastPass’ Groups plan, at $4.00 per person per 30 days, is on the pricier finish. If we evaluate it to 1Password’s Groups Starter Pack, you may cowl 10 customers for $19.95. The identical variety of customers by means of LastPass Groups would quantity to $40 — a giant leap in value. Bitwarden’s Groups Starter plan is analogous, priced at $20 for as much as 10 customers.
LastPass Groups permits as much as 50 customers, which can be helpful to smaller groups with greater than 10 members. Nonetheless, it’s essential to reiterate that you simply received’t get the identical degree of safety with LastPass in comparison with different password managers.
LastPass Enterprise is within the center vary by way of comparable plans to the competitors. LastPass Enterprise, at $7 per person per 30 days, is in between Bitwarden’s Enterprise plan for $6 per person and Dashlane’s $8 per person.
LastPass provides a free 30-day trial for its Premium and Households plan and a 14-day trial for its Groups and Enterprise subscription. In the event you actually need to attempt LastPass, going for one in all these trials is the best choice by way of pricing.
Key options of LastPass
Except for password era, autofill, and multifactor authentication, LastPass features a few attention-grabbing options that make it stand out from the competitors.
Safety Dashboard
LastPass features a password well being function known as Safety Dashboard. It offers you a Safety rating that analyzes person safety, checks you probably have any at-risk passwords, and means that you can handle trusted units.
It additionally encompasses a darkish net monitor that checks whether or not a selected e mail deal with you could have is compromised or is concerned in a knowledge breach at one other firm or service.
I personally like how LastPass bundles each its safety rating and darkish net monitoring into one web page, giving customers quick access to the 2 complementary instruments in a single place.
One-time passwords
LastPass means that you can create a set of non permanent, one-time passwords (OTPs) everytime you need to entry your vault from a public laptop and don’t need to enter your grasp password.
OTPs will be helpful for individuals who regularly journey and don’t carry their very own laptop or system on a regular basis. These permit customers to entry their vaults remotely with out having to fret about keyloggers or malware stealing their grasp passwords each time they use public WiFi.
Nation restriction
One other travel-friendly function is LastPass’ Nation Restriction toggle. This enables customers to solely permit logins from chosen nations, including a layer of safety everytime you’re touring or overseas.
This can be a handy set-and-forget function that vacationers can make the most of to guard their passwords from being illegally accessed by malicious third-parties each time they’re overseas.
Take word that these nation restrictions will be bypassed in the event you use a digital non-public community (VPN), as VPNs could make it seem that you simply’re overseas or location aside from your personal.
LastPass authentication and safety choices
LastPass comes with a powerful variety of multifactor authentication choices. Totally free customers, there’s LastPass MFA, Google Authenticator, Microsoft Authenticator, Toopher, Duo Safety, and Grid.
In the meantime, Premium customers can arrange a YubiKey USB as their second issue, in addition to fingerprint or sensible card authentication. LastPass Enterprise customers additionally get entry to Salesforce authentication.
By way of safety choices, LastPass means that you can set trusted units that allow you to skip MFA. Whereas I personally don’t suggest this due to the danger of publicity, it might be handy to show this on in the event you’re solely accessing your vault from one machine or location. LastPass additionally retains a document of the cell units with entry to your LastPass account and your location historical past.
LastPass interface and efficiency
I used LastPass’ net vault for many of my testing, and I discovered the interface to be pretty intuitive. All the things from my vault to extra superior choices or settings like emergency entry and MFA had been positioned the place I anticipated them to be.
Design-wise, I feel LastPass’ interface seems a bit dated in comparison with the competitors. Dashlane and Keeper, for instance, have extra refined UI’s in comparison with LastPass’ plain interface. I additionally discovered navigating by means of the LastPass interface to be a bit clunky, with some settings taking a bit longer to load in comparison with the competitors.
For efficiency, nevertheless, I encountered zero points with LastPass’ password seize and replay capabilities. Its autofill function was additionally dependable, filling in username and password fields with none hiccups.
I additionally actually preferred how the LastPass vault allows you to launch the actual app related to a given login.
With this, one can theoretically use LastPass as a kind of command middle the place you may launch and signal into your most-used apps and companies simply.
General, whereas I want LastPass had a extra up to date design, it supplied an easy-to-understand person expertise.
SEE: 10 Frequent Cybersecurity Threats and Easy methods to Deal with Them (TechRepublic Premium)
LastPass cell app
The expertise on the LastPass cell app is kind of the identical as its net utility. I used LastPass’ Android counterpart on my Google Pixel 6 for this evaluate, and it inherits the identical intuitive person interface of its net app.
The expertise on the LastPass cell app is kind of the identical as its net utility.
By default, LastPass cell blacks out screenshots inside the app — an underrated safety function that stops dangerous actors from stealing knowledge out of your cell vault. Fingerprint login on the app additionally labored effectively, and I actually preferred the security measures included within the app, comparable to an computerized lock when the app is idle and account restoration through biometrics.
It inherits the identical older-looking design of the online app, however this implies you aren’t lacking a lot in the event you solely plan to make use of the cell app over the online model.
LastPass professionals
- A number of authentication choices.
- Intuitive person interface.
- Helpful one-time password function.
- Nation restriction performance.
LastPass cons
- Has been concerned in two main knowledge breaches.
- Dated interface design.
- Clunky net app expertise.
Is LastPass value it?
No, LastPass’ latest knowledge breaches stop us from contemplating it a worthy password supervisor. That is unlucky, as LastPass provides an honest password administration expertise with its in depth MFA choices and dependable password seize and replay.
Nonetheless, these options don’t imply a factor if LastPass can’t reliably maintain your passwords safe and out of dangerous actors’ arms. At this second, LastPass fails to hit this mark.
By way of options, choices comparable to Bitwarden and 1Password can present the identical password administration expertise with none historical past of information breaches or compromised knowledge.
LastPass alternate options
Given LastPass’ latest safety incidents, I’ve listed three different password managers that haven’t been concerned in breaches and can present extra safety in your knowledge.
| Keeper | Bitwarden | 1Password | |
|---|---|---|---|
| Our score | 4.4 out of 5 | 4.6 out of 5 | 4.3 out of 5 |
| Beginning value (client plan) | $2.92 per 30 days | $0.83 per 30 days | $2.99 per 30 days |
| Beginning value (marketing strategy) |
$2 per person per 30 days; max of 10 customers | $4 per 30 days per person; limitless customers | $2 per 30 days per person; max of 10 customers |
| Standout options | Shared crew folders and subfolders; army and medical reductions | Open supply; common and publicly obtainable third-party audits | Properly-designed interface; distinctive journey mode performance |
| Go to Keeper | Go to Bitwarden | Go to 1Password |
Keeper
For bigger companies, Keeper is a superb choose because it provides personalized bundles and curated pricing for enterprise clients. It additionally has a Enterprise Starter subscription for groups of 10 folks and a Marketing strategy tailor-made in the direction of small-to-medium-sized companies.
To be taught extra, try our full Keeper evaluate.
Bitwarden
If safety is a prime precedence, Bitwarden is among the greatest. It’s open supply, which implies that its supply code will be reviewed, analyzed, and audited by the general public. It additionally runs on a zero-knowledge structure and implements end-to-end encryption for its password storage.
To be taught extra, try our full Bitwarden evaluate.
1Password
For an all-around expertise, 1Password is a secure guess. It comes with an intuitive and modern-looking person interface that’s coupled with high-end encryption in your knowledge. It additionally provides a singular Journey Mode function that may profit customers who commonly go overseas for enterprise journeys.
To be taught extra, try our full 1Password evaluate.
Evaluation methodology
My evaluate of LastPass concerned an in depth evaluation of its security measures, value, and real-world efficiency. I had hands-on expertise with LastPass by means of a 30-day trial of its Premium plan.
To check LastPass, I used its net vault utility and browser extension on my Home windows laptop computer and its cell app on my Google Pixel 6.
I rated LastPass on the whole lot from its password administration options to its pricing primarily based on an inside algorithm to get a score of three.4 out of 5 stars. The scoring was primarily based each on LastPass by itself and in relation to different password managers available in the market.
This text was initially printed in December 2023. It was up to date by Luis Millares in March 2025.
