We first took a look at LastPass in 2016, not long after it was acquired by the much larger SaaS company, LogMeIn. Since then, LastPass has had a bit of a revival, of sorts, working through notable security issues that thankfully never impacted its users.
At the time, we gave LastPass a solid 9 out of 10, downgrading it mostly for its user interface. Three years on, however, the password manager market is even more crowded than itβs ever been, and LastPass has had a few upgrades to match.
Free or paid account? LastPass’ has a free option which is perfectly usable, however for a lowly $3 per month the Premium option is money well spent.
If youβre in the market for a password manager or wondering whether a service like LastPass can add more security to your life in a hacker-friendly internet, weβve got a few insights to offer below.
LastPass review summary
LastPass combines a host of great features with a handful of additional security tools. The latest version overcomes some of its past issues to become a password manager easily worth the already low price. For $3 per month you would be hard pressed to find a better option.
LastPass overview and features
LastPass is one of the lowest-cost password managers on the market. While it has a very functional free option, it also offers its services for a paltry $3 per month (billed at $36 per year). By comparison, competing manager Dashlane costs $40 per year, while 1Password costs $36 per year.
The service can easily be used with most devices, but youβll find its best to use it either in mobile app form or as a plugin for your web browser. Note, however, that since most web browsers already have built-in password managers, you might need to turn off the one your browser uses by default. There likely wonβt be any kind of conflict, but redundant password saving and autofill requests can get annoying. Weβll show you how to do that later on.
LastPass has a large number of features in place, all designed with some type of security angle in mind. In all, LastPass has the following features and options:
- Locally-stored master password
- Two-step verification (2FA)
- AES 256-bit encryption
- PBKDF2 SHA-256 and salted hashes
- Password autofill
- Password editing
- Password generator
- Password strength auditing
- Store and autofill web forms (financial information, addresses, and other types of common web forms)
- Accessible via any browser, browser plugin, or mobile apps
- Secure note taking
- Secure password and note sharing
- SMS account recovery
- Weak or duplicate password alerts
- Automatic duplicate password removal
- Merging with browser-saved passwords
- Restrict login to specified countries
- Digital legacy sharing
- Password or site searching
Thatβs a lot of marks to hit for any service. But when it comes to password managers, the necessary security and functionality measures are absolutely essential to making the program work for consumers or businesses. LastPass probably has more features and advanced settings than most consumers will actually use, but thatβs not a bad thing.
Even more features are available, some of which are locked out if youβre using the free service. Additionally, some unique options exist for those signing up for the companyβs family or business options. Get a full side-by-side comparison here.
Signing up to LastPass
LastPass wins a big thumbs up on the sign-up process. Almost no hassle is involved, and LastPass is very clear about what you get. You donβt need to sign up with a credit card or any other payment information to try it out, however. LastPass offers a very feature-rich free version, which you can download right to your browser from the home page. Indeed, for Windows and Mac, your only option is a browser plugin as LastPass does not offer an app for desktop or laptop-based operating systems.
From there, youβll add the plugin to your web browser and go through the account creation process. That includes setting up your new master password:
And youβre done! The next step to getting started with LastPass is actually using the program, which is where youβll either come to love it or hate it, depending on what youβre looking to get out of a password manager.
READER DEAL:Sign up for the premium package for only $3 per month.
To give you an idea of what most users will experience, weβve reviewed some of the more prominent features just below.
LastPass features review
As shown earlier, LastPass has a large number of features. Most users, however, are likely to restrict their activities to the most basic functions related to password management. That usually includes saving passwords, autofilling passwords into sites, and changing passwords when necessary. LastPass has a lot to offer on this angle, although some issues might give you pause or reason to consider other password management tools.
Adding passwords
Once youβre set up with a LastPass account, you can start adding in passwords. You can do this manually or in bulk. For the manual process, one simple method is to just go to the websites you normally use and log in with your credentials. During that process, LastPass will prompt you to save the password to its vault after a successful login attempt.
As expected, adding passwords is quite easy. Just clicking Add will add the password, username, and website to your password vault. The next time you try to log in to that site, LastPass will automatically fill in those credentials for you. If for some reason LastPass doesnβt autofill, you might see a notification on the plugin icon in the form of a number. Clicking the icon and opening up the plugin menu will show some notifications under Show matching sites:
From there, you can choose the site youβre trying to access. This likely happens because LastPass will save a password for a very specific login page. Meanwhile, some websites have various login pages, depending on where or how youβre trying to log in. LastPass wonβt attempt to generically autofill on any address it finds for the site. Instead, it only autofills the specific web page visited when you first saved your password.
Outside of that, you can add passwords manually from your LastPass Vault. You can access the vault either through the plugin (Open My Vault) or byΒ logging in from the website. From there, youβll add new sites with the associated usernames and passwords by clicking on the plus symbol button on the bottom right of the screen.
Unless youβre giving an exact URL for the login page, you probably wonβt get an autofill using this method, but you will be able to add in the username and password from the drop-down menu LastPass gives in the username/password boxes.
Bulk adding passwords
If you already have a lot of saved passwords from your browser, you can add them in bulk. The process to do this is a bit tedious, however, and far from obvious. In fact, I had to do a web search just to figure out how to bulk add passwords from Google Chrome.
To bulk add, follow these steps:
- First, install the LastPass binary file. To find that, click on browser plugin symbol and then More Options > About LastPass. Youβll find the binary file link there. After you download the binary file, reset your web browser.
- After you have the binary file installed, run the executable file. The executable file is not the best place to do the bulk import. While you can import more than just browser passwords there (such as wifi SSIDs and passwords), itβs a lousy interface.
- Youβll need to sift through which passwords you want to add in, and then use the shift or CTRL keys to select multiple items. Otherwise, youβll have to click on them one by one.
Troublingly, however, LastPass says it will delete those password files from your computer after importing them using the binary file executable. Thatβs not really preferable to me, but if youβre determined to go all-in with LastPass, itβs certainly a more secure option.
The other method of import is to go to your LastPass browser plugin, and then go to More Options > Advanced > Import, then choose your web browser. This option automatically selects the whole set of account passwords for you, so you can more easily deselect passwords you donβt want to be imported. It also wonβt delete the passwords from your system (phew!).
That said, LastPass does have an export feature in case you want to move any saved passwords from LastPass to another service.
Aside from the somewhat tedious import process, LastPass seems to have one of the key elementsβadding passwordsβdown well.
Loading passwords
In most cases, as long as you have a password saved to your LastPass vault, it will attempt to autofill that password for you. As stated, there are occasions when it wonβt autofill, but youβll rarely run into that problem.
Youβll know LastPass is working on a website when you see three dots in a grey box on the right side of the username or password box:
LastPass will automatically insert what it believes is the correct password for the site. If you see a number in subscript next to the ellipses (β…β), this will indicate you have more than one username or password for the site in question. If you do have multiple accounts for a site, you can click on the ellipses and choose which username/password combo to use.
Hereβs where things get interesting. Letβs say youβre signing up to a new website. LastPass wonβt have the ellipses symbol next to the username section, but it will have it next to the password box. Why? Because you can use LastPass to create website passwords for you. To do that, click on the ellipses symbol, then Log in as and Generate password. Then, click on the red Generate and fill button.
LastPass will automatically insert its auto-generated password into the password section. However, you can change the security level of the password LastPass generates, and quite frankly, you probably should. By default, LastPass is set to generate a password thatβs 12 characters long and does not include symbols. This type of password is OK, but not overly strong.
To change the settings, before you hit Generate and fill, select More options.
LastPass provides a good number of options here, such as adjusting your password length, making it easy to read or say, and, importantly, including symbols in the password. Using the password generator, you can create passwords of up to 100 characters long with a mixture of lower and uppercase letters, symbols, and numbers. And given you wonβt need to remember the password yourself (you are using a password manager for that purpose, after all), thereβs almost no reason not to make your password ridiculously difficult to crack.
LastPass should create a strong password with the generator, but itβs good that you can choose to change the strength. Not all password generators have that option. Beyond that, loading passwords from the vault is an easy enough affair, and switching between passwords when multiple accounts exist is simple as well.
And while letting LastPass create your passwords for you during account sign-ups is good and all, it wonβt work on all websites. During testing, I found StackExchange wonβt integrate with LastPassβ generator. It will work on most sites, though.
Security Challenge
LastPass is a good place to test the strength of your current passwords. The Security Challenge feature (available only from the Vault) is a great way to do that. Itβs also a good tool for those who are bulk adding their passwords from a browser-based password manager, as built-in managers donβt commonly do anything beyond just for storing and autofilling your passwords and user IDs.
All you need to do is click on Security Challenge from the left side of the Vault menu. Then, click on Show My Score:
Be forewarned: LastPass is going to be brutally honest about your password strength levels. That includes the strength of your master password:
Looks like I have some work to do! Thankfully, LastPass is more about helping you improve your password security than shaming you for being bad at it. The tools to improve your passwords are right there in the program:
If you want to update your passwords, LastPass can help. Click on either Change Weak Passwords or Change Used Passwords, and then select the site(s) you want to update. LastPass will then walk you through the process of updating your password for that site, which will include logging in from the LastPass interface and going through the password change procedures for that website.
The service runs a script that performs this task for you, so thereβs nothing you need to do. Once itβs complete, itβll let you know your password was changed. And of course, in case youβre curious as to what the new password is, you can check in your Vault.
This can be a somewhat long process, but you can change your passwords in bulk by checking the box next to multiple password and user ID entries for the various sites youβre transferring to LastPass. However, if youβre going to do a lot of sites at once, you might as well walk away from your computer for a while. The script is pretty much going to eat up all of your processing power and itβs likely going to take a while. Especially if youβre like me and have over 200 different website accounts (donβt judge me).
Form fills
Passwords are one thing, but LastPass is also designed to autofill most common forms youβll come across on the web. In all, LastPass can autofill forms for personal information, financial information (credit card numbers, bank account information, etc.), and contact info. You can also add unique forms that are not built into the program, although thatβs more of a higher-level feature most consumers wonβt use.
The real question is whether youβre willing to hand over this kind of information to LastPass. If you already have that info saved in your web browser, giving it over to LastPass isnβt going to increase your security risk by much more. The only risk is in someone breaking into LastPass, which thus far hasnβt happened on their end since the company has never had a data breach. According to LastPass, theyβve βimplemented AES-256 bit encryption with PBKDF2 SHA-256 and salted hashes to ensure complete security in the cloud.β
However, if you have a weak LastPass account password and donβt set up two-factor authentication to gain access, you might be in trouble. LastPass can ultimately protect your passwords, but only insofar as youβve made access to your password vault difficult.
For something as commonplace as name and address information, there should be no real qualms here. LastPass works just the same as with your passwords when it autofills forms.
Other features: shared folders, secure notes, advanced settings
If you really do need to get more out of your password manager, LastPass does have some good additional options. A paid account comes with 1GB of storage space, making it a decent location to store and share a limited number important of files.
You can use the Sharing Center to share files with other accounts, but this is a feature only available as part of the Family plan. Anyone can use Secure Notes, however, which can be used to hold secure information you canβt really remember yourself (such as wifi passwords). Whatβs more, you can share your notes with others, although they will need a LastPass account to accept the share.
Beyond that, thereβs a wealth of little ways you can manipulate LastPass in the advanced settings, available only from the Vault. For example, you can better secure your account using two-factor authentication. LastPass integrates with all of the following multifactor authenticators:
- LastPass Authenticator
- Google Authenticator
- Toopher
- Duo
- Transakt
- Grid
- YubiKey
- Fingerprint / Smart Card
- Sesame
- Salesforce Authenticator
You can also make other interesting security adjustments, like disallow logins from Tor networks, set other devices running LastPass to log off automatically when you log in to a new device, and even let LastPass know when some URLs have the same login information (a good way to autofill websites with multiple login pages).
Should you use LastPass?
LastPass is a strong contender if youβre looking to have a more secure password management option than your built-in browser manager. That said, it might be worth exploring some of the other options out there before making a decision.
Nevertheless, LastPass has an almost ludicrous amount to offer. The password tools are strong and secure. And while the bulk import for other passwords is can be a bit annoying, it doesnβt take more than a few minutes when done correctly, and youβll likely only have to do it once.
The primary reason we marked LastPass down in our previous review was because of its lousy user interface. The company has since upgraded it with a rather attractive, modern aesthetic, which you may not even use that often if youβre using LastPass for its primary functions. The company used to give the option to revert to the 3.0 version, but that’s no longer available. If you don’t like the newer interface, you’re pretty much stuck with it now.
Additionally, LastPass is also available as a mobile application, which unlocks a few additional benefits. With the mobile app version, you can also save and autofill passwords for your all of your mobile apps. And since the passwords are stored securely in the cloud, youβll have access to all of your website passwords through the mobile app version as well.
LastPass is a fairly powerful and thankfully modern security tool. Given itβs also one of the cheapest options among its competitors, with even the free option providing more than enough features for the average user, LastPass is password manager worth giving a shot.
LastPass and password managers
Password managers are a growing trend, and LastPass is one among many services now offering password protection and storage. These programs are designed to help consumers better organize their growing number of passwords, as well as help secure those passwords in a manner befitting the internet age.
The broad questions regarding both LastPass and password managers, in general, are going to be, βdo I need this?β and βdoes it work as intended?β While we took a more detailed look into LastPass above, we can more easily address the overall need for password managers from a broader perspective.
Most internet users already employ a password manager; they just might not realize it. If youβre an Apple user, the company utilizes its own password manager for your Apple devices in the form of Keychain. If youβve saved passwords to Keychain (you probably have), you can log into your accounts across your devices quickly and easily. Keychain was actually a project Apple initially conceived of in the 90s and began to fully flesh out and utilize in its desktop, laptop, and mobile operating systems in the early 2000s.
If youβre a Microsoft or Android user, youβve probably still dipped your hands into the password manager waters as well. Most web browsers now come with built-in password management systems, notably Chrome and Firefox. For Android users, password management is connected to your Google account, so youβre likely already able to access your saved passwords on your Android mobile devices and Chrome browser seamlessly.
Yes, you need a password manager
Do you need a password manager? Unequivocally, yes. In a 2016 poll, Intel Security found people have, on average, 27 different password-protected accounts. The survey also found that most people not only donβt use dedicated password managers (probably not the case if you count built-in browser managers)Β but that 37 percent of surveyed adults forget at least one password per week.
Iβll easily admit to being one of those 37 percent, even with my password managers in place. But forgetting passwords is less of a concern than the security risk associated with having so many accounts in the first place. Unfortunately, most people utilize the same, or a small number of passwords across all of their accounts. This is fundamentally dangerous, given just how many of us are losing our passwords in data breaches these days. And if a hacker gets a hold of that one password youβve been using for the past 5 years for all of your accounts, heβll have access to all of your accounts. I probably donβt need to explain why thatβs a problem.
So password managers like LastPass and its many competitors exist to not only reduce the number of passwords you need to remember but also to help you mix it up a bit on the variety and strength of those passwords. As long as you donβt have to remember 27+ passwords by yourself, you can easily have a different password for everything. And since writing down all of your passwords on sticky notes is a bad idea (just ask the Hawaii emergency alert worker who took a fall for that gaff following the accidental missile strike warning), you need a password manager for your security and to make your life easier.
All LastPass reviews
All Star LastPass reviews
All LastPass positive reviews
All LastPass critical reviews
All related LastPass reviews
See all reviewsAfter using LastPass for years, I have decided to move on to another password manager. Can’t log in to my account using the FireFox extension. Get an unknown error message every time I try to log in. There is no support from FireFox or LastPass for this problem.
Sorry to see what used to be a great program fall to this level…..just my opinion…
LastPass now has ability to set time out on device to prevent losing control of open browser access.
“The company even gives you the option to revert back to the boring 3.0 interface if you so choose.
I can’t find V3 anywhere. Please advise.
Excellent review. I recently canceled my subscription to another password manager as the instructions were lacking and I was left floundering. Your review seems to provide everything important to know about this password manager, which will be a most helpful resource if I decide to go with LastPass.
Hard to believe that a business whose DNA is security, has a major flaw in that if you forget to log out on any facility be it desktop, ipad or iphone a click on the icon will open the vault even days later. Why would there not be a time-out after a certain time that requires you to sign back in. Scary stuff! Two emails to LastPass have gone unanswered. Go figure.
Absolutely gutted! I was forced to change my unique PW as I’d used the same somewhere else. Did that but somehow did not write the new one down correctly. Yes, we still have to do that as it is impossible to remember them all and defeats the main object of this.
Now Last pass says I tried too many time so I am locked out. On top of that their LOST PASSWORD function would not let me have a one-time PW and said sorry.
There is no way to contact them either.
So it’s a big FAIL for me.
LastPass v4 GUI may be more attractive to some – not me – and itβs far less functional on Window 10 because I can only get half as much on the screen as in version 3. Could go on by It has degraded in my opinion.