After we tested several cloud-based password managers, LastPass emerged as the top choice. It offers an intuitive interface for both computers and mobile devices, support for all major browsers and operating systems, optional two-factor authentication, storage of personal details and ID cards, and a dizzying array of installation options.
We also like the low price of $12 per year for a premium subscription, and the fact that the free version now lets you sync your passwords across an unlimited number of devices. [LastPass has patched a security flaw that threatened the password safety on web browsers.]
Some users may be turned off by the lack of a desktop application, as LastPass primarily exists as a web-browser extension. But we were impressed by the ease with which LastPass synced across our Windows, Mac, iOS, Android and even Linux devices. The service's flexibility and convenience, and the affordability of the premium version, make LastPass the password manager to beat.
Costs and What's Covered
LastPass' free version gives you unlimited password storage and sharing options, and now you can also sync among all your devices. (Previously, the free version let you sync only among devices of the same category — only desktops, only tablets or only smartphones.) LastPass Premium, which you can try free for 60 days, adds enhanced password-sharing options, storage of desktop-application passwords and support for physical authentication devices, such as a YubiKey, for $12 a year.
We tested the LastPass extension for Google Chrome on Windows 8, Windows 10 and Mac OS X 10.11 El Capitan, but there are also extensions for Mozilla Firefox, Apple Safari, Microsoft Edge, Microsoft Internet Explorer and Opera running on Windows, Mac and Linux.
Because it's so browser-centric, LastPass doesn't state which versions of a desktop operating system it supports. Rather, its minimum requirements are Internet Explorer 11, Firefox 2.0, Chrome 18, Safari 5 or Opera 11, some of which run on Windows XP and older versions of Mac OS X. (The Edge extension is available from the online Windows Store and requires the Windows 10 Anniversary Update.)
The LastPass mobile app's minimum requirements are iOS 6, Android 2.2 Froyo, Windows Phone 7.5, Microsoft Surface RT and, though it's no longer developed, the short-lived mobile Firefox OS. (You can download older LastPass apps for BlackBerry, Symbian and webOS.) There are also plugins for the Firefox Mobile and Dolphin browsers.
MORE: Best Password Managers
Installing LastPass on a desktop is a cinch. Each extension (except for the Edge one) downloads quickly from www.lastpass.com. You'll be prompted to create a LastPass account, grant permission for the browser extension to run and then create a master password.
It's very important to not lose or forget the master password, because you can't recover it. However, you can reset a lost master password from a computer on which you've already logged into LastPass. If you had changed the master password in the previous 90 days, you can revert to the previous master password. Otherwise, you'll have to wipe your account and start over.
On Windows, Mac and Linux, you can use a one-time universal installer to put the LastPass extension on all your browsers at once. For some browsers, you can choose whether an extension has "binary features," or app-like functions, including automatic logoffs and sharing of your login status with other browsers.
After installing the mobile app on a new device, you have to log in with your master password. But you don't have to type it in every time — instead, you can open the app on mobile devices using a PIN (minimum of four digits on Android, fixed length of six digits on iOS) or, if supported, a fingerprint.
It was simple to set up the PIN on an iPad Mini — we just went into the app's security settings and switched the "Use LastPass PIN Code" setting to on. It was just as easy to set up fingerprint logins on a Samsung Galaxy S6 and an iPhone 6s Plus. You can also set up LastPass fingerprint login on your Mac or Windows PC if it has a built-in or external fingerprint reader.
LastPass may not be the fanciest password manager, but it offers all the right features and executes them well.
For each device, desktop or mobile, you can set a default email account, enter your personal information for the form auto-fill feature, choose whether to log into websites automatically and control your logout/idle-time settings.
You can also customize different devices with unique security preferences. If, for example, other people are likely to use your desktop, but not your smartphone, you can make your LastPass desktop settings stricter so that others won't see your personal information.
LastPass on the Desktop
LastPass' snazzy red- and-gray interface has an updated, modern design that is as functional as it is intuitive.
The first time we opened our Vault — the database in which all the passwords and other items are stored — not only had all of our passwords already been imported from Google Chrome, but they had also been grouped into categories. The automatic categorization wasn't perfect, but re-categorizing a couple of passwords manually was a lot quicker than entering them all from scratch.
LastPass automatically captures passwords when you log into a website for the first time, and it automatically fills in login information for saved sites. When you visit a site for which you already have an account, LastPass asks you to enter the site's credentials within a pop-up login box so that the program can save them.
You can access your Vault in a couple different ways. First, you can click on the LastPass icon next to the address bar in your browser. Second, when LastPass is installed, a Vault shortcut is added to your desktop. Last, if you are a Mac user, you can download the LastPass app from the Mac App Store and pin the app to your taskbar.
Our only real complaint was the necessity of installing the LastPass browser extension on desktop browsers. You can view your Vault from any browser, but full LastPass access in Windows generally requires the browser extension. (Users of LastPass Premium also get to save passwords for desktop applications.)
To avoid this inconvenience, LastPass Premium users can use a version called LastPass IE Anywhere. Install it on a USB thumb drive and plug it into any of your Windows computers, and it will temporarily enable Internet Explorer with the LastPass extension.
To access LastPass on public or unprotected computers, there's LastPass Portable, which can be installed on a USB drive alongside the Firefox Portable and Chrome Portable browsers for Windows, Mac and Linux.
The LastPass Security Challenge analyzes all the passwords you have on file, then gives you a security score and notes which passwords are weak or duplicates. LastPass can generate unique passwords for you according to the length and character requirements you specify.
All LastPass account holders can securely share a password with someone else. Premium users, however, can create a "Family Folder" to share passwords with up to five other users. Password changes will be automatically reflected on other LastPass devices and accounts.
LastPass Mobile Apps
There wasn't much difference in functionality between the LastPass browser extensions and the mobile apps, although the iOS and Android apps differ somewhat in navigation schemes and settings options. We were able to view websites and passwords, and make changes to our Vault (which is the app's default screen), just as easily as on a laptop.
Being able to sync passwords between our laptop and Android smartphone was really helpful. Any changes you make in the LastPass mobile app will be reflected the next time you log in using a computer, and vice versa. (By default, the Android LastPass app won't let you take screenshots — a wise security decision —- but you can enable them if you'd like.)
The LastPass apps functions smoothly and is easy to use. Clicking the "+" icon on the Vault page of the app pops up options to add a form-fill profile, a secure note or a new website. You can view your saved passwords, click on each account to pull up options to manage it, or swipe left or right to such things as show or copy the password. There's even a built-in LastPass web browser for secure surfing, and most of the iOS app pages run in that browser.
Like most modern password managers, LastPass secures your passwords and other data with AES-256 encryption, which is virtually impossible to crack. Both the free and the premium versions have two-factor login authentication, including fingerprint access as a possible factor, although some solutions are available only to premium users.
Supported multi-factor authentication smartphone apps include Google Authenticator, Microsoft Authenticator, Authy and LastPass' own Authenticator, while supported hardware tokens include YubiKey and RSA SecurID. Check out the full list here.
You can also make your own hardware token by installing the LastPass Sesame software on a USB thumb drive. There's even an ingenious low-tech solution, LastPass Grid, which lets you log in using numbers from a mathematical chart that you've got to print out beforehand.
As with any password manager, you'll have to take some time to adjust to the specific functions and requirements of LastPass. Still, the platform worked really well. There wasn't one instance in which LastPass didn't do what it was supposed to do.
LastPass has an automatic form-fill feature, which instantly populates website form fields with your name, address, credit-card number and other details, and which we found to be quite handy. It's also a lot safer than letting a web browser save and play back those details.
LastPass can automatically log you into certain sites as soon as you open them — no typing required. It has to "personally" visit a website to set this up, but even so, you need not manually type in your information. Instead, you can click on the LastPass extension icon to choose the correct username and password from a list of those you've already entered. (Remember, though, that you shouldn't be using the same password across multiple sites.) While doing this may not be as fast as the automatic login, it's a one-time event that's quick.
If you decide to opt out of automatic login when browsing (and some security experts would argue that you should), LastPass still alerts you that you are visiting a website where you have an account.
Depending on how many accounts you have with a given website, a number will appear over the LastPass icon next to the browser's address bar, which is nice because this doesn't interrupt your browsing. Many password managers offer this feature, but others display it as an intrusive pop-up.
With a well-stocked free version, an affordable premium subscription and a host of useful extra features, LastPass was the most appealing option for password managers that we reviewed. You can store website login information, Wi-Fi passwords, and credit-card and address information, and the data will automatically sync among as many devices as you choose.
LastPass may not be the fanciest password manager — it doesn't have True Key's facial recognition, or Dashlane's ability to change hundreds of passwords at once — but it offers all the right features and executes them well. With convenient password-sharing abilities, unlimited password storage, granular settings options and seamless multidevice abilities, LastPass is a password manager that won't disappoint.