Keeping track of dozens or hundreds of strong, unique passwords just isn't possible without a password manager.
LastPass Premium offers plenty of top features including cross-platform syncing, secure sharing, a password strength report, and dark web monitoring.
However, an upcoming change to device syncing rules will make LastPass's free version borderline useless for most people.
LastPass is still an Editors’ Choice password manager overall for its ease-of-use and excellent features, but we don't recommend it for free users anymore.
LastPass Free vs.
Premium vs.
Family
LastPass offers three different plans for consumers: Free, Premium, and Family.
The Free edition includes all of the standard password manager capabilities, plus a few features that other services restrict to paid accounts.
With LastPass’s free version you get auto-filling capabilities, a password generator, one-to-one sharing capabilities, secure notes, a password strength report, and support for multifactor authentication.
Unfortunately, LastPass is changing device-syncing rules for free users on March 16.
Previously, free users could sync passwords across any platforms LastPass supports, including desktop and mobile devices.
Now, LastPass will make free users choose between syncing passwords with Computers (browsers, desktops, laptops) and Mobile Devices (phone, tablets, and smartwatches).
This severely limits the utility of LastPass's free edition and, therefore, it's no longer one of our top choices for free password managers.
Other free password managers also have stringent limitations.
Some, like RoboForm and Enpass, put a limit on the number of passwords free users can save.
Others, like Dashlane and Keeper, are only free if you use them on a single device.
MyKi’s and Bitwarden’s free versions, however, do not impose limitations related to cross-device syncing or total passwords.
LastPass Premium costs $36 per year.
In addition to all the free version’s features, you gain one-to-many sharing, advanced multifactor options (such as YubiKey support), Emergency Access features (password inheritance), dark web monitoring, priority tech support, the LastPass for Applications app, and 1GB encrypted file storage.
Previously, Emergency Access tools were available for free users, so this is a step back.
We tested LastPass using a Premium account.
The top tier for noncorporate accounts is LastPass Family, which costs $48 per year.
LastPass Family subscribers get six LastPass Premium licenses, unlimited shared folders, and access to the LastPass family dashboard.
LastPass’s pricing for its Premium and Family versions are consistent with equivalent versions of competing software.
For instance, Keeper Password Manager and Digital Vault’s Personal and Family tiers cost $29.99 and $59.99 per year respectively.
Sticky Password Premium is $29.99, while 1Password costs $35.88 per year.
Dashlane premium costs $59.99 per year.
Bitwarden’s Premium and Family versions are significantly cheaper at only $10 and $12 per year.
Getting Started With LastPass
To sign up for LastPass, you need to enter an email address and create a strong master password.
LastPass has tightened up its master password requirements since the time of our last review, which we appreciate.
Your master password must now be at least 12 characters, include a number, have both uppercase and lowercase letters, and must not be your email address.
Read our tips on how to remember a strong master password for additional help.
Amusingly, LastPass does not prevent you from using the example password on that account-creation page.
You should also enable two-factor authentication as soon as you create your account, as we discuss in the next section.
After you create your account, LastPass offers to install its browser extension, which is how you log in to the service.
If you choose to skip this setup, you can always use the LastPass Universal Windows, macOS, or Linux installers to add the LastPass extension to the browsers on those platforms.
LastPass offers browser extensions for Chrome, Firefox, Edge, Safari, and Opera.
Once you log in, LastPass walks you through saving a password for Google, Facebook, PayPal, or Netflix.
Pop-up notifications explain that you first log in as usual and then click the Add button when LastPass offers to save it.
LastPass also takes you on a quick tour of the Web Vault.
Keeper Password Manager & Digital Vault offers a similar onboarding process.
During installation, LastPass used to offer to import passwords from your browsers and turn off password capture in the browsers.
This feature is still available; it just doesn't happen as part of the installation.
LastPass also used to offer a one-time password each time you'd install it on a new device.
In the event you forgot your master password, you could reset it using the one-time password, much as Keeper uses your security answer for a master password reset.
Here again, you can dig in and create one-time passwords, but it's not part of the installation flow.
LastPass can import from 31 competing products, but some are defunct (McAfee Safekey is now True Key) and others are simply obscure (such as Clipperz, Figaro’s Password manager, and Revelation Password Manager) The import list remains wildly out of date and is missing five out of Daxdi's nine best-rated password managers (excluding LastPass itself).
Multifactor Security
It doesn't matter how complex your master password is if a thief gets ahold of it.
LastPass does require email verification the first time you log in from a new device, which is good.
But you can seriously enhance your security by using the available multifactor authentication options.
To set up multifactor authentication, head to Account Settings Multifactor Options tab in the Web Vault.
The available two-factor authentication options depend on your subscription tier.
Free users can use an authenticator app such as Duo, Google Authenticator, or Microsoft Authenticator.
Setting up an authenticator app just requires snapping a QR code using the app of your choice.
Each time you log in you'll need to supply a time-based one-time password or (TOTP) generated by the app (essentially a six-digit code that typically changes every 30 seconds) in addition to your master password.
LastPass offers authentication through its LastPass Authenticator app too, which lets you accept or reject a login attempt via a push notification, without need to enter the six-digit code.
It also lists Toopher (this was acquired by Salesforce and is no longer available) and Transakt (the Android variant was last updated in the fall of 2019).
As with the import list, LastPass needs to remove options that are not usable.
Don't have a smartphone? You can print a wallet-sized authentication grid.
For authentication, LastPass requests characters found at specific grid coordinates.
Talk about low-tech!
Premium users can use hardware keys (such as a YubiKey) or biometric options as a second authentication option.
Note that LastPass does not support the more modern Universal Two-Factor (U2F) FIDO 2 standard, instead relying on a TOTP-based method.
In essence, when you tap a Yubikey to log in, the key supplies a string of numbers for authentication.
1Password supports the U2F authentication method.
Previously, LastPass allowed you to turn a regular USB stick into a second factor for authentication via Sesame, but that feature is gone.
The methods described above are more intuitive in any case.
Dashlane, Myki, and Keeper include built-in time-based one-time password (TOTPs) generators and effectively replace the need for a third-party authenticator app for logins to other online accounts.
LastPass does not have this capability.
Two-factor authentication can get tedious after a while, so LastPass lets you define specific devices as trusted.
When you log in from a trusted device, all you need is the master password.
Trust expires every 30 days, and you can delete a lost device from the trusted list.
For even more control, you can ban logins from any device that's not already on the trusted list.
LastPass Web Vault and Browser Extension
LastPass does offer desktop apps for Windows (via the Microsoft Store) and macOS, but you can manage all of your passwords and personal data on the web.
LastPass’s Web Vault uses a red, gray, and white color scheme and a straightforward layout.
The interface isn’t as elegant as others, but it works fine, and we did not encounter any performance issues in testing.
At the top of the interface, there’s a search bar for sifting through all your saved data.
A right-hand drop-down menu lets you access your Account Settings and other help resources.
In the Account Settings section, you can define equivalent domains such as youtube.com, google.com, and gmail.com.
A password for one is good for all.
LastPass comes with dozens of these defined, but we doubt any user edits or adds to the list.
The same is true of the list of URL rules, which let you define whether a given URL requires exact Host Matching and Port Matching.
Once again, we doubt any user touches this feature.
Hiding these features would help streamline the product.
You navigate the experience via a left-rail menu that includes All Items, Passwords, Notes, Addresses, Payment Cards, and Bank Accounts sections.
Secure notes just store and sync sensitive information, optionally with an attachment.
Addresses are similar to what previous editions called Form Fills.
Payment cards and bank accounts are self-explanatory.
If you add one of LastPass’s newer item types such as driver's licenses, passports, or social security numbers, those categories show up in this menu, too. We discuss these item types in more detail in the form-filling section.
You add entries and folders via the red plus button at the bottom of the page.
The left-hand menu also includes the Security Challenge, Sharing Center, Emergency Access, and Account Settings sections.
The middle of the screen is reserved for viewing and editing your stored details.
You can view entries in a list or grid view; sort entries and folders alphabetically or by recently used; and switch to a slightly magnified view.
Hovering over a password entry reveals three icons, for editing, sharing, and deleting.
We discuss sharing options in a later section.
Right-clicking on the item allows you to clone it, copy the username or password, launch the associated site, or move it to a new folder.
LastPass supports dragging and dropping items into folders.
When you edit an item, you can change its displayed name, add a note, or add it to your favorites.
Advanced options let you require reentering the master password for the item, autofill it without waiting, and keep the entry but disable autofill entirely.
Although LastPass does offer the ability to organize items into custom folders, it does not support the creation of separate vaults (such as for personal and work passwords), something 1Password does.
Like 1Password and Enpass though, LastPass does support nested folder options (the other two services offer the same capability with tags).
We tested the LastPass extension on Firefox.
From the extension, you can view recently used passwords, view all items, and generate new secure passwords.
The Add Item and Account Options items redirect you to the Web Vault.
For specific password entries, you can launch the associated website directly, copy the username or password, and edit them.
Annoyingly, there is a persistent ad to the left of the extension menu prompting you to upgrade to LastPass premium.
Password Capture and Replay
When you log in to a secure site, LastPass offers to save your credentials.
You can just click Add and continue or click the pencil icon to edit the entry.
You can assign the captured login to a new or existing folder or tell LastPass you never want to save a password for the site.
As with 1U Password Manager, you can't enter a friendly name directly in the pop-up window, but you can take care of that in the main interface.
In testing.
LastPass captured logins from both one-and two-page logins without issue.
LastPass no longer immediately fills in your credentials when you revisit a site by default, but you can enable the auto-login option on a per-account basis, Enpass and KeePass are other examples of password managers that require you to manually trigger filling credentials.
If you've stored more than one set for a site, LastPass adds a small number to the icon it puts inside the username and password fields.
Security Dashboard
Getting all your passwords safely stored with LastPass is a good first step, but it's not enough.
Now you need to fix the weak ones and the ones you've recycled for use on multiple websites.
That's where LastPass's Security Dashboard comes in.
The experience has been substantially streamlined since the time of our last review and is available to all LastPass users.
This new Security Dashboard is currently only available via the web.
Click the Security Dashboard menu item to get started.
On the main screen, you see a security score that LastPass calculates based on the strength of your passwords and whether you have two-factor authentication enabled.
Click on the View passwords link to see a list of all the passwords in your vault.
LastPass rates the strength of each one, identifies any potential risks (old, reused, or weak), and adds a Change Password button for any offending items.
The button does not automate the password change.
Rather, it takes you to the login's associated website.
If LastPass identifies that many of your passwords need to be changed, don't panic.
Just try to update a few at a time.
Another new feature is LastPass's Dark Web Monitoring for Premium and Family account holders, powered by Enzoic (read LastPass's full explanation of what information Enzoic uses to generate this report).
After enabling this protection, a list of all your associated account emails appears in the section.
You can choose which ones to monitor and will receive an email notification if any are compromised.
Dashlane and Keeper offer similar password audit and dark web monitoring tools.
Password Generator
When you sign up for a new account or change your password for an existing account, LastPass offers to generate a secure password.
By default, the password generator creates 12-character passwords, the same default as Keeper and Dashlane.
LastPass defaults to using all four character sets (upper...
