LastPass is a popular password manager that has over 33 million users worldwide. In 2022, however, LastPass came under fire due to a data breach where encrypted passwords and other user data got leaked. Despite this breach, LastPass claims stolen data is still encrypted and, therefore, safe. So, we conducted a thorough LastPass review to test it for safety, privacy, and usability.
LastPass: Short Review
What We Like
- Useful browser extension and app
- Offers subscriptions for families and companies
- Free version available
- Password-sharing feature
- Import and export passwords easily
- Unlimited amount of passwords (also on free plan!)
- Emergency access possible on paid plan
- 1GB encrypted data storage on paid plan
What We Don't Like
- Serious data breach in November 2022
- The free version is only available on one device type (desktop or mobile)
LassPass offers a password manager for families, companies, and individual users. You can save all your passwords and items in an encrypted vault (256-bit encryption) that you can access with your master password.
When visiting websites, LastPass can auto-fill your passwords, saving you time and effort. Like many other password managers, LastPass also offers a password generator and dark web monitoring. For extra security, you can use the LastPass authenticator for two-factor authentication (2FA).
The password manager is easy to install and use. In terms of usability, we’re definitely impressed! The free version also offers lots of useful features and works well.
However, in terms of privacy and safety, LastPass is not as reliable as other password managers. The recent data leak proves that the password manager has ground to gain when it comes to ensuring the protection of its users’ private data.
For this reason, based on our LastPass review, we gave the password manager an overall score of 6.5/10.
Want to see for yourself what this password manager is about? You can try the Premium version for 30 days without having to submit any payment details—always a plus!
LastPass Specifications
To give you an overview of the LastPass plans and features, we’ve compiled the most important characteristics of each plan in the table below. In this LastPass review, we primarily focus on the free version of LastPass, as well as its Premium and Families plans.
| Specification | LastPass Free | LastPass Premium | LastPass Families |
|---|---|---|---|
| Download link | LastPass Free | LastPass Premium | LastPass Families |
| Price | $0.00/month | $3.00/month | $4.00/month |
| Encryption | AES 256-bit/PBKDF2-SHA256 | AES 256-bit/PBKDF2-SHA256 | AES 256-bit/PBKDF2-SHA256 |
| Zero-knowledge policy | ✔ | ✔ | ✔ |
| Password generator | ✔ | ✔ | ✔ |
| Number of devices | 1 | unlimited | unlimited |
| Unlimited passwords | ✔ | ✔ | ✔ |
| Emergency access | ✖ | ✔ | ✔ |
| Passport sharing | ✔ (one other person) | ✔ | ✔ |
| Multi-factor authentication | ✔ | ✔ | ✔ |
| Synchronization between devices | ✔ | ✔ | ✔ |
| Password health checker | ✔ | ✔ | ✔ |
| VPN | ✖ | ✖ | ✖ |
| Data breach notification | ✖ | ✔ | ✔ |
| Browser extension | ✔ | ✔ | ✔ |
Each of the features mentioned will be discussed in more detail below.
Safety: Is LastPass Safe to Use?
LastPass offers some good security features, but the recent LastPass data breach is concerning. Security is a key aspect of any password manager. You want to be sure that your login credentials are encrypted properly and won’t be visible to anyone. For this reason, we pay extra attention to a password manager’s safety and security features.
Unfortunately, based on our LastPass review, we gave the password manager a score of 5.5/10 on this front. Here are our main findings:
- LastPass uses AES-256 encryption.
- Thanks to LastPass’s zero-knowledge policy, you can only access passwords with the master password.
- LastPass offers multiple options for 2FA.
- Extra security features include a Security Dashboard and dark web monitoring.
- The recent LastPass data breach is cause for concern.
Encryption and security techniques
To encrypt locked passwords, LastPass uses AES 256-bit encryption on its password vaults. This is a very secure form of encryption that is used by most premium password managers.
Next to its encrypted file storage, LastPass uses a salted hash of the master password for extra security. This means they scramble data and add extra complexity to your master password, making the risk for brute force attacks significantly lower.
The type of encryption used for this practice is PBKDF2-SHA256 (Password-Based Key Derivation Function). The master password gets hashed 100.100 times by LastPass, though you can adapt this. The standard today is 310.000 iterations.
Log in safely with LastPass
LastPass offers various methods to log in, depending on whether you’re using the browser extension or the mobile app. Below, you can find an overview of all the possibilities.
| Log In | Browser Extension | Mobile App |
|---|---|---|
| Master password | ✔ | ✔ |
| 2FA app | ✔ | ✔ |
| PIN | ✖ | ✔ |
| Biometric login | ✖ | ✔ |
Generally, we could access LastPass with our master password. Since 2018, LastPass requests that this password has a minimum of 12 characters, though if you’ve got an older account, it’s still possible to use a shorter master password. Other options that were offered to us during our LastPass review were setting up a password hint or adding a recovery phone number.
Additionally, LastPass offered us two-factor authentication. This means you will have to enter an extra verification code to get access to your password vault. LastPass allowed us to choose between various authenticator apps, including LastPass Authenticator, Google Authenticator, and Microsoft Authenticator.
The premium plan and business plans have some additional apps.
On trusted devices, you only have to go through 2FA once every 30 days. You also have the option to disable two-factor authentication.
The mobile app offered us even more options. We could use a PIN code instead of a master password to unlock the app after inactivity. You could also use a biometric login such as Touch ID or Face ID. This goes for unlocking the app as well as getting into your password vault. For the latter, Touch ID or Face ID replaces the master password completely.
Moreover, we could change the set of how quickly the app should lock after inactivity. This is a useful feature that prevents people from easily accessing your vault should you lose sight of your phone. In the browser extension, we could similarly adjust the settings for automatically logging out of LastPass.
With the LastPass Premium and LastPass Families plans, you can also add another person for emergency access.
You can set parameters for being sent an access request: if you don’t deny the access request within a certain time frame, the appointed person will get access to the password vault. This means a partner or family member could get access to your passwords posthumously.
Safely generate passwords
LastPass’s browser extension lets you generate complex and secure passwords. We did this by using the Alt + G shortcut. The password generator allowed us to set parameters for the length of our passwords as well as let us decide which characters to include. It was not possible for us to create a password sentence consisting of multiple words.
Of course, you can easily import passwords from various sites and edit them as you please.
Password-sharing feature
To share passwords with other LastPass users, LastPass uses the Sharing Center. This is where you can find folders and items that have been shared with you or that you’ve shared with others. To add an item, here’s what you have t do:
- Go to the Sharing Center and click the “+ sign.”
- Enter the email address of the person you want to share items with. You can choose whether this person can actually see the password or simply use it. For password-sharing, the other person also needs to have a LastPass account.
- Select the item you want to share.
- Click the “Share” button.
Keep in mind that you can’t share entire folders on every LastPass plan. This is only possible on LastPass Families or business accounts. On the Free and Premium plans, you can only share individual items.
Limitations:
The LastPass Free account lets you share items with only one other person. On a Families subscription you can exchange items back and forth from six encrypted vaults.
Extra security options
LastPass has a security dashboard. This is where you can find information on any security vulnerabilities in your account. We used this to find how many unsafe or weak passwords we had and opened a list to change them into more secure passwords with the password generator. This is LastPass’s effort to increase password management and your overall online security.
The security dashboard is also the place to activate 2FA and add any trusted devices.
Additionally, LastPass also offered us a dark web monitor. Should any of the login credentials you’ve got saved in your vault get leaked, you’ll receive a notification per email as well as on the security dashboard. This means you can act swiftly.
The Premium and Families subscriptions also provide you with 1GB of data storage for encrypted notes. You can add documents as attachments to these notes, which is a bit of a cumbersome form of cloud storage. Though, still a good way to keep your documents safe.
2022 data breach
On December 22, 2022, LastPass released a statement that a hacker had managed to get into its cloud storage and thereby could access encrypted and non-encrypted data. This has significantly impacted the safety and privacy of LastPass users.
Encrypted data (usernames and passwords) are still protected with 256-bit AES encryption, even in the event of a data breach. They can only be decrypted if a hacker also has access to your master password.
Nevertheless, there’s a significant security risk: besides private data such as names, email addresses, and phone numbers, the leak also included website URLs. This data is not encrypted: a hacker can see exactly which website credentials are stored in your vault.
This information can be used for social engineering and phishing attacks. The combined access to websites and personal data makes it easier for a cybercriminal to create credible phishing emails to trick you into thinking that a legitimate company is contacting you and getting you to provide sensitive information.
On top of that, experts have expressed concerns that URLs give cyber criminals lots of relevant information about which vaults contain interesting material. This could increase the incentive to crack the master password of these vaults, not only via phishing but also through brute force attacks. This is a type of attack where as many passwords as possible are tried out on a vault.
This data breach of LastPass has been a great cause for concern that has put many users at serious risk. In February 2023, another LastPass data breach occurred. Hence, these two incidents affected our rating of this password manager.
Privacy: Does LastPass Safeguard Your Data?
LastPass does not do a fantastic job at safeguarding your data as it, unfortunately, shares your information with third parties, and last year it allowed unauthorized access to private information.
The data you share with a password manager is very sensitive. In order to determine whether a password manager is trustworthy, you need to know they treat your private data with the utmost care. For our LassPass review, we took note of the following things:
- LassPass doesn’t collect unnecessary data.
- The password manager does share this data with third parties.
- In 2022, LastPass was not able to prevent unauthorized access to private data.
Taking this into account, we can’t give LastPass a higher score than 5.5/10.
Privacy policy
Thanks to LastPass’s zero-knowledge policy, only you have access to data in your own vault. Unless they have direct access to your master password, no one should be able to see your passwords, credit card details, or notes. You can also use your LastPass vault to save your driver’s license, passport, health insurance, or social service number.
To provide us with their password management features, we had to give some information away to LastPass when we created an account. Here’s an overview of all the data LastPass collected from us:
- Account information: LastPass requested our name and email. This information is required to create a vault for you.
- Payment details: These are saved for tax purposes and the LastPass customer service.
- Data pertaining to your use of the service: This information includes sessions, device type, and operating system. Diagnostic data, as well as crash data and bugs, are also saved.
- Location and IP address: LastPass states this information is used to prevent fraud and ensure safety. You do have the option to disable this.
- Any content you upload: Your passwords and documents are included, even though this data is encrypted.
- Feedback: This covers information from reviews or questionnaires.
Primarily, LastPass collects data to detect any technical issues and limit the risk of fraud. On top of that, LastPass uses your data to provide you with product updates, as well as for marketing purposes. When signing up, you consent to have your data shared with third parties.
Logging and audits
LastPass has a zero-knowledge policy. This means that passwords are encrypted and decrypted locally on your own device. Any login credentials that are saved in a LassPass vault are automatically encrypted, and you’re the only person who has access with your master password.
Even when there’s a data breach — as has been the case — your passwords can’t be decrypted. LastPass also doesn’t have access to your master password, thanks to the aforementioned salted hashing.
Independent audit
During our LastPass review, we discovered that the password manager gets regularly audited by external parties. LastPass safety features are assessed in the form of an SOC-2 audit. The last audit was published in December 2021 and details the period from September 2020 until August 2021. The review focused on safety, accessibility, and trustworthiness. LastPass met all necessary standards.
Data breach and privacy
The 2022 data breach did not only have consequences for the security and safety of LastPass but also for its privacy. Criminals were able to get their hands on the following data:
- Company information
- Names of users
- Invoice addresses
- Email addresses
- Phone numbers
- IP addresses
This information can be used for various purposes, including phishing. LastPass users need to keep an eye on email and text messages since the hackers can use the contact information they obtained.
This type of data breach is unacceptable for a trusted password manager.
Ease of Use: How User-Friendly Is LastPass?
LastPass’s browser extension and app are both very user-friendly. Therefore, based on our LastPass review, we gave it a score of 8.5/10 for ease of use. Here are our main findings:
- The LastPass website is well-designed and easy to navigate.
- Both the app and extension are easy to install and straightforward to use.
- Your passwords are saved automatically and entered automatically on websites.
- You can manually import passwords and edit or share other items from your encrypted file storage.
- LastPass can be used on unlimited devices.
- There’s a 30-day free trial period.
- In the support center, you can find lots of information in different forms (FAQs, videos, webinars).
- You can only pay with a credit card.
- Sometimes customer service agents are unavailable.
LastPass website and installation
LastPass’s website is clear and well-organized. The homepage allowed us to choose between Personal and Business. When we chose Personal, we got an overview of the different subscriptions available.
One downside is that you can only find the free trial on the homepage. If you’d rather get some information first, you’ll automatically be directed to the paid plans.
The website was available in various languages, including English, Dutch, German, Portuguese, Spanish, French, and Italian. Not all translations seemed complete, however.
How to install LastPass Free and LastPass Premium
You can easily install LastPass in a couple of steps. When you choose to get the Free plan, you’ll automatically enter the 30-day trial period of LastPass Premium, but you won’t be charged. Here’s a step-by-step on how to install LastPass:
- On the LastPass homepage, click “Get LastPass Free” in the top right corner.
- Enter your email address and create a master password.
- Click “Sign Up – It’s Free.”
Your free LastPass account has been created, and you’re ready to install the browser extension or app. After, you can log in with the master password you’ve just created.
How to install the LastPass browser extension and app
LastPass has a browser extension and an app. Both were easy to download. After we created an account, we were automatically directed to the page where we could download the browser extension or app.
We were taken to the extension for our main browser right away. For a different browser app or to get LastPass on a different device, you can go to the LastPass website and download it from there.
The Android and iPhone apps are available in the Google Play Store and the Apple App Store. All you need to do is download the app and use your master password to log into your LastPass account.
Software and features
You can use LastPass software on all major operating systems and browsers. The app is available for Android, iOS, and MacOS.
The browser extensions are available for:
- Google Chrome
- Mozilla Firefox
- Microsoft Edge
- Opera
- Apple Safari
LastPass browser extensions
We tested the extensions for Chrome and Firefox during this LastPass review. Everything worked as it should! The extension does differ a bit per browser. The Chrome extension, for example, comes with some extra features, such as showing you your login status on the other extensions you’ve got installed.
On the contrary, the Opera and Edge browser extensions are less feature-rich. For instance, we were not automatically logged out of our LastPass account after inactivity.
You can access your vault via the browser extension without having to install anything else. The vault is accessible via the cloud. All you need to do is click the red Vault button in the top right corner. It’s also possible to add or edit items directly in the extension.
You’ve got unlimited password storage, and the password generator helps you create secure passwords for any new or existing accounts.
LastPass app
The iOS app also gave us direct access to our passwords, notes, addresses, and other saved items.
You can use the LastPass app on unlimited devices. Do note that the free version only lets you use the app on one type of device. Say, you’re using LastPass on your phone. Then you won’t be able to also get the browser extension on your laptop.
Encrypted password vaults are automatically synced, no matter what device you use. New accounts or changed passwords are always updated.
Adding items to the LastPass vault
We could save the following items in our LastPass vault:
- Login credentials: URL, usernames, and passwords
- Notes
- Addresses
- Payment details
- Information related to important documents (driver’s license, passport, insurance, social security)
With LastPass, you get unlimited password storage. You can add items in two different ways: manually or automatically. If you want to add something to the LastPass vault manually, all you need to do is click the “+” icon. You’ll be taken to this screen:
If you log in on a website, the LastPass browser extension will ask whether you want the credentials to be added to your vault automatically.
For entering login details on a page, LastPass generally did this automatically for us. However, we could also enter them manually from our LastPass vault by copying and pasting the details. To make things even easier, we had the option to mark certain credentials as favorites.
Subscriptions and payment options
Besides its Business plans, LastPass has three different subscriptions on offer: Free, Premium, and Families. For the Premium and Families plan, you have the option to get a 30-day trial. Notably, you don’t need to enter any payment details, which is always great!
Currently, the prices for each LastPass plan are as follows:
- LastPass Free: $0.00
- LastPass Premium: $3.00/month
- LastPass Families: $4.00/month
You can only pay with a credit card, such as Visa, Mastercard, and American Express. It’s not possible to pay in any other way. Each plan runs for a year and gets automatically renewed.
Would you rather have a completely free subscription? Check out our recommendations for the best free password managers to see alternatives to LastPass!
LastPass customer service
While conducting our LastPass review, we discovered that there are several ways to get in touch with LastPass’s customer service. The website has a chat feature. Initially, we spoke to a chatbot/virtual assistant that redirected us to the Support page or the LastPass Community. But you can also request to talk to an agent.
When we did ask to speak to an agent, unfortunately, there was no agent available right away. We received the suggestion to use the contact form. After we did this, we received a reply a couple of hours later.
Note:
If you have a paid account, you can also contact LastPass via phone. Support via email is only available to Business accounts.
You can also use the Support Center to get more information. There are tons of resources available, including an FAQ, information on features and tools, and instructional guides.
Finally, there is a LastPass Community tab where you can ask questions and see questions asked by other users. Here, you can also find videos or sign up for live webinars.
We’re happy to see LastPass putting effort into providing these different options for support. However, having direct contact with a support agent can be a bit of a challenge.
Final Verdict: Is LastPass Worth It?
Based on our LastPass review, we can confidently say that LastPass is a user-friendly password manager that generally works well. You can save unlimited passwords, and the software is easy to use and available on many operating systems. Thanks to LastPass’s zero-knowledge policy, you are the only person who can access your password vault with your master password.
However, we do still have some reservations about this password manager.
Though the chosen method of encryption (AES 256-bit encryption) is very secure, the recent data breach has compromised LastPass’s privacy and security. Hackers may not have been able to access users’ vaults directly, but they still managed to get their hands on lots of valuable information that can be used for phishing attacks.
However, it’s great to see that LastPass has a free version and that you can try out the Premium version for 30 days without having to submit payment details. This, we always love!
Looking to learn more about password managers and for a better alternative? Check out our articles below:
- The Best Password Managers: Our Top 5 Picks
- 1Password Review: Strong Security and Suitable for All
- NordPass Review: A Great But Cheap Password Manager
Do you have any questions about the LastPass password manager? Check out our frequently asked questions below and get some quick answers!
Though LastPass can be considered more trustworthy than a browser password manager because of its secure encryption protocols, it was hacked at the end of 2022, and encrypted and non-encrypted data was leaked. LastPass users were made vulnerable to various cybercrimes, including phishing.
A data breach like this should not have happened with a trusted password manager and has compromised LastPass’s security.
LastPass has various subscriptions available:
- LastPass Free: $0.00
- LastPass Premium: $3.00/month
- LastPass Families: $4.00/month
Yes, LastPass has a free version! It’s also possible to try the Premium version for 30 days without having to submit payment details. Read more about this password manager on our LastPass review.
You can store an unlimited number of passwords and other items in your LastPass vault. See what else this password manager has to offer in our extensive LastPass review.
