LastPass password manager review

There are a couple of unfortunate hiccups when it comes to pricing for password managers. The first is that they tend to charge in US dollars. And the other is that prices are displayed in terms of monthly costs but charged annually. LastPass bucks the trend by charging in Australian dollars but still unfortunately succumbs to the annual-charging zeitgeist.

The ickier part of that is, just like 1Password, LastPass doesn’t offer a money-back guarantee, meaning you’re up for the cost of a full year whether you like it or not. Still, LastPass does have a viable free version which, while not as fully featured as it used to be, is a good place to test its password-managing waters. If you do end up paying, it’s $54 a year for individual users with LastPass Premium or $72 a year or up to six users on the LastPass Families subscription.

LastPass rolled out a well-time update just before I started this review, which addressed one of my biggest gripes. Password managers are at their best where they’re most useful: for website credentials. This means LastPass and other password managers tend to be most useful as Chrome browser extensions (or whatever other browser you use). While this is where LastPass excels, it also used to offer its one-click credentials prompt beneath the eye icon that shows your password.

That’s not the case after the most recent update, which means no games of trying to find the pixel around the eye icon that lets you actually get to LastPass. Nor is there any need to give up entirely and use multiple clicks via the browser extension. Google Chrome is the most popular browser in the world, and I’ve been using the LastPass Chrome extension for years.

Like all password managers, all of your precious credentials are hidden behind a single master password. Instead of having to remember one password, you just remember one. I tend to use LastPass reactively for sites that need credentials, rarely opting to manually search in the odd instances when a credentials recommendation is off or for a non-browser login portal.

Whenever I create a new account somewhere in Chrome, LastPass pops up for a single-click way to add that password to my vault. Better still, a right-click anywhere in Chrome opens the LastPass password generator for secure password creation with easy-to-tweak parameters. Most of the time you won’t have to change a thing and can copy/paste the secure password to your new account. If that doesn’t work, there are straightforward solutions to extend the password length or add/remove in uppercase, lowercase, numbers and symbols.

I’m so reliant on LastPass autofill these days that I dread going back to the dark days of doing life without a password manager (even if Google Password Manager is free). Everything syncs between the LastPass Chrome extension and the Android app, the latter of which is made better by either using a PIN or biometrics to avoid the frustration of typing in your LastPass master password every time you want to use it.

Password sharing is incredibly straightforward, as is using secure document storage or the digital wallet functionality. I also appreciate the occasional emails I get from LastPass letting me know when there’s been a breach related to one of my logins, as well as the Security Dashboard for an overall security score and simple access to updating potentially compromised credentials.

Let’s start with the good stuff. LastPass ticks all of the security boxes when it comes to encryption and authentication. It can also be used as a replacement authenticator, works with hardware keys and has phishing protection. That’s all great news, but all of that is also true of 1Password, Dashlane and, except for the active phishing protection, Bitwarden.

Then there’s the bad news. LastPass had a data leak in late 2022 that involved customer data, including sensitive vault information. According to LastPass, even though this vault information was stolen, it can’t be accessed without any affected users’ master password. If your LastPass data was caught up in this data leak, there is a chance the master password can be ‘brute force’ cracked, but that’s less likely if you have a long and secure password that uses a mix of capital letters, lower-case letters, numbers and symbols.

Data breaches are an unfortunate reality of the connected world we live in, and LastPass has taken appropriate steps to mitigate the likelihood of a breach in the future. Still, as a long-term LastPass customer, it leaves an icky feeling that I can’t get past, and I’ve already migrated to Dashlane. New customers can be heartened that such a breach will lead to stricter security measures for LastPass—and, hopefully, all other password manager services respect the indirect shot across the bow—but I’ll be following the advice to shift to a competitor.

LastPass is available on Windows, Mac, Linux and mobile devices via browser extensions, desktop software and mobile apps. The free and premium subscriptions are available for one user, but LastPass Families is available for up to six users per account. Here’s a list of the LastPass supported platforms:

• Windows 8.1 or later
• Two most recent major MacOS versions (64-bit)
• Linux
• Chrome OS
• Google Chrome (two most recent versions)
• Mozilla Firefox (two most recent versions)
• Microsoft Edge (two most recent versions)
• Safari (two most recent versions)
• Opera (two most recent versions)
• Android OS 9 (or newer)
• iOS 14 (or newer); iOS 15 or newer for LastPass Authenticator app