/images/2023/03/03/logo-lastpass.png){kind=logo}
Helpful features like family profiles and a password generator
Compatible with lots of browsers, OS, and devices
All About Cookies is an independent, advertising-supported website. Some of the offers that appear on this site are from third-party advertisers from which All About Cookies receives compensation. This compensation may impact how and where products appear on this site (including, for example, the order in which they appear).
All About Cookies does not include all financial or credit offers that might be available to consumers nor do we include all companies or all available products. Information is accurate as of the publishing date and has not been provided or endorsed by the advertiser.
The All About Cookies editorial team strives to provide accurate, in-depth information and reviews to help you, our reader, make online privacy decisions with confidence. Here's what you can expect from us:
Since its introduction in 2008, LastPass has touted itself as a safe and easy way to store passwords and login credentials. Unfortunately, soon after its release, LastPass began suffering security incidents, with the first in 2011. Several more breaches followed with the two most recent being within months of each other in the latter half of 2022. Still, LastPass insists its customers are now safe and it’s taken measures to prevent further hacks.[1]
As far as the actual service, LastPass has a host of features like a password generator and multi-factor authentication, which serve as useful tools to anyone looking for increased security online.
The free, individual, business, and family plans all offer convenient ways to store sensitive information that’s easily accessible and supposedly safe. With a manageable price and integrated browser extensions, it’s up to you to decide whether or not this service is right for you. Let’s get into what we found.
Helpful features like family profiles and a password generator
Compatible with lots of browsers, OS, and devices
| Price | Starts at $3.00/mo (billed annually) (for paid plans) |
| Free version | Yes |
| Browser extensions | Chrome, Firefox, Edge, Safari, Opera |
| Password sharing | Yes — Unlimited on paid plan |
| Encryption | AES-256 bit encryption with PBKDF2 SHA-256 and salted hashes |
| Two-factor authentication | Yes |
| Password generator | Yes |
| Form filler | Yes |
| Digital legacy | Yes |
| Details | Get LastPass |
The free version of LastPass comes with a surprising number of useful features like autofill capabilities and a password generator. This is great for anyone who doesn’t need to share their passwords with anyone else or use them across multiple devices.
If you do need a little more from LastPass, paid plans come with enhanced features like phone support and emergency access for family members who may have forgotten their password.
| Plan | LastPass Free | LastPass Premium | LastPass Families |
| Price | Free | $3.00/mo (billed annually) | $4.00/mo (billed annually) |
| Number of users | 1 | 1 | 6 |
| Number of devices | 1 | Unlimited | Unlimited |
| Password vault | |||
| Autofill | |||
| Password generator | |||
| Two-factor authentication | |||
| Encrypted storage | |||
| Security dashboard | |||
| Dark web monitoring | |||
| Emergency access | |||
| Personal support | |||
| Details | View Plans | View Plans | View Plans |
LastPass prices are on par with Keeper and 1Password. All three services charge annually but like to advertise the products by what the annual price equates to monthly. For a truly transparent view of each of these, please look at the starting prices for several popular password managers:
LastPass: $3.00/mo (billed annually)
LastPass costs less than Dashlane's personal plans, but other password managers like NordPass and Bitwarden are cheaper.
It's worth noting that Keeper, 1Password, Dashlane, NordPass, and Bitwarden haven't been breached, while LastPass has suffered several security breaches.
LastPass is a solid password manager but we don't blame you if you're offput by its history of data breaches. Here are some other password managers to consider that haven't been breached (as of this writing):
Since its humble start as a password manager, LastPass has continued to expand its offerings to provide a number of features aimed at security. For example, the emergency access feature, one that allows you to will your password vault to someone upon your passing, is an especially useful feature as more of our lives move online.
Take a look at some of the other features and what they can offer.
Even though Netflix may be cracking down on password sharing, it doesn’t mean we won’t continue to share. LastPass has thought of this and created a safe and effective way for you to share passwords with friends, family, roommates, or colleagues.
The Sharing Center within the LastPass dashboard allows you to send passwords to anyone while continuing to keep that information encrypted. It’s way better than pasting the Disney+ password into a text to your mom for the 15th time.
With the free plan, you can use one-to-one sharing, which allows you to share your passwords and saved items with one person at a time. With the paid plans, you can also use one-to-many sharing, which allows you to share your saved with multiple people.
Two-factor (2FA) and multi-factor authentication (MFA) allow you to add extra layers of security to products that handle some pretty private data. This type of passwordless authentication can supplement the security holes found in password security.
LastPass takes advantage of this technology by using 2FA and allowing you to go deeper by enabling multi-factor authentication. LastPass has a proprietary authenticator but also allows for integration of other authenticators, such as biometric logins, which improve the security of 2FA.
If you’re an Apple person, you may be familiar with the password generator that comes standard as a part of iOS. LastPass also provides this service with its own proprietary password generator.
When the browser extension is enabled, you can automatically create a secure password directly on a website. These unique combinations make for strong passwords and can help increase your security. LastPass will then save the new password to your vault.
The autofill feature in LastPass creates a profile of you with the information you want, like phone number, address, credit card info, and more. You can fill online forms by clicking the browser extension in your toolbar. In addition to this being convenient, it also helps avoid keylogging, which is where everything you type is recorded.
This feature evaluates your passwords, password hygiene, and sharing practices and evaluates your score based on how you use passwords.
For instance, if you use the same password multiple times, your strength score is lowered because there are more chances to breach this password. If you use unique, complex passwords for all your accounts, you’ll end up with a high rating.
Additionally, you’ll need to continue to monitor LastPass as it scans the web for data breaches. If your password appears in a breach, it’ll lower your score and suggest you change the password.
Digital legacy is a uniquely 21st-century problem. What do you do with a person’s online accounts when they pass away?
LastPass allows you to grants someone emergency access in case of a forgotten password. You can also grant temporary access or update specific folder permissions to share the passwords within and skip sharing your master password.
You can also name heirs to receive access to your vault in the event of your passing. This can help families or loved ones who are trying to access bank accounts, medical information, emails, and other services.
Additional bonus features offered by LastPass for business and family accounts are:
One positive aspect of LastPass is the ability to just use it as a basic password manager. If you aren’t interested in all the bells and whistles of the features, you can install LastPass with a few clicks and let it do its thing.
Once you enable the LastPass browser extension, it’s easy to navigate all over the web without having to worry about your passwords.
/images/2023/03/03/lastpass-review_01.png)
We easily navigated through the dashboard to find all of our saved passwords. They were organized in neat folders. Since we’re using a business version, we were able to see not only our own personal passwords but also the ones shared with coworkers.
/images/2023/03/03/lastpass-review_02.png)
You can also add secure notes to each saved password as well as require extra security steps, such as your master password, to log in to certain accounts. This is especially helpful for banking and financial accounts since it adds an additional layer of protection.
As an added bonus, LastPass includes a security dashboard in the menu options on the left. This gave us a brief overview of the security issues we may face given our settings. Since we were already signed in to the dark web monitoring, we decided to try turning on multi-factor authentication.
/images/2023/03/03/lastpass-review_03.png)
A glitch we found when using LastPass on our MacBook was that links didn’t open when we clicked. At first, we thought the links for the multi-factor authentication were broken. Since this is an app, however, we didn’t expect them to open within the app itself.
When the links didn’t redirect back to our Safari browser, however, we wondered if they worked on Mac at all.
/images/2023/03/03/lastpass-review_04.png)
It didn’t matter how much we clicked that “Enroll” button, nothing showed up. Then we went back to our Safari browser and there were as many tabs open as times we clicked.
This little glitch isn’t a deal breaker, but there’s probably an easier way for LastPass to handle activating this authenticator. In the end, we had to move between our LastPass dashboard and our web browser manually.
One thing to note, we haven’t run into this issue while using LastPass Premium on our iPhone, although we do often need to open our LastPass vault in order to copy account passwords when logging into iOS apps.
Otherwise, LastPass was pretty user-friendly. We did appreciate being able to use another password generator other than our proprietary Apple generator. We also appreciated the ability to add identities, which allows you to create clusters of information, like websites and notes for certain passwords, all grouped together. This is useful if you want to keep all your financial information like banking, trading, and crypto in one easy place.
/images/2023/03/03/lastpass-review_05.png)
Overall, LastPass isn’t difficult or confusing to use. You can store passwords, increase your security, monitor your dark web presence, and organize passwords and notes in an orderly fashion. The product itself is actually very useful. Unfortunately, LastPass is still battling hacking and privacy issues.
Since LastPass has such a robust free product offering, it’s more than likely the company is selling data to recoup profits lost. After reading the U.S. privacy policy listed on the website, it's pretty clear that’s exactly what’s happening. LastPass is even using aggregated data from other parts of the web to create a clearer picture of you for marketing purposes.
Under "How We Use Your Data," the last sentence of the first paragraph, item (k), on page three of the policy states:
“To the extent permitted by law, we may also combine, correct, and enrich personal data we receive from you with data about you from other sources, including publicly available databases or from third parties to update, expand, and analyze our records, identify new prospects for marketing, and provide products and Services that may be of interest to you.”
There are several red flags in that statement. Identifying “new prospects for marketing” means selling your data to marketers. It’s also concerning that LastPass notes it can “correct and enrich personal data” you provide along with data it collects from outside sources. Why would a password manager need to “correct and enrich” your personal data? Why wouldn’t it just store your passwords and leave the rest of your identity alone?
These are the types of questions you should ask when looking at a product to which you give so much information. Since you’re sharing personal, financial, health, and other login details with LastPass, selling that information seems counterintuitive to the purpose of its service — keeping your data secure.
LastPass claims a significant amount of security certificates and advertises its Bug Bounty program in an effort to show customers how dedicated it is to security.
The most recent third-party security certificate was issued in July 2022, directly before the major hacks that stole source code and encrypted password vaults from LastPass’ servers.
Honestly, probably not. LastPass suffered two major security incidents in 2022 that left customers’ data exposed, with the November breach including encrypted password vaults. As there’s been very little additional data provided by LastPass in the months following the hack, it’s unknown how far-reaching the effect of this will be on customers.
The previous cybersecurity incident in August 2022 saw hackers getting away with some of LastPass’ source code.[2] Source code is the foundational structure, the DNA, of any software. Like DNA, if you alter part of it, you can alter the entire entity.
This means that portions of LastPass could've been altered in the November 2022 hack that haven’t even come to light yet. With competitors like Keeper and NordPass having never been hacked, it’s probably safer to go with one of those services while LastPass sorts itself out.
It’s worth noting that if you're a LastPass customer, changing your passwords may not be enough to protect your accounts. You should enable multi-factor authentication and update your privacy settings to keep accounts safe.
The least helpful aspect of LastPass is its customer service.
While you have to be subscribed to a paid tier like Premium or Family to access personal customer service, you’re still encouraged to sort through the self-help section before reaching out to the call center. Like most self-help sections of technical sites, finding answers to more obscure questions can be time-consuming and frustrating.
Previously, LastPass noted it was receiving larger than normal call volume. The notice on the support page went on to encourage you to search for your support topic in the self-help section.
As you may have guessed, you’ll only get general suggestions on the self-help pages instead of direct answers to your questions. If you’re looking for a solution to a less common issue, you may find yourself searching for a while.
It would be nice to see LastPass add a chatbot that links to a live person if you can’t find what you’re looking for in self-help. This could reduce the call volume and also assist customers in finding faster answers to questions. Unfortunately, that doesn’t look like it’s in the works, but we can dream, right?
/images/2023/03/03/lastpass-review_07.png)
LastPass claims compatibility with a myriad of browsers, mobile devices, and operating systems. For web browsers in general, the two most recent versions work with LastPass. Anything older than that, and you’ll need to update your browser.
Keep in mind that free users are also limited to one device, so be sure to install it on a device that you use to log in to your accounts most often.
Operating systems and mobile apps
Browsers
LastPass’ trustworthiness has come into question with two back-to-back breaches in August and November of 2022. All customers are urged to change their passwords immediately and enable multifactor authentication on all accounts. Competitors Keeper and 1Password both boast similar levels of security without data breaches or being hacked.
LastPass has encountered more security breaches than we’d like to see from a security provider. It also can become glitchy on devices like Apple Watches or with macOS updates.
LastPass has been involved in multiple data breaches with the last one being revealed in November 2022. LastPass shared details of the latest breach plus information collected in previous breaches in a blogpost on its site.
Significant amounts of customer data were obtained in the most recent breach, and all LastPass customers are encouraged to change all passwords stored on the site.
Both Keeper and NordPass are top alternatives to LastPass. As of the date of publishing, neither service has suffered a hack or data breach.
While Google has a proprietary password manager built into Chrome, Google’s password manager isn’t safe enough to trust all your data to the service. A third-party service like the two we’ve mentioned will add another layer of security.
Yes, LastPass was hacked in August 2022, and that information was used to perform another, more expansive breach in November 2022. Among the data stolen were customers’ encrypted vaults and source code from LastPass itself.
No, LastPass is based in Fairfax Virginia. It was originally owned by LogMeIn, now called GoTo, which is based in Boston, Massachusetts. LastPass became a standalone company in 2021.
Even if we could be 100% sure that LastPass fixed its security flaws and we knew changing our passwords in our vaults would keep our accounts safe, LastPass has suffered too many security incidents to feel like a good product.
The fact that the first security breach of 2022 happened a month after LastPass received its third-party audited security certificate is worrying. On top of that, the dicey privacy policy and aggregated collection of data feels out of place for a security-focused company.
That isn’t to say you shouldn’t use a password manager. They help keep everything organized so you don’t lose your passwords. If they contain features like a password generator, like LastPass does, then you have additional security with strong, unique passwords suggested and saved for you.
Password managers like Keeper and NordPass claim no security incidents and provide the same services as LastPass. It might be better to look at one of those.
Helpful features like family profiles and a password generator
Compatible with lots of browsers, OS, and devices
[1] Notice of Recent Security Incident
[2] LastPass Admits to Severe Data Breach, Encrypted Password Vaults Stolen
/images/2023/05/11/best-password-managers.png)
/images/2022/05/09/passwords-on-sticky-notes.jpg)
/images/2023/12/05/aura-vs.-lifelock.png)
/images/2023/05/12/how-to-view-saved-passwords.jpeg)
/authors/mary-james_allaboutcookies-author.jpg){kind=small}
/authors/catherine-mcnally-allaboutcookies-editor.jpg){kind=small}
/images/2023/03/03/logo-lastpass.png){kind=logo}
/authors/mary-james_allaboutcookies-author.jpg)