Skip to main content

LastPass password manager review

LastPass is still the best password manager out there

LastPass review
Editor's Choice
(Image: © LastPass)

Our Verdict

LastPass's free version has been hobbled by a recent policy change, but LastPass's moderately-priced paid version is still the best password manager available.


  • Extensive two-factor-authentication options
  • Solid, consistent design across platforms
  • Excellent family-plan pricing


  • Free plan no longer so wonderful
  • Unique extra features killed off
LastPass specs

Platforms: Windows, Mac, iOS, Android, Linux, Chrome OS
Free version: Limited to one device 'category', limits on password sharing & 2FA
2FA: Yes
Browser plugins: Chrome, Edge, Firefox, IE, Safari, Opera
Form filling: Yes
Mobile PIN unlock: Yes
Biometric login: Face ID, Touch ID on iOS & macOS, Pixel Face Unlock, most Android & Windows fingerprint readers
Killer feature: One-click password changer

EDITOR'S NOTE: The 2021 Tom's Guide Awards have been announced, and LastPass Premium has won Best Password Manager. Head to the Tom's Guide Awards 2021 Best Products for Working From Home page to see all the winners and recommended runners-up.

LastPass has been the biggest name in password management for several years, and it's easy to see why. It is one of the most feature-packed of the best password managers and until recently offered the best free tier available. 

LastPass' premium tier was once the best deal as well, but its yearly subscription price has tripled from $12 to $36 since 2017. This puts LastPass in line with 1Password and just a bit ahead of Keeper, but longtime customers may find the price hikes aggressive. 

Nonetheless, while LastPass isn't the steal it was a couple of years ago, free or paid, the value proposition for this feature-packed password manager is solid. As you’ll see in our LastPass review, its premium tier is our Editor's Choice among best password managers.

Regarding the free tier, beginning on March 16, 2021, users were restricted to syncing data only among computers or among mobile devices. That's more generous that what many other password managers' free tiers offer, but if you want a full-featured free password manager with few restrictions, try Bitwarden.

LastPass: Costs and what's covered

At $36 per year, LastPass' premium personal plan is no longer dirt-cheap, while the family-plan pricing is a reasonable $48 per year for up to six users.

As for the free tier, you are now limited to syncing across one of two categories of devices, defined as smartphones and tablets on one side, and laptops and desktops on the other. In other words, you can use LastPass Free to sync among your mobile devices OR your desktops and laptops, but not both.

As mentioned above, Bitwarden has a free tier that syncs all your devices without limits. The only other freemium password manager we've reviewed that does so, Zoho Vault, has a clunkier interface and fewer features. The open-source KeePass is entirely free but requires you to sync your own data and to use third-party mobile apps.

(Image credit: LastPass)

LastPass Free users also get unlimited password storage, one-to-one sharing, a password generator, automatic password saves, automatic filling of entry forms, secure note storage, multi-factor authentication and the LastPass Authenticator mobile app. 

In August 2020, the LastPass "security challenge" that checked for bad passwords was replaced by a "Security Dashboard" that analyzes your overall password strength, lists all your passwords and recommends that you change any that are weak, old or reused. Links to the corresponding sites are provided next to each listing, but you need to be a paying user to use the Security Dashboard.

LastPass Premium brings additional tools to the table that may make paying for it worthwhile, particularly if you're interested in a family plan. 

You'll get 1GB of encrypted file storage, priority tech support, advanced two-factor authentication options (including support for hardware security keys like Yubico's), emergency access for your loved ones and one-to-many sharing. Family-plan users get a management dashboard for the primary account holder and unlimited shared folders.

All paying users get an additional feature with the Security Dashboard: "dark web" monitoring of all their listed email addresses. You've got to authorize LastPass to do this monitoring in the Security Dashboard, but once you do, LastPass will notify you via email and in Security Dashboard when an email address of yours pops up in a data breach.

The LastPass security dashboard.

(Image credit: LastPass)

LastPass officially supports Windows 8.1 and above, macOS 10.14 Mojave and up, Chrome OS and the most common distributions of Linux, although you may be able to run it on earlier versions of each. Support for Windows Phone, Kindle and BlackBerry has been dropped.

Supported browsers include "the most recent two versions of" Google Chrome, Microsoft Edge (both legacy and Chromium-based), Mozilla Firefox, Apple Safari and Opera, plus Microsoft Internet Explorer 11. Maxthon support seems to have been discontinued.

On iPhones and iPads, LastPass is available for iOS 11 and up. On Android, full support with automatic form filling requires Android 8.0 Oreo or later, but the app will run on Android 5.0 Lollipop and later.

For this review, I used LastPass on a 2017 MacBook Pro 15 running Windows 10 and macOS 10.14 Mojave, an iPhone 7 Plus, and a Google Pixel 3 running Android 9 Pie. Google Chrome was my primary browser across all platforms but testing on macOS and iOS was also done with Safari.

LastPass: Setup

Step 1 is to create an account on by providing an email address and a master password. You can set a master password hint as a reminder, but I would advise against that, since LastPass is already one of the few password managers that offers account recovery.

(Image credit: LastPass)

From there, LastPass guides you through installing the browser extension for whichever browser you currently use. If you use a few different browsers, then download the universal installer for Windows, macOS or Linux, and it will install extensions across all your supported browsers simultaneously.

The universal installer installs the full-featured "binary component" extensions for Chrome, Edge, Firefox, Opera and Safari where possible. These beefed-up extensions share your login state across browsers, automatically log you off, copy items to the OS clipboard and clear the clipboard, and import and export data.

There are less powerful extensions, without binary components, for Chrome, Edge (both versions) and Opera that you can get from each browser's extension store. Unfortunately for Chrome OS users, the simplified LastPass extension is the only one they can use.

You can easily upgrade a simple extension to a binary-component one if your browser and operating system support it. Click the LastPass extension icon, select Account Options, click About LastPass and then click the Enable Native Messaging button in the resulting browser window.

LastPass: Alternative tools

Most users will be happy relying on LastPass's browser extensions and the web interface, but there are a few additional ways to use LastPass — although LastPass owner LogMeIn recently killed some of the best ones.

On macOS, you can opt for the LastPass Mac App, a stand-alone desktop application that contains most of the functions and features available with the LastPass website and browser extensions.

Windows users can get a LastPass stand-alone desktop application exclusively from the Windows App Store. It mirrors the website interface but lacks the Security Challenge, Sharing Center and advanced options. The Windows desktop app is  limited to 5,000 items in the Vault and is only for paid users.

A LastPass spokesperson told us the Windows desktop app was no longer being developed but will continue to be distributed and supported.

Sadly, LastPass until recently had a bunch of really cool additional tools that have been discontinued, although you might still be able to find their installers on third-party websites. (Scan those with antivirus software before running them.)

LastPass Pocket was a "portable" Windows or Linux application that could be run directly on a machine or loaded onto a USB drive for use on multiple machines. The interface looked like it was from 1991, but it worked fine.

LastPass Sesame let you turn a regular USB stick into a two-factor authentication physical key. And LastPass for Applications signed you into Windows applications on your desktop.

We don't know why these tools were killed off, but they were unique options that really helped LastPass stand out from the crowd.

Finally, you will want to download the mobile app from the Android or iOS app store. Just enter your email address and master password and all your data will be synced automatically.

LastPass: Importing passwords

Once LastPass is installed, you can import previously stored passwords from your browser or a stand-alone password manager.

The LastPass import feature is buried in the settings and is not part of the guided initial setup. Click "More Options" in the bottom left corner of the web interface, then click on "Advanced" and you'll see the "Import".

(Image credit: LastPass)

With 32 supported import options, including direct importing from most of the best-known password managers, LastPass definitely wins the import arms race. If LastPass doesn't directly import from something, you can always export data from the other service as a comma-separated-values, or CSV, text file.

LastPass uses an odd system for importing CSV files. Instead of just importing the CSV file directly, as most other password managers do, you need to open the file in a text editor like Notepad (Windows) or Notes (macOS), then copy and paste the file's contents into the LastPass website.

It's not a big hurdle, but LastPass is the only password manager I know of that requires this extra step.

LastPass: Account recovery

LastPass is one of the few password managers that lets you recover your account if you lose your master password. (Keeper does too.)

There are several ways to do this. As we mentioned earlier, you can give yourself a master-password reminder hint during the initial setup, but this is dangerous as anyone trying to break into your account will see the hint too.

(Image credit: LastPass)

You can designate a mobile-phone number to which a recovery code can be texted. I wouldn't recommend this either, as SMS text messages are not secure and phone numbers can be stolen.

If you've changed your master password within the past 30 days, you can revert to the previous master password. But this deletes any new data or changes — including new passwords or stored records — that you had saved since the master password changed.

The last and possibly best option is to generate a one-time recovery password using a computer and browser on which you have previously used LastPass.

I always recommend enabling two-factor authentication (2FA) on your password manager, but given the many ways to trigger account recovery with LastPass, it is especially vital that you do so here. Thankfully, even free users have access to extensive 2FA options on LastPass.

LastPass on the desktop

Most users will use only the LastPass website and the browser extensions, which offer all the functionality you need. But since my last review of LastPass, the macOS standalone desktop app has been updated to match the website experience exactly.

The overall user interface in a couple of years, but the material design look holds up well. Whether you log into the LastPass website or click "Open My Vault" from the browser extension, the interface you see in your browser is the same. What the browser extension opens is actually a local file on your r computer that should work if you're offline. Meanwhile, only the LastPass website lets you update your vault.

LastPass: Desktop primary sections

You'll see six primary sections in the left column, then five secondary sections under those, keeping oft-accessed features front and center without burying lesser-used features.

There are several different views and sorting options; I favor the compact-grid view as it fits a lot on the screen. Hovering your cursor over an item lets you launch, edit, share or delete it. Clicking an item or group of items lets you delete, share or organize them.

Tap the big red action button in the bottom right and you get a list of the different types of items stored by LastPass, including passport numbers, drivers' license numbers, addresses and payment cards. You can create custom item types and new folders.

The second section is dedicated to your passwords. In category-specific sections such as this one, the action button automatically creates a new item instead listing categories.

(Image credit: LastPass)

Other sections are for notes, addresses, payment cards and bank accounts. All have distinct icons for items along with color coding, so it's easy to tell which section you are in. The new-item entry screens are contextual, displaying only the fields you need for that type of item plus an option to add an attachment.

LastPass: Desktop secondary sections

The first of the secondary sections, Security Dashboard, reviews your passwords for any compromised, weak, reused or old ones and checks if any of your email addresses came up in online data breaches.

Here you can find LastPass' Auto-Change Password option, which lets you change a password with a single click. (It's also available on the edit screen for any password from a supported site.)

The caveat is that Auto-Password Change is supported on only about 75 websites. Dashlane's rival Password Changer feature covers nearly 500 websites and can change them all at once, but LastPass' list has a better selection of sites, including Amazon, Dropbox, Facebook, Gmail and Twitter.

Unfortunately, Auto-Password Change is no longer being developed or supported, a LastPass spokesperson told us. But it still seems to function for now.

The Sharing Center lets you share any item in your LastPass vault with another LastPass user, free or paid. But if you change the password you will need to share it again, as items don't stay in sync permanently.

Oddly, Sharing Center's viewport defaults to the Manage Shared Folders tab for Families users. Other users must manually select the other two tabs. The action button creates new items to share, of course, but it pulls up a scrolling alphabetical list that is far less convenient than just finding an item's icon.

Emergency Access, increasingly common among password managers, lets you designate another registered LastPass user as a trusted person who can access to your LastPass account if you can't. You also dictate how long the trusted person must wait after requesting access to your account, ranging from immediately to 30 days. If you regain access to your account during the wait time, you can deny the request.

The LastPass browser extension lets you access most features, and the password for the site you're on is always listed first. The extension can access all the data stored in your vault, add new items and generate passwords. It packs a lot of functionality into a pretty small space that can get kind of cluttered, so if I were doing anything more than a quick add or search, I would just open the full LastPass web interface.

LastPass mobile apps

Much as on the desktop, little has changed visually for the Android and iOS LastPass apps. The design is clean and intuitive, and the apps very closely resemble the desktop experience.

The functions from the LastPass desktop interface are mostly mirrored on the mobile apps, so you aren't losing anything significant. Support for auto-filling passwords, addresses and credit cards is available on both Android and iOS and worked reliably for me.

(Image credit: LastPass)

The default view on the mobile apps is all your items, with a search icon in the upper right that goes through everything in your vault. The red action button on the bottom right is not contextual and will always pull up the full list of potential items to add.

(Image credit: LastPass)

Both mobile apps let you use your fingerprint, if your device has a fingerprint reader, as well as a PIN to unlock the app. Face ID is supported on iOS, and Face Unlock on Pixel 4 phones, but no other Android facial-recognition systems can unlock the LastPass app.

The mobile apps don't have the sorting and display options on the desktop, but the list view with a corresponding website logo/icon to the left is a nice compromise.

The LastPass Browser is unique to the mobile apps. This was formerly the only way to use the full form-filling features, and you'll need it if you don't yet have Android 8.0 or iOS 12.

The security section on mobile contains the password generator, emergency access and the security challenge. These all work precisely as they do on the desktop.

LastPass: Security

LastPass uses the same powerful AES-256 encryption as most other password managers. Your data is only ever unencrypted on your device, only after you have entered your master password. Even if your data were to be somehow compromised on the LastPass servers, it would be useless to a hacker.

(Image credit: LastPass)

LastPass has achieved Service Organization Controls (SOC) 2 compliance as defined by the American Institute of Certified Public Accountants. This means that it meets five trust service principles when storing customer information online: security, availability, processing integrity, confidentiality and privacy.

Compliance with (SOC) 2 is a make-or-break issue for some businesses and governmental agencies. To a consumer, it means LastPass thoroughly documents its security policies and procedures and must undergo audits.

All LastPass users have several two-factor authentication options. Free users can use authenticator apps such as like LastPass Authenticator, Google Authenticator, Microsoft Authenticator, Toopher, Duo Security or Transakt, which are safer to use than the standard SMS-transmitted second-factor codes. There's also LastPass Grid, a chart that you can generate and print out to generate codes manually.

Premium subscribers also get to use a hardware authenticator such as a YubiKey or a fingerprint sensor or smart-card reader. It's not certain if LastPass Sesame will still work.

LastPass review: Bottom line

LastPass is clearly the best choice among the best password managers. The strong experience across platforms makes LastPass a no-brainer for anyone willing to pay for a password manager. 

However, it's facing price pressure as cheaper options like Bitwarden and RoboForm match most of LastPass' functions, and the especially price-conscious may go for the former company's free plan. But for groups, LastPass Families is a fantastic deal at $48 for up to six users.

Dashlane remains a powerful high-end option, but I just can't see anyone paying $60 per year for it unless there is a specific unique Dashlane feature they want. For pure password management, LastPass can't be beat.

UPDATED with removal of LastPass Free recommendation and clarification that Auto-Password Change was no longer being developed. This review was originally published June 22, 2020.