LastPass Password Manager Review

How much is LastPass?

LastPass offers a free version of their application which is a great solution for a single user.  A free account allows users to store unlimited passwords, password auto-generation, secure storage of notes, 2-factor authentication and access across multiple devices (which was not previously offered in the free version) including your computer, phone and tablet device.

For home-based users the free account with LastPass is fantastic.  For small to medium businesses then a paid plan is recommended as this allows password credentials to be securely shared between users, includes better support should you run into a problem, and allows you to grant emergency access to other individuals should something happen to you.

LastPass offers a variety of options for teams and small to medium businesses.  Here is a summary of their offerings and the current pricing.  For small based teams then the family action would also be worth considering as an option.

Which operating systems does LastPass support?

LastPass supports Windows, Apple, Linux and the Chrome OS operating systems, which means that it can easily be set up on multiple devices, regardless of the operating system used.

LastPass is accessible remotely

LastPass has a convenient to use app for iOS, android, windows and blackberry devices.  This means that you can always access your passwords wherever you are on your phone or tablet device and use the auto-fill function to login to websites with less hassle.

Auto-generation of strong passwords

Like most password management applications, LastPass allows you to auto-generate passwords.  It allows users to select their preferred password length, use of capitalisation or special characters and the overall level of difficulty and memorability.

LastPass will also notify if one of your passwords is breached and regularly audits your account and informs you of weak, old or duplicate password entries.

Auto-fill your passwords securely within the browser

LastPass has browser extensions for Chrome, Firefox, Safari, Opera and Explorer.  When you land on a site, LastPass will display a small, transparent logo to the side of the entry box, allowing you to quickly login within a couple of clicks.

Auto-fill options for forms

LastPass allows you to store and auto-fill more than just passwords.  You can also use its auto-fill function to automatically enter your name, address, phone and credit card details.  Multiple credentials can be stored, you can even create a home and work-based profile on the application.  This improves efficiency for both personal and business users, making things like website registration, online purchasing and organisation of travel reservations a breeze.

Is LastPass Secure?

LastPass uses the industry standard AES 256-bit encryption and salted hashes to secure your data from end-to-end.  This means that your data is encrypted before it leaves your device, in transit and at rest, protecting you your data from being intercepted by cyber-criminals.

This same encryption technology is implemented within our banking institutions and the military, so you can be assured that your data is secure.  LastPass also has a zero-knowledge, policy, which means that all the data in your vault is kept a secret, even from LastPass.  Your master password and encryption key are locally generated and are encrypted so that they’re only accessible to you.  LastPass regularly conducts security audits and penetration tests and releases transparent incident reports to its user-base.

That said LastPass has been at the centre of two major security breaches, one in 2011 and another in 2015.  No passwords were stolen but users email addresses, encrypted master passwords and master password hints were stolen.  This is one flaw of storing master passwords on the server, and the best way to combat this type of attack is to create a strong master password using the password generator and use two-factor authentication to ensure your data is kept secure.

Does LastPass support 2-Factor Authentication?

For extra security, LastPass allows you to set up 2-factor authentication with Google Authenticator, Transact and Yubikey (this last option is not available on LastPass’s free account).

Is LastPass a suitable management system for small to medium businesses?

LastPass allows you to securely share password credentials with other colleagues and group employees by project or department to speed up password management.  For sensitive information, you can also select to hide the credential information and only allow auto-fill, so that if an employee leaves the organisation they are not aware of the credentials.  LastPass also allows administrators to see how and where information is being accessed by employees, monitor password changes and revoke access if required.

LastPass also allows you to share encrypted passwords via email with external contractors.  However, there is some doubt cast on the security of this practice so we advise against using this feature.

How easy is LastPass to setup?

Setting up LastPass is straight forward.  Upon installation LastPass allows you to import passwords from other password management system, or from the web browser (we’ve discussed on a previous blog on why storing your passwords in the browser can put you at risk of a security breach).  If you install the browser extensions LastPass will prompt you to save your password as your login to different websites.

Does LastPass give you much control over the way passwords are organised?

The LastPass interface organises your passwords visually in tile form, which is visually appealing and promotes ease of use.  It allows you to easily organise passwords into different folders, which is much cleaner than the tag-based systems used by other password management systems.  The folders can also be expanded and collapsed, which keeps things tidy even when there are lots of entries stored in the vault.

How responsive is LastPass’s support?

There is no phone or online chat available for LastPass and their response to emails is very slow according to other users.  If you’re looking for an immediate answer you’ll have to rely on their community forum.  If you want more support from LastPass then you’ll have to sign up for one of their enterprise-based plans which provides you with a dedicated account manager.

Conclusions

LastPass’s free account offers just about everything you need as a single user, and is far better than any of the free plans offered by other password management systems we reviewed – namely, 1PasswordDashlane and PassPortal.

If you are a business customer then LastPass offers a number of different plans to suit businesses large and small.  It’s fully featured admin control panel and the ease with which is lets you securely share passwords with other employees makes this an attractive solution for business.

Concerns have been raised regarding the data breaches of LastPass on record.  However, during these attacks cyber-criminals were unable to access any useful data due to the encryption techniques employed by LastPass.  LastPass exceeds the standards for safe storage of password credentials and the main learning from these breaches is for users to ensure that their master password is difficult to guess and unique from all other passwords in use.  Users concerned about security should also take advantage of LastPass’s 2-factor authentication options in order to protect their data further.

Despite its poor customer support, LastPass offers some great features and ranks among the best password management systems for it’s ease of use and security.

It gets our tick of approval, however, if you would like to read more about some of the other password management systems on the market then check out our reviews on the 1PasswordDashlane and PassPortal password management systems and decide which one is going to be the best fit for you.