Skip to main content

LastPass Password Manager Review: Best Free Tier

LastPass has tripled its price, but the service is still one of the best bargains in password management.

LastPass logo
Editor's Choice

Our Verdict

LastPass has tripled its premium price, but its free service is still one of the best bargains in password management.

For

  • Feature-rich free version
  • Extensive two-factor-authentication options
  • Solid and consistent design across platforms

Against

  • Stand-alone desktop app poor and only on Mac

[Updated with Google Pixel 4 facial-recognition support and expanded features for LastPass Pocket. This review was originally published Dec. 18, 2017.]

LastPass is the biggest name in password management. There's some strong competition out there, but it's still easy to see how LastPass stays on top. The service strikes an excellent balance of providing many features without overwhelming the user with options, and the software is intuitive and fast across numerous supported platforms.

At $36 per year, a price that was introduced in early 2019, LastPass Premium is approaching the high end on pricing. (In 2016, LastPass Premium was just $12 per year.) 

Many users will find that they can get by with LastPass' free tier, which, remarkably, supports syncing across all of a user's devices. However, people willing to pay $60 per year may want to check out Dashlane, which matches LastPass on features and adds a few unique ones of its own.

LastPass costs and what's covered

LastPass offers the most feature-rich free service of any password manager we tested. The big difference is that you can sync your passwords and data across all your devices for nothing. That's a feature you'll have to pay for with every other freemium password manager.

LastPass free users also get unlimited passwords, a password generator, secure note storage, one-to-one sharing and a "challenge" to test their own security situations. For many users, LastPass Free will be enough.

LastPass Premium costs $36 a year for a single user, or $48 a year for a family plan that supports up to six users. Premium brings with it 1GB of encrypted file storage, credential storage for desktop applications, priority tech support, advanced two-factor authentication options (including hardware keys), emergency access and one-to-many sharing. 

The Family plan adds a management dashboard and unlimited shared folders to the rest of the Premium features.

The service can pull data from dozens of browsers and services.

LastPass supports Windows Vista and above, Mac OS X 10.7 Lion and up, the most common distributions of Linux and Chrome OS. Supported browsers include Microsoft Internet Explorer, Microsoft Edge, Mozilla Firefox, Apple Safari, Google Chrome, Opera and Maxthon.

On mobile devices, LastPass is available for iOS 5.1 and above, Android 2.3 and up, and Windows Phone 7.1 and beyond. You can download old versions of LastPass for BlackBerry, Symbian and webOS.

For users who would rather not have the passwords flung across the internet, even in encrypted form, LastPass Pocket for Windows and Linux lets you use LastPass locally or even carry the entire program on a USB drive.

For this review, we used LastPass on a laptop running Windows 10 and macOS 10.12 Sierra, an iPad Pro 12.9, a Samsung Galaxy S8+, and a Google Pixel. Google Chrome was our primary browser across all platforms, but we also tested with Safari on macOS and iOS.

LastPass setup

There are a few different ways to set up LastPass on the desktop. If you stick to a single browser, then simply installing the LastPass extension in that browser will be sufficient. 

But if you switch up your browsers occasionally, then it would be faster to download the universal binary from the LastPass website. This will simultaneously install the extension across all supported browsers on your system.

The two exceptions to this rule are the Microsoft Edge LastPass browser extension, which can be found only in the Microsoft Store, and the LastPass for Mac standalone application, which you can download from the App Store.

Regardless of which option you select, your first task is going to be selecting a master password. This password isn't stored by LastPass, so it is the one password you will still need to remember.

However, in the event that you do forget your master password, LastPass gives you a few options to reset it and keep your account. You have the option to create a password reminder or to ask LastPass to save a phone number to which the service can send an account-recovery SMS. 

Finally, there is a one-time recovery password for any browser on which you have previously used LastPass; triggering account-recovery mode will give you a recovery password you can use to reset your master password.

The mobile apps for Android, iOS and Windows Phone are all available in their respective app stores. After installing each for the first time, you will be prompted to log in using your master password. But after that initial login, you can switch to either a PIN or a biometric login, such as your face or your fingerprint, to save time in the future.

If you were using either the built-in password management in one of your browsers or a competing password manager, you'll want to import your existing information into LastPass. 

The service can pull data from dozens of browsers and services as well as CSV files, so regardless of what you were using previously, you should be able to bring that data over. The service will even attempt to categorize your passwords from some services, saving you a tremendous amount of time.

MORE: 10 Worst Data Breaches of All Time

LastPass on the desktop

For most people, using LastPass on the desktop is going to mean using the browser extension or the website interface. But LastPass Pocket does provide a somewhat primitive stand-alone desktop application for Windows or Linux.

Mac users also have the option of installing stand-alone LastPass desktop software, but I would advise against it. The design of the application is sparse and more confusing to navigate than what you'll find on the web option. The lone advantage of the Mac stand-alone application is Touch ID fingerprint-login support for MacBook Pros, but it's not worth the trade-off.

Whether you use the LastPass browser extension or directly log in to the LastPass website with your master password; either way, the interfaces are identical.

The web interface features a familiar-feeling modern design. A left-hand column breaks out all of the major sections, and relevant content displays on the right as either a grid or a list. This is true whether you use the LastPass browser extension or directly log in to the LastPass website with your master password; either way, the interfaces are identical, with only the URLs differing.

By default, you view all of the data in your vault at once. If you know what you are looking for, the prominent search bar at the top of the screen is going to be your fastest option to find it. However, there is an abundance of filtering tools if you aren't quite sure what you need.

When possible, each set of login credentials picks up the logo for the site with which it is associated, which helps when you're scrolling through your long list of passwords. 

Other sections, such as credit-card numbers, rely on color coding that you select. This is helpful, but it's a step down from the best of these implementations, such as Dashlane's, which displays a reasonable copy of the card itself.

The red button in the lower-right corner of the screen lets you add a new item to any section of the LastPass interface, regardless of where you are on the site. If you hover your cursor over this button, a secondary button will appear to give you the option of creating a new folder.

I found it odd that this button doesn't operate contextually. For instance, it could instead automatically assume you are going to add a payment card if you are in the Payment Cards section of the interface. But perhaps this apparent oversight is a deliberate choice to make sure users can always add any new item without having to return to the home screen.

The Security Challenge in LastPass reviews your existing passwords, provides you with an overall score and warns you about passwords that are insecure. This can apply to a variety of types of passwords, including duplicate, compromised, weak and old passwords.

LastPass offers an option similar to Dashlane's Password Changer, which will change your passwords on multiple online accounts with a single click. This is a handy option to have in the event of a massive data breach. 

The feature is considerably more scaled back on LastPass, with only about 80 compatible sites as opposed to more than 500 on Dashlane, but it is sure to expand in the future. For passwords with websites not covered by the password changer, you simply need to go to the site and change the password using the standard LastPass Password Generator.

The Sharing Center is where you identify passwords that you want to share with other LastPass users, who need to have LastPass accounts of their own. When sharing a password, you can choose whether the recipient is able to actually view the password or must simply use the login blind.

LastPass Family users are able to share passwords with other registered family members via shared folders. You simply create the folder; specify, for each user, if they have administrator, read-only or no access to the folder's contents; and then return to the main passwords screen and drop the relevant passwords into that folder. Any changes made to shared passwords are synced up to the accounts that they have been shared with.

Emergency Access lets you establish friends or family members with whom you would like to share access to your vault if you should be incapacitated for any reason. You select the individuals along with an amount of time that each would have to wait to receive access to your account, which can vary from no wait to a full month. If you do not deny the request before the allotted time is up, then that person gets joint access to your account.

LastPass Family subscribers get one additional section, in which the family manager invites each new member to the family. The rest of the family functionality is handled within the previously covered sharing section.

LastPass mobile apps

The mobile apps on both Android and iOS share most of the features and design of the desktop browser interface. But you do lose a few features, among them the ability to change multiple passwords at once.

The iOS app breaks slightly from the navigation used by the desktop-browser interface and Android app; it adds a second navigation bar at the bottom of the screen to move among your vault, the built-in LastPass browser, Security and Settings. 

You can log in with Face ID on an iPhone X, and with Touch ID on any iPhone that supports it.

The iOS app also moves the button for adding new items to your vault to the top right from the bottom right. It also supports iOS 12's automatic form-filling feature.

The Android app, on the other hand, mirrors the design of the browser interface almost identically, which makes for an easy transition from desktop to mobile. Users of Android 8 Oreo and Android 9 Pie can take full advantage of form- and password-filling functions. Fingerprint recognition is supported on all phones that have it, and LastPass also supports the Google Pixel 4's facial recognition.

LastPass security

Like many newer password managers, LastPass stores your data on its own servers in the cloud as well as on your device. This makes syncing among various devices easy and convenient, but it does create a greater risk that the data could be compromised.

Fortunately, LastPass secures your data with AES-256-bit encryption and salted hashes. Your data is encrypted and decrypted on your device, so the data stored with LastPass is in a readable state only on your device(s).

Two-factor authentication is available to both free and premium users of LastPass. The free options include software tools such as LastPass Authenticator, Duo Security Authentication, Google Authenticator, Transakt Authentication and Grid Multifactor Authentication.

Premium subscribers gain hardware two-factor options like Fingerprint Authentication (via Windows Biometric Framework), Yubikey Multifactor Authentication and Sesame Multifactor Authentication. 

Yubikey NFC-based authentication is supported on iOS as well as Android. LastPass added support for the Yubikey 5 series of security keys in September 2018, and support for the iPhone-friendly Yubikey 5ci in August 2019.

Another convenient and rather rare option offered by LastPass is LastPass Portable, which lets you install a portable Chrome or Firefox browser with the LastPass extension on a USB drive. That lets you use the service on a public or shared computer that doesn't allow for the installation of the LastPass browser extension.

Perhaps even better is LastPass Pocket, which puts a stand-alone Windows or Linux LastPass application, complete with its own credentials vault, on a USB stick. More recently, this was extended to create a stand-alone desktop application for those two platforms.

This will sync with your locally cached LastPass browser extension when plugged into your PC, but can also be run straight from the USB drive. This procedure may be a bit clunky, but it lets you sync your passwords among your various computers (if not mobile devices) without putting your data online.

  • The best VPN services for staying anonymous online

LastPass: Bottom line

LastPass continues to lead the pack in password management, thanks to its robust free version and relatively inexpensive premium upgrade. The app hits all of the major use cases for a password manager; the core functionality works flawlessly, and extras such as form filling, secure file storage and the security auditing are all among the best in class.

Strong cross-platform and two-factor authentication support further help sell the app as the best recommendation for most users. For those seeking a bit extra — and willing to pay quite a bit extra — we can recommend Dashlane.

Image Credit: LastPass

  • fizzgigg55123
    Am I missing something here? Search the Windows Store and you'll find both an Edge extension and a Windows App for Lastpass.

    10/10!!!
    Reply
  • dan818
    I have been using RofoForm to Go for many years. I like the fact that my passwords are stored on a USB flash drive that I control. They have stopped supporting the USB Flash Drive Version so I am considering other alternatives. Where does Lastpass store the passwords? A lot of data bases are getting hacked these days.
    Reply
  • SumTingW0ng
    18306975 said:
    LastPass has great free features, unlimited password storage and affordable upgrades that allow synchronization across multiple devices and platforms.

    LastPass Password Manager Review : Read more

    I would not use it, even they giving me a free lifetime license key.

    My account info is written on a paper so that way ONLY ME can know it and more secure as well.
    Reply
  • saraneth
    Keepass does indeed have an addon/extension for chrome and firefox. I was using it for years but now have switched over to lastpass for the convenience.
    Reply
  • rxtols
    Edge extension does not work well-opens a new tab every time Edge is launched - annoying. Does not always autofill user ID and passwords. Tech support is very poor - only email, no phone or chat. Generally, they only send one email a day, so if you have to go back and forth, it can take weeks to resolve an issue. Works well with IE11.
    Reply
  • a.noctis
    Since Edge built-in feature imports bookmarks but not passwords from Chrome (despite it should do it), I am trying to find a way to import them all at once.

    Can I use "last pass" to import all passwords and then unistall it?
    Reply
  • theresiavid
    Don't use any password manager, the best password manager is a few sheets of paper under your bed or somewhere
    Reply
  • markajv65
    I have been using Lastpass with no problems, on a pc, with Chrome intagration tion. For years. But with Android it sucks so bad! If you try logging in on a browser there is no integration with browsers as Chrome has no android extensions. So you can either use the app, which throws itself in your face on every page you go on, but to use it you need to constantly keep logging in. It does not stay logged in at all. The same goes for signing in on the web based page. I spend more time logging back in with my Lastpass credentials than I would if I just had a written list of all my sites and their logins. After my subscription is up I am not renewing.
    Reply
  • MeOhMyOh
    People looking to use their own storage clouds should consider enpass. They charge per app version, I paid $12 for the Android version. The desktop version is freemium, so you can pay more for a few bells and whistles, but the basic functionality is enough.

    You can also opt for keepass, since it's completely free and has an amazing feature set, and developer community. It can also sync to third party public and private clouds, and there are plugins for almost any need or use case you can imagine. The problem is that it's a bit of a science experiment. There could be a lot of setup time, and it could be a challenge for those non-technical folk. I'm a techie, but I have simple needs and did not want to put in the time to get keepass working for me. YMMV.
    Reply
  • bsc249
    Oh sweet mother of pearl, what have they done to this app...

    I read many reviews about these apps and basically it came down to Lastpass for the family functionality. As one person said earlier, I have no problems on my pc with this app. If you are ONLY going to use this at home on a pc, go for it. However, the good times end right there!

    On my android, its OK. On my wifes iPhone Xr, its dog poo! Right now I'm battling through duplicates. It has happened TWICE on her phone and I don't know why. So yes, I have 4 of every site on her phone... that's 4 for all her sites AND 4 for all my sites!!! That's just one issue with the app, the other most relevant issue is that even though I have made her an administrator, had her accept the admin invite, set her delay time to zero, logged out, logged in, refreshed, reloaded everything - SHE STILL DOES NOT HAVE PERMISSION TO COPY A PASSWORD!

    The worst part, their support is practically non-existent! No way to call anyone, you can only email support AFTER going through their NEW FAQ support site - and its terriible!!! They use something called LogMeIn and it is just AWEFUL! They rarely have the question your looking for and the info the do have is out of some top secret manual only they see and they use the idex as a FAQ section... LogMeIn is Just Terrible! I've tried twice to get help in the past month and have yet to receive an answer or a reply other than the generic email "we received your question"

    Oh wait, your smart though. You think I'll use a search engine and peruse the search results to find a link to answer your question - ha ha ha ha ha ha ha!!!! Most of those now default to the main page for their new FAQ crappy LogMeIn support site.

    Its just mind bending how BAD their support is.

    Please don't make the same mistake I did, Don't use this service.
    Reply