By: Gunnar KallstromHead of information systems and cybersecurity research
LastPass and KeePass are among the best password managers. Comparable in price, features, and compatibility, these services are ultimately designed for different types of users. If you are tech-savvy, looking for a free password manager, and don’t mind navigating tech talk and fumbling around a bit, KeePass is a great option.
LastPass is more intuitive and rich in plug-and-play features. It has a couple of security dings, but the company’s transparency builds trust, and it has a long-sustaining track record. I found LastPass easier to implement without any hassle.
Which password manager should you get? Let this KeePass vs. LastPass face-off help you decide.
| Review factor | Winner |
|---|---|
| Pricing | KeePass (5.0) |
| Platform compatibility | LastPass (5.0) |
| User experience (UX) | LastPass (5.0) |
| Form filling | LastPass (4.5) |
| Security | KeePass (5.0) |
| Two-factor authentication (2FA) | LastPass (4.8) |
| Best overall | LastPass (4.4) |
Our bottom line: LastPass has the edge on platform compatibility, UX, form filling, and 2FA, but KeePass wins in pricing and security. The decision depends on your desire to tinker with technology since KeePass is open source and always a work in progress.
| Password manager | Details | Basic plan features |
|---|---|---|
| KeePass Overall rating: 3.6 Read our full KeePass review. | Starting price: Free Platform compatibility: Windows, Linux Security: AES 256-bit encryption, ChaCha20, Twofish, and 2FA |
|
| LastPass Overall rating: 4.4/5 Read our full LastPass review. | Starting price: Free Platform compatibility: ChromeOS, Firefox, Opera, Safari, Edge, iOS, Android, Windows PC, MacOS, Linux Security: AES 256-bit encryption, 2FA |
|
Price winner: KeePass | |
|---|---|
| KeePass (5/5) | Always free, open source |
| LastPass (4.5/5) | Free forever plan; $36 per year for premium; $48 per year for up to six people |
KeePass is open source, meaning the code is designed to be accessed by the public. Anyone can use, view, modify, and distribute it — and this has pros and cons.
A real benefit is in pricing. KeePass is always free, unlike most best password managers that offer no-cost, basic plans or free trials. If you aren’t afraid of a do-it-yourself (DIY) project, then KeePass is a solid pick as a password manager.
It may not be one of the best password managers, but it is the most favorably priced. You can donate to reward the developer, Dominik Reichl, for keeping the software up to date. And not only is KeePass among the best cheap password managers of 2023 — it’s free.
LastPass offers a free tier, but unfortunately, it isn’t the deal it used to be, as the plan is now limited to syncing data only among computers or mobile devices. You can only use the free version on one device, though it’s for as long as you like.
I like that you get a 30-day Premium trial. But if you’re only working with the free version, you can still get a feel for how this password generator works with features like unlimited passwords, save and autofill, one-to-one sharing, and a password generator function.
Winner: KeePass wins because it is always and only free.
Platform compatibility winner: LastPass | |
|---|---|
| KeePass (3/5) | OS: Windows, Linux Supported browsers: Chrome, Firefox, Safari, Edge, and Opera (with plug-in) |
| LastPass (5/5) | OS: ChromeOS, iOS, Android, Windows PC, MacOS, Linux Supported browsers: Chrome, Firefox, Opera, Safari, Edge |
A downside to KeePass is its limited operating system (OS) compatibility; it can only be used on Windows or Linux. As for browsers, you can use KeePass on Chrome, Firefox, Safari, Edge, and Opera (with a plug-in).
Because KeePass is an open-source project, don’t expect it to roll out additional releases for other platforms. That said, a pro is that others using KeePass have ported it to different platforms, and you can find links to download those ports on the developer’s download page. Those include Android, iOS, and macOS.
LastPass supports major OSes, beating out KeePass. LastPass is compatible with ChromeOS, iOS, Android, Windows PC, MacOS, and Linux. It also works on the major browsers most of us use. You don’t have to tinker or download a port to access LastPass on the OS of your choice like you might with KeePass.
LastPass recommends running Windows 8.1 and above, Catalina 10.15 (for macOS), Chrome OS, or one of the most common distributions of Linux. Supported browsers include Chrome, Edge, Firefox, Safari, and Opera.
There are two types of LastPass browser extensions; you can find the first in your browser’s extensions library. Brave and Vivaldi can use this Chrome extension and SeaMonkey the Firefox one. On mobile, LastPass is available for iOS 13 and up.
Full support with automatic form-filling requires Android 8.0 Oreo or later. Still, the app will run on Android 5.0 Lollipop and later.
Winner: LastPass wins for compatibility because of its range of OSes and browser platforms that suit almost everyone.
UX winner: LastPass | |
|---|---|
| KeePass (3/5) | Not pretty but gets the job done |
| LastPass (5/5) | A simple, minimalist browser extension is easy to navigate |
KeePass is not a sleek, modern platform — and as an open-source project, it has quirks that either motivate you to navigate and play around with it, or walk away. There’s no hand-holding with KeePass, and I would not call it intuitive.
But it does get the job done and functions well. I imported my passwords from a CSV file and referred to the helpful FAQ section whenever I encountered hiccups.
The support will not walk you through how to use KeePass like many other paid-subscription password managers. But it’s not tough to figure out. However, if you are tech-illiterate, taking extra steps to “figure it out” is probably a real deal-breaker.
On the LastPass side, the desktop app has six primary and five secondary sections, making it a bit more like the web experience. While the macOS version is fairly robust, the Windows desktop app is no longer being developed and has some significant limitations.
In my experience, the pairing of the LastPass browser extension with the web app is almost all you’ll ever need.
Importing passwords from other stand-alone and browser-based password managers is a breeze in LastPass, which supports imports from nearly 30 different platforms. Meanwhile, 1Password imports passwords directly from only a few other password managers, including LastPass and Dashlane.
Winner: LastPass wins UX for its clean design and easy-to-navigate tools.
Form filling winner: LastPass | |
|---|---|
| KeePass (3/5) | Auto Type tool |
| LastPass (4.5/5) | macOS: Mobile browsers and apps (latest iOS version) Android: Mobile browsers and apps |
KeePass does not technically offer form filling, but you can use the Auto Type tool that works similarly. I thought it was a little tricky to set up and use. Most password managers prompt you when they detect a text field or form. This is not the case with KeePass.
But if you like the idea of modifying when keystrokes trigger a password, it allows you to customize with Auto Type and even set it up to perform functions aside from web browsing. Again, it all goes back to the desire to tinker.
If you like to tinker, KeePass is a solid choice as a free password manager. I found the lack of typical form-filling to be a pain.
LastPass’s form-filling function on mobile devices works via a Safari browser extension for iOS 8 and above and as a built-in app feature for Android 8.0 Oreo or later. LastPass offers the form-filling capabilities I expect from a password manager, including logins, addresses, and credit card information on desktop and mobile devices.
Winner: LastPass wins form-filling because of its ease of use and compatibility on a range of operating systems and browsers.
Security winner: KeePass | |
|---|---|
| KeePass (5/5) |
|
| LastPass (3/5) |
|
Most password managers use powerful 256-bit AES encryption, but KeePass takes it to the next level with its 256-bit ChaCha20 encryption and Twofish algorithm. The Twofish security means the same key encrypts and decrypts data, and once the key is “turned,” it morphs the information into ciphertext that cannot be read without decoding. It’s supposed to be safe from trial-and-error attacks.
KeePass was one of the first password managers to include secure edit controls to protect entered passwords against memory dumping attacks. KeePass memory can’t even “see” the passwords. That said, the feature must be turned on. If you show passwords in plaintext, secure edit controls are disabled.
LastPass paying users utilize the Security Dashboard, which analyzes all your stored passwords for weaknesses and whether any have been compromised in data breaches. The provider offers dark web monitoring, and it did a nice job of identifying my weak passwords and giving helpful suggestions.
As I’d expect from a password manager, LastPass uses AES-256 bit encryption. It also implements PBKDF2 SHA-256 and salted hashes to secure cloud data. I created a strong master password that locally generates a unique encryption key. As with zero-knowledge architecture, not even LastPass knows my master password. The same is true with KeePass.
But the downside is that it experienced two recent security breaches. LastPass is transparent about the incidents, providing this security breach statement that states the company completed a thorough investigation and has not identified any threat-actor activity since October 26, 2022.
Also, LastPass invested time and effort to harden and improve overall security operations. The company shared that the threat was from third parties and did not originate in-house. While I wouldn’t discount LastPass’s secure environment because of these incidents, if we are comparing it to KeePass for security, the latter has a more rigid architecture.
Winner: KeePass wins security for its ChaCha20 encryption that goes above and beyond the industry standard AES-256 bit encryption.
2FA winner: LastPass | |
|---|---|
| KeePass (3/5) |
|
| LastPass (4.8/5) |
|
You can add an OTP generator to sensitive accounts by enabling KeePass’s 2FA security option — this is pretty standard. I received a text or email with a confirmation code before accessing my account. It’s not intuitive to enable, but it’s an important feature I didn’t have to pay for with my always-free subscription.
LastPass’s free plan works with authenticator apps, including LastPass Authenticator, Google Authenticator, Microsoft Authenticator, Duo Security, and Transakt. Those with a LastPass premium subscription can also use hardware authenticators such as Yubico’s YubiKey, a fingerprint sensor or a smart-card reader.
Also, the platform offers an MFA feature called Grid, a chart you can print out to generate security codes manually.
Winner: LastPass wins 2FA because even the free plan works with various authenticator apps, and the process is intuitive.
Bottom line winner: LastPass | |
|---|---|
| KeePass (3.6/5) |
Best for: If you are tech-savvy and want a free tool |
| LastPass (4.4/5) |
Best for: Flexibility with no time limit on the free plan, rewards to save on cost, and ease of use |
If you consider yourself tech savvy and don’t mind working your way around a platform, KeePass is a secure, totally free password manager. It is open source, meaning anyone can access the code, change it, and update it.
You might wonder if this makes KeePass secure. The company considers it a security policy against accusations of including back doors in the software. And KeePass wins in security vs. LastPass for its extra layer of encryption with ChaCha20. (Plus, LastPass has experienced some breaches.)
KeePass has been around since 2003, while LastPass started in 2008. So relatively speaking, both have longevity in the password manager market.
Even if you want a free password manager, I’d hesitate to recommend KeePass unless you are technically capable or at least interested in tinkering and learning. If you are, KeePass definitely has capabilities. But it’s not turn-key, intuitive, or easy to navigate. From a UX perspective, don’t expect a modern, sleek design.
LastPass checks all the boxes in the UX, compatibility, 2FA, and form-filling categories. Its pricing is comparable to other password managers, and the forever free plan is limited to one device with basic features only.
The most robust and cost-effective plan is premium, and its security dashboard includes dark web monitoring with paid plans, a tool other password managers do not offer. LastPass stands out because of its functionality and ease of use. While it experienced security breaches, its transparency in addressing those concerns builds trust.
On the surface, all password managers essentially generate and store passwords. As I evaluated providers, I dug deeper, comparing software on what matters most, including price, platform compatibility, security, and other factors.
I signed up for a plan with each provider to test:
Learn more about our review methodology.
About the Password Manager, Gunnar Kallstrom:
Kallstrom is a Cyber Team Lead for a Department of Defense (DOD) contracting company in Huntsville, Alabama, and has also worked as a computer network defense (CND) Cyber Analyst. An author and content creator for a cybersecurity academy, Kallstrom spent nearly 15 years in the Army as a musician before entering the cybersecurity field.
He holds a bachelor’s degree in music from Thomas Edison State University and a master’s in organizational development and leadership from the University of the Incarnate Word.
Kallstrom has completed several Computing Technology Industry Association (CompTIA) courses, including Security+, Network+, A+ Core 1, and A+ Core 2. He earned a CompTIA Security+ Certification. Additionally, he has completed the Cyber Warrior Academy program with more than 800 hours of hands-on, intensive, and lab-driven technical training in cybersecurity methods and procedures.
Passionate about all things cyber, Kallstrom was a speaker on a panel at the 2022 InfoSec World conference, giving a talk entitled “Hacking into a Cyber Career – True Stories.” Kallstrom is also a mentor to entry-level cybersecurity candidates seeking to break into the field. When he’s not working, he still enjoys playing guitar and fishing (not phishing).
