LastPass is one of the most popular online password managers, with reports it’s super easy to use, has a really strong password generator, and that it pretty much does things automatically, saving you a lot of headache. It has quite a few cool features – a customizable password generator, a password security analysis and browser extensions for almost every browser out there.
|LastPass Features Overview|
|Multi-device sync||Yes - paid|
|Backup and recovery||No|
|Mobile apps available||Yes - Android, iOS, Windows|
|Browser extensions||Chrome, Firefox, Linux, Safari, Internet Explorer, Microsoft Edge|
It’s pretty versatile, with browser extensions for Mac, Windows, Linux, Chrome, Firefox, Safari – and even Internet Explorer, Opera and Microsoft Edge! That’s pretty impressive, and really gives users with not-so-popular browser choices the chance to use LastPass too. Otherwise, it has dedicated apps for Windows, iOS and Android.
LastPass doesn’t amaze you with the features on offer – instead, it has a nice variety of features to keep your details secure – a place to store credit cards and financial logins, bank account details, up to 1GB of secure documents and secure notes storage, unlimited password sharing and even contacts soring. It also has a labeling system to help categorise these, which I personally found confusing, and so didn’t use. Because I didn’t use the labeling, things became even more confusing when I went to the ‘All Items’ in the vault –
That's a lot of options!
…but at least it looks nice, and it’s actually pretty easy to work out what is what (obviously, you know a Visa is a credit card, and Chase is a bank).
LastPass has several pricing plans, going from Premium (an individual user), to Families, Teams and Enterprise. On all plans except Premium, users get access to an admin dashboard, group management and customer support, and I feel that dashboard might make finding things easier.
As you can see in the screenshot, the ‘secure storage’ options comes split into several types of secure storage – Passwords, Notes, Addresses, Payment Cards and Bank Accounts. It’s nice that LastPass separate these, but is it really necessary?
If you want to add an item, things get even more complicated…
Wow. Where do I even start here?
I understand some of these types of documents or sensitive data that you might like to store – driver’s license, passport, social security number – but really? Memberships? Instant messenger? WiFi password? I highly doubt anyone would be attracted to LastPass based on these very detailed secure storage options.
Another thing about the vault – it’s easy to use BUT some items are pretty hidden or difficult to locate: I kept checking back to the list of features I’d been promised LastPass has, and what I could see in my vault – where was the multi-factor authentication, for example? I had no idea. I searched for it – and nothing.
Then I clicked on ‘Account options’, and found it hidden in the menu there:
Alongside the trusted devices and other features.
It’s a shame it’s so hidden away, because LastPass’ multi-factor authentication is a huge deal: there are so many options(it beats competitors like 1Password hands down here):
And enabling as many multi-factor authentications as I wanted was easy – I just clicked each one, set the rules, and it was set up:
As a result, any time I added a device, it went to the Trusted Devices section (see above, in the screenshot). LastPass did warn me that when using a trusted device, I wouldn’t be asked for my master password, and that any trusted device only remains ‘trusted’ for 30 days, after which you need to register it as trusted again. That’s always good to know, in case a device gets lost or stolen, for example.
LastPass’ Account Settings had some strange options I’d never heard of before – Never URLs, Equivalent Domains and URL Rules.
- Never URLs allow you to add a website that you don’t want LastPass to take any action on – perhaps something you’d like to keep secret.
- Equivalent Domains allows you to set up domains which LastPass knows are the equivalent of the URL that it took your password from:
(I’d recommend checking through the equivalent domains listed, as I know that – for example – my Skype password is very different to my Bing one!)
- URL Rules allows you to set up the rules for those equivalent domains – if, as I suggested above, you don’t want LastPass to us the same login for two separate domains, you can change its actions here:
LastPass’ Security Challenge analyzes your email and your password to detect against any breach, and it’s pretty thorough.
First, it tests your email address for security breaches:
Then it shows you your passwords’ security score, and gives you recommendations to strengthen these:
It’s really easy to use, and is probably one of the best, easiest to use password strength reports and generators. It’s not as great as Dashlane’s one-click multi-change all-in-one generator, but it comes a close second.
This isn’t a standard password manager feature – but at LastPass, you can set up as many emergency contact access for your account in case you forget your master password, and accept emergency contact access for other users’ accounts too.
It’s incredibly easy to set up – just click the ‘Add Emergency Contact’ button, enter the contact’s email address and the time limit before granting emergency access.
Overall, these extra features are well thought out, and even pretty useful – but I don’t know why they had to be so hidden that I couldn’t find them!
Plans and Pricing
LastPass offers two tiers of plan: Personal and Business.
But that’s not the whole story: in the “Personal’ plan, it offers two more options – Premium and Families. Under ‘Business’, it offers a plan for Teams and a plan for Enterprise.
‘Premium’ is for individual use; ‘family’ is for up to 6 users; ‘Teams’ are for 5-50 users and ‘Enterprise’ are for 5+ users…
I think, for individual users, the Premium plan definitely has all you might need – the security challenge feature is included, as is the emergency access and 1GB of encrypted file storage. I think you’d only really need the Family plan if you really want to have a vault for each family member, because otherwise, the Premium plan has password sharing and can save and fill unlimited passwords.
The real differences between the plans are when it comes to the Team or Enterprise plan – both the dashboard and the reporting could come in handy for employers looking to keep their data secure – here’s what’s included in the Teams plan –
…and here’s what’s included in the Enterprise plan –
Both of these are great assets to have for business users, although I’m not certain how much larger teams or would need the other features – API access and dedicated customer support (which I’ll get on to shortly).
Ease of Use and Setup
Downloading and installing LastPass was pretty much a one-click installation.
Once the program had installed, I was asked to install the browser extension for the browser (or browsers) that I wanted to import passwords from – it was actually pretty clever: LastPass detected the browsers I had on my system –
And then asked which browsers I wanted extensions to be installed for.
I opted from Chrome. And then this appeared:
That’s very clever, and quite an impressive experience – after reviewing so many password managers, I think this is the first time I’ve seen instructions for creating a master password that’s this in-depth!
After entering the master password, this popped up –
I chose Google, and it took me through the Google authentication…and then asked me if I’d like to save my first password:
It turns out that LastPass is pretty much just a browser extension, which you use to login with your master password, and to go to your vault – kind of like your dashboard, but more simple.
It’s a very clean interface, and even has a search bar for you to search anything you’ve saved –
So far, so good…except was I really going to have to add all of my passwords one by one? I couldn’t find the import function anywhere. I eventually had to search LastPass’ FAQs, and found that there were several ways to import passwords:
...but no auto-import function, unlike LastPass’ closest rival, Dashlane, which imports all of your passwords without even asking you. This is a bit disappointing from LastPass, even if the browser extension managed to import most of passwords. What if I had multiple browsers with multiple different passwords on them?
Other than that, the vault is very easy to use, and I really liked the search function, as it saved a lot of time I would have spent looking around for bank details and specific passwords.
If you’re not so tech-savvy, I think you’ll be able to easily install LastPass, and get it set up… but actually importing your passwords – via CSV, or from another password manager – could confuse you. Importing them via browser extension will definitely be the easiest way to do it.
As for the mobile app, while I was prevented from taking a screenshot, upon trying to sign in, I received an email asking to confirm I was actually trying to sign in to my LastPass account from an unrecognized device.
Once signed in (and I’d confirmed my identity), LastPass takes it all from there: asking if you’d like to autofill all of your passwords from your account onto the app, and adding them to your existing list of passwords.
The app itself looks exactly like the web version and browser extension, with options for passwords, secure notes, addresses, a secure browser (this is just for the app) and sharing center. It shortens the millions of secure information options I mentioned above to just ‘payment cards’ and ‘bank account’, which isn’t a bad thing.
I’d say it’s very easy to use and setup, and I liked that it imported my device’s passwords automatically – which Dashlane or Zoho Vault, its two closest rivals, didn’t.
As I mentioned above, logging in to LastPass can be as difficult a process as you make it: you can set up as many two-factor authentication options as you like from the vault’s account settings menu.
LastPass utilizes AES-256 encryption to secure your data, transferred over SSL encryption. But, doesn’t actually store your information itself – it’s a zero-knowledge provider, meaning that only you (and anyone else you care to share it with) have access to your master password.
LastPass won’t ever store it on their servers or ask you for it, and if you’re locked out of your account (and don’t have emergency contact access setup), then your data is gone forever. I think that’s pretty reassuring, especially in case of a hack on either your device, or on the LastPass servers.
Otherwise, the other security features include the security challenge I described earlier, which – the more I think about it – the more useful it is.
Here’s where LastPass disappointed me, more than any other password manager I’ve reviewed.
Their support system is a mess. Firstly, there was absolutely nowhere that I could find the support button in the vault or browser extension –
…and this only led me to a forum:
I searched ‘how do I contact support?’ and this is what I saw:
While it’s useful to make users search for their answer before contacting support with the same questions each and every time, from a customer-service perspective, that’s just not cool. That’s not how you should be treating paying customers, LastPass. If I want to know something, I want to know it ASAP.
Once I got to the customer support page, I saw this:
So – even though I’m a paying customer, I still have to wait for ticket support? There’s no live chat, or email support, even?
Apparently, Premium users receive responses quicker than free plan users. I liked that they provided me with a tracking link to track the status of my request –
and it took 3 days for them to get back to me – which isn’t good at all. I wondered how long it would take free users, if 3 days is considered ‘Premium’ answering speed.
Even worse – LastPass has absolutely no refund policy, which they don’t mention anywhere on the site.
Pretty much every other password manager I’ve reviewed and read about has some form of money-back guarantee, which is clearly explained on the site. In this case, LastPass is less than perfect – having a ‘no refund’ policy is just not good customer service. If that’s something important to you, I’d recommend LastPass’ closest rival – Dashlane, who refunded me payment the same day I asked for it.
Otherwise, LastPass’ site can be accessed in several languages –
…the support specifically asks you to write your request in English – so good luck to you if your written English isn’t that good.