LastPass has long enjoyed a solid reputation as one of the top names in password management. With a long track record in the digital marketplace and almost 18 million users, LastPass is known for providing a highly functional free edition for individual use and flexible, scalable solutions for teams, ideal for family and business use. The company was acquired by the NASDAQ-listed LogMeIn, Inc., in 2015, with annual revenue in excess of $1 billion, providing a certain reassurance in the weight of its infrastructure; this isn’t a password management solution backed by only a small company and a few employees. In this review, we’ll be examining LastPass’ current performance and determining whether it still measures up against the competition.
Pros & Cons of LastPass
|Impressive free features||Costly compared to the competition|
|Solid (if somewhat dated) user interface||Drastic increase in glitches on the app in recent years|
|Automatically syncs between all devices||Poor customer support|
|Strong security and encryption framework||Data stored in United States, could potentially be compelled to disclose user data|
|Has conducted a third-party audit of internal processes|
Key Features of LastPass
We surveyed the five most significant features of a password manager: security and encryption, app compatibility, usability, password sharing and price. We provide a breakdown of LastPass’ performance in each of these areas below.
Security and Encryption
One of the most important features of a password management provider is a strong security policy. Advanced threat detection and encryption are the key to keeping your passwords and credentials safe.
LastPass performs strongly on this metric, using 256-bit AES encryption to provide end-to-end data protection, with the added feature of Transport Layer Security to guard against in-transit attacks. LastPass doesn’t store your master passwords or authentication keys locally or on its servers, making it impossible for anyone including the company itself to remotely access your data. LastPass provides transparent protocols for incident response and gets the community involved with checking for bugs and software weaknesses through its bug bounty program. It also provides for multifactor authentication.
LastPass has hosted a third-party audit of its security infrastructure, carried out by Tevora Business Solutions. The audit verified at the time that LastPass’ internal controls met the American Institute of Certified Public Accountants’ Trust Service Protocols. While the audit provided a solid recommendation for LastPass, it was done in 2018, and there hasn’t been another third-party audit on record since. The frequency of this kind of measure could definitely be improved.
LastPass does collect various forms of user data such as the device type, operating system, location IP address, unique device identifiers, language settings and diagnostic data from users connecting to the service. Since LastPass is based in a Five Eyes surveillance territory, the company can be compelled to turn over such data to various U.S. agencies in compliance with U.S. laws, which isn’t an unusual condition for services in this situation. There is also a potential vulnerability in that LastPass doesn’t presently encrypt URLs stored when interacting with the software like it does the rest of your data. These potential problems can only be exploited by someone who can access your vault data, however, so they represent a relatively low risk overall.
Something that also needs weighing is that LastPass has experienced multiple security incidents since 2015. However, two of those breaches were by white-hat hackers who reported the vulnerabilities and ultimately helped to strengthen security, and in none of them was vault data compromised. While it is true that a password manager with the popularity and user base of LastPass is likely to attract more breaching attempts, LastPass has been aggressive in its approach to remedying the problems that led to these incidents. In the end, it’s up to each user to evaluate whether they feel safe with the platform given these realities.
LastPass is compatible with the most recent versions of the most popular web browsers. Its desktop app is compatible with both macOS and Windows. The only potential gap in compatibility is that while LastPass can be run in virtual environments, it isn’t presently supported for use in such environments, so customer support wouldn’t be available. This, however, is unlikely to be a sticking point for most average or even advanced users. Otherwise, you can expect it to work on most devices and in most operating environments and to run smoothly in all of them.
|LastPass App Compatibility|
|Other||Lollipop browser for Android; Windows RT; Windows Phone|
Usability and Ease of Use
LastPass is particularly powerful and flexible in web browser extension form and provides seamless password management through its browser extensions for major platforms. Its single sign-on technology is especially convenient, auto-filling passwords and other credentials at known sites once the user enters their master password. LastPass makes it easy to import passwords from other browsers and password managers and sports a convenient auto-change feature that makes updating large numbers of passwords a single-click affair.
The desktop app provides a convenient hub for the management of your account settings and data. Downloading is simple on any platform, and LastPass provides biometric login options for your convenience. Logging in is as simple as providing your biometric information or your master password.
The LastPass user interface is easy to navigate, making it intuitive for users to organize their information by sorting different kinds of data into different menu options. Working and syncing across multiple devices and browsers is seamless, with little or no lag when syncing data. Its rich feature set offers powerful password generation, emergency access via SMS codes (if you specifically activate this feature) and emailed recovery passwords and one-touch login. The LastPass Security Challenge is a useful feature that audits the strength of your passwords and alerts you to potentially weak password choices.
A major drawback to all of the above for LastPass, however, has become that, while LastPass’ functionality looks great in theory, more and more glitches in using the app and getting its automated features to work properly have been reported by users in recent years. Moreover, the company’s customer support — which operates by email only — is attracting a reputation for slow response times and ineffectiveness. These developments put a major asterisk beside LastPass’ claims to usability; software that’s only usable when everything is going right but that isn’t capably supported when something goes wrong can be a serious problem.
One area where LastPass provides a particularly notable amount of streamlining and ease-of-use is in password sharing. The Sharing Center allows free users to accept and view shared folders and provides folder creation and editing access for premium users, all laid out in an easy-to-follow format. The user interface for password and folder sharing is similar enough to Google Drive’s filtering criteria that most users should be able to recognize the design principles and basic functions at work. On the whole, LastPass’ password sharing features are both secure and elegant, eliminating guesswork from the process and saving time.
LastPass’ free version is available only for individual users. It supports syncing on unlimited devices along with multifactor authentication, secure notes and form fills and, in general, provides an extraordinary amount of functionality for free software, rivaling other well-known free password management options like Bitwarden.
At the Premium level of service, enhanced sharing and multifactor authentication tools become available. The Family service package provides per-user saving with six licenses, full Premium features and a family dashboard with group sharing for $4 a month in total. The Premium price has increased fairly sharply in recent years; users will have to determine whether the rising expense is being justified by added features or improved performance.
The robust sharing tools, integrations and reporting at the Teams, Enterprise and Identity service tiers, combined with LastPass’ capacity to scale up to meet the needs of almost any size of business, are generally worth the added expense. At the Enterprise and Identity levels of service in particular, LastPass certainly isn’t a cheap solution, but the security benefits it offers are undeniable. At the Enterprise tier and above, for example, businesses can access hundreds of pre-integrated single sign-on apps, and at the Identity tier they can make use of adaptive and biometric multifactor authentication designed for business environments.
|LastPass Plans & Pricing|
|Free version?||Yes (plus 30-day premium free trial)|
|Individual||$3 per user / month|
|Family||$4 / month|
|Teams||$4 per user / month|
|Enterprise||$6 per user / month|
|Identity||$8 per user / month|
How LastPass Works
LastPass has stayed reasonably current in its offerings for user convenience, ease of setup and advanced, highly secure approaches to data protection and password sharing. The table below summarizes how LastPass handles some of the most common password management tasks.
|Functionality||How LastPass Works|
|Setting up the vault||Import data from browsers and other password managers; accounts added upon log in|
|Logging into accounts||Login information filled in on page load; select account from a list|
|Creating passwords||Use password generator when creating passwords; audit password strength using LastPass Security Challenge|
|Changing passwords||“Auto Change Password” automation feature or use password generator when on change password screen|
|Sharing logins||Family, Team, and Enterprise have robust shared folder features; all plans can share with individual users outside your team|
|Recovering account||Password hint, SMS codes (can be disabled), one-time emailed recovery passwords (tied to machine and browser)|
|Advanced security features||Two-factor authentication, security check, emergency access, restrict to countries|
What Customers Are Saying
LastPass’ ease of use and customer support still earn praise from many users, one of whom says: “I like LastPass [for its] user interface and how [it] functions . . . the LastPass UI and UX are as good as it gets in this genre of software. [LastPass’ UI is] very clean and easy to use and its functionality far exceeds most of the other top entrants in this category . . . I’ve received nothing but top notch and fast responses from LastPass . . . Most email ticket responses arrived in less than 16 hours (including some on weekends) and the longest time I waited for a reply was 21 hours.” Another user praises its stability across multiple devices: “I’ve been using it for years. It works for me across multiple devices (MAC, PC, iOS, etc.) without any major issues. Yes, it has annoying quirks. None are fatal in my opinion.”
On the other hand, it’s impossible to avoid the increasing numbers of users who report frustration with bugs and poor customer service using LastPass, especially over the last couple of years. One of these sums up the experience, saying, “Works great until it doesn’t. I have paid for a Family account for a number of years and it worked great. Then inexplicably it started losing full credentials . . . I’ve spent several weeks working with LastPass support, never getting anywhere until today.”
LastPass has a sound approach to security and encryption and promises solid functionality at every tier of service, with an advanced features list that’s still competitive with the industry’s best, especially in the free version. It still has many loyal users based on that free offering’s well-rounded performance in particular, and it still enjoys the reputation benefits of a strong long-term track record for best-in-class performance. However, the pronounced recent upswing in customer reports of software glitches and poor tech support experiences will clearly need addressing if LastPass hopes to retain its leading position in the marketplace. For now, the positives still seem to outweigh the negatives, but users will have to review their specific needs and make their own judgments about whether these potential signs of overreach make a less compelling case for LastPass.