LastPass is one the most well-known password management software. But, can it live up its name? LastPass is under scrutiny in our LastPass review.
Furthermore, LastPass will also examine the History and Security to look for security issues that may have occurred in the past.
LastPass’s security is it still possible to trust with your data? Does LastPass remain the most trusted password manager or have its capabilities been surpassed by other providers?
To find out more, keep reading our LastPass review.
- Locally encrypted passwords
- Automatic sync between devices
- For new users, walkthroughs are built in
- Secure data encryption at rest as well as in transit
- Multiple-user or single account
- 1 GB encrypted storage (paid accounts).
- Supports 2FA
- Complies with GDPR
- External audits conducted by third parties
- Support personnel difficult to contact
- Low quality support even in priority areas
- Premium plan prices have seen a significant increase in the past
- United States
- Uses user data to collect and share it
- Can users be made to divulge their data
LastPass features summary
Below is a summary of LastPass’s features.
- Major browsers, Android, iOS, macOS and Android are all supported.
- Secure data encryption at rest as well as in transit
- Secure Password Generator
- Safe Password Sharing
- Reports & Analysis
- For Form Filling
- Support for multifactor authentication and 2FA
- Password Import/Export
- AES-256 and PKBDF2 Encryption
- Unencrypted File Storage
- Synchronize across all devices and browsers
- Emergency Access
- LastPass Authenticator
- LastPass to Apply
LastPass core functionality (available to free users only)
LastPass core features, those that you get in the paid version of the software. You are able to:
- Save passwords, security notes, addresses, and bank accounts.
- Securely sync passwords between your devices
- Register passwords and fill them in
- Secure password generator
- Two-factor authentication
- Security Challenge
- Share data in a one-toone manner
- LastPass authenticator
Note – I’ll discuss the different versions of LastPass later. Before we get started, I want you to have some information.
LastPass Company Information (Who owns LastPass?
LastPass began storing passwords worldwide in August 2008. LogMeIn, Inc. bought LastPass on October 15, 2015.
LogMeIn a publicly traded company based out of the United States. It is listed on NASDAQ and has over $1 billion in annual revenue. There is no reason to be concerned about the security of your data when it comes to smaller companies that have fewer employees or little revenue.
LogMeIn made an official announcement in December 2019 about its purchase by US private equity funds. From their Press Release
LogMeIn, Inc., one of the world’s leading providers of cloud-based connectivity, has announced that it has signed a definitive agreement, or the “Agreement”), to be acquired by Francisco Partners, a top technology-focused global private capital firm. The transaction will include Evergreen Coast Capital Corporation (“Evergreen”), Elliott Management Corporation’s private equity affiliate (“Elliott”), in exchange for $86.05 per cash share. LogMeIn has an equity total of $4.3billion.
It is a positive sign that LogMeIn acquired US venture capital funds. While time will show, this matches the pattern we have been witnessing of privacy services being sold off to diverse entities.
It is not surprising that this has happened, considering increasing worries about data protection, identity fraud and fraud, as well as other alarming statistics regarding cybersecurity. The growth is due to people spending more money on such services – see the LastPass review.
LastPass Terms of Services
LogMeIn has purchased LastPass. This LogMeIn document constitutes the Terms of Service. In that it includes all services, the generality of this document is impressive. This is also a dense piece of legalese. Let me tell you what I took away from it. I’m no lawyer.
The Terms of Service look pretty uniform. However, there is one thing that people could be suspicious of. According to the company:
In accordance with the applicable laws, we may cooperate with any local, national, or international authorities regarding the Services.
Due to the fact that the company is situated in the United States of America, which is an Five Eyes surveillance jurisdiction, your data can be accessed by several US agencies. LogMeIn is unable to decrypt encrypted data which means that your data may be accessible by other US agencies.
Although this isn’t unusual, it does affect secure service. ProtonMail, for example, was forced to meet lawful data requests. But, since emails are kept encrypted at rest it is impossible to gain any.
LastPass’ code, unlike Bitwarden is closed source. The company must confirm that it can not read any of your data or use backdoors to exploit them.
LastPass Privacy Statement
- Your device type
- Operating System Version
- The device UDID (Unique Device IDentifier)
- IP Address where you are connecting
- Local information
- Language options
- Diagnostic data
The data they collect is used for the operation of their services. However, it may be shared with third-parties or as required in law. This data collection is a concern. I recommend that you go to our Privacy Tool page for more information. In this respect, you might also want to consult our guides on secure web browsers or the most trusted VPN services.
LastPass and LogMeIn were subject to an audit by a third party. Tevora Business Solutions carried out the LastPass audit.
This audit, called ” SOC3(r) Reporting on Controls in a Service Organization“, was intended to verify that the company’s internal controls adhere to the Trust Service Principles set forth by AICPA. LogMeIn is required to provide evidence that their privacy, security and availability are in line with these principles. The audit revealed that LogMeIn’s Access Management System and Identity Management System had adequate controls.
To provide reasonable assurance LogMeIn IAM’s service and system commitments were met on the basis of the applicable trust criteria, effective from September 1, 2017 until August 31, 2018.
This data is useful in the sense that it informs us of third-party audits’ opinion that LogMeIn follows good internal procedures. But it’s important to remember that this type of audit is very different than those conducted for Bitwarden.
The Bitwarden audit was performed by security firm . This audit included whitebox penetration testing, source-code auditing and a cryptographic examination of Bitwarden’s codes and security against attackers. Cure53 has also audited VPN providers, including ExpressVPN.
An ideal company would regularly audit its operations for both internal and outside threats. Realistically speaking, though, an audit is still better than none. It would however be nice to set a higher standard in this area.
LastPass allows you to access a range of applications (clients), and extensions. They include extensions and apps for:
- Windows and Mac OS Desktop Applications
- Mobile apps available for Android and iOS (iPhones/iPads).
- Chrome, Firefox Firefox, Safari Internet Explorer Opera, Microsoft Edge, Opera and Chromium browsers.
LastPass Extensions and Apps can be seen here.
LastPass hand-on test and review
LastPass’s review focuses on the free (Personal). This plan will be enough for most. Next, we’ll discuss installing the LastPass extension and how it can be used on Brave.
LastPass installation and account creation
LastPass works just like any browser extension. You can install it through the website. When you have LastPass installed you will see a window that looks like this one. Click it to create an Account.
LastPass will take you through the entire signup process. Click on the create an account tab at the bottom. In order to create an account, you must enter valid email addresses. LastPass will send you an acknowledgment message. After you have replied to it you can start the account creation process.
LastPass: Adding your login credentials
LastPass has a lot of great features, including the ability to walk users through the process. Once LastPass has been set up, you’ll be able to access one. The LastPass account will allow you to save your first login credentials. It also lets you login using a third-party account. This takes just a minute and once you’re done you can enter your passwords.
You can simply login to websites as normal once the LastPass extension has been installed. LastPass may not have the site credentials stored. If it does, you will see a similar box to the one shown below. You can add them to the vault by clicking one button.
If you’re switching password managers and you don’t want to manually enter all passwords that you stored in another program, what do you do?
LastPass can load data from many different password managers. This can make the process a little more complicated. For more information on how to switch from another password manager to LastPass, please visit this.
Work with passwords
You can see your LastPass vault after you enter some login credentials.
LastPass allows you to hover your mouse above one of the items and displays all available options. The result is a neat and beautiful view of all the contents in your vault.
LastPass is not only used for passwords; it supports many other data types. You can use these types of data:
- Kreditkartes for payments
- Bank accounts
- Wi-Fi passwords
Every type’s vault entry has the appropriate fields. The Add bank Account example is shown below:
Let’s look at how to alter data that you have stored in the vault.
Editing your data
LastPass saves an encrypted copy of your vault on every device, as well as the one that is kept on their servers. This makes it possible to see your vault from anywhere, online or offline. You can’t edit the vault when you’re or online.
If you wish to modify the vault data (and you are online), click Open MY Vault under the LastPass extension. This will bring up your vault in an entirely new tab.
LastPass password manager in action
LastPass makes using stored passwords simple. LastPass will insert itself in the appropriate fields when you arrive at the login page.
LastPass will open a dialog box displaying the credentials that it holds for this page when you click on the icon. LastPass can be notified to insert the required data in fields that it is aware of.
Are you able to see the small number located in the lower-right corner? The number of LastPass logins for this page is indicated by that little number. LastPass will provide a listing of logins from which you can select if the number is greater than 1.
LastPass allows you generate secure passwords
If you use a password manager, it will allow you to create complex and long passwords. LastPass also includes a secure password generation tool that will help you to create complex and long passwords. It is easy to use: click on the extension then the Secure Password Option.
Here’s how your password generator looks:
You can set it to create strong Passwords default. But, for greater security, you should change the password length limit to 16 characters.
LastPass security – Increase it
LastPass has two more options that can help increase data security.
Multi-factor authentication. LastPass is compatible with a number of hardware- and/or software-based authenticators. You can view all options on the webpage.
LastPass also provides the Security Challenge. This automates the analysis of data stored in your vault. This checks for possible hacker sites and can even check whether any email addresses found in your vault correspond to them. It will also help you to update.
- Weak passwords
- Useful passwords
- Forgot passwords?
This tool is very helpful and can be accessed through the Account Settings submenu of your browser extension.
Share passwords, and other data
LastPass allows for secure sharing of data with other individuals. The FREE version permits sharing of data with more than one person. The LastPass Sharing Center lets you manage shared items. You can read how it works .
LastPass core features have been our focus so far. However, depending on your needs and circumstances you may require some features only found in paid versions.
You can find out more about the features you are most interested in by reading the following descriptions.
You can request emergency access for another user to have complete access to LastPass data in case something happens to you.
LastPass to apply
LastPass For Applications (LastApp), which is a Windows desktop program, gives you access to the LastPass Vault. It is able to input your passwords into desktop programs for you.
1 GB storage for encrypted files
This increase in vault space allows for secure notes, which is 50 MB to 1GB.
Family manager dashboard
LastPass Families lets you have as many as 6 users per account. Family Manager Dashboard acts as your control centre.
The team features
LastPass Teams allows up to 50 users to be managed with one account. This allows you to set up team policies as well as simple reporting.
Password management is available for every department, starting with onboarding and ending with automated reporting. Administrative controls can also be added. contains the entire breakdown.
LastPass Customer Assistance pages offer a lot of information which will help you fix many problems and not have to call the support team. Because it’s difficult to find a live person to help you, this feature is very useful. Although the chat system can answer some questions but isn’t very good at it, you may need to search for solutions on the website before being able to send an email to a specialist.
LastPass Support was great. Many comments left about LastPass Support on websites like ConsumerAffairs.com are negative. Most complain about how difficult it is to get in touch with Support.
LastPass Security (Officially still trustworthy after many hacks)
LastPass encrypts the data stored on your device with AES256 bit encryption and PBKDF2 SHA256 hashes. But they can still be hacked.
LastPass disclosed June 2015 to hackers being able steal email addresses of account users, password reminders as well as server per user salts. It was not found any evidence that vault data such as site usernames, form fill profiles, secure note, passwords, and site usernames had been stolen. Security was improved immediately by the company.
LastPass was hacked at least twice more during 2016 according to this HackRead report. White hat hackers reported the attacks to LastPass in both of these cases.
Darknet.org.uk stated that Chrome and LastPass Firefox were both compromised by malicious sites. This allowed your LastPass Passphrases to be accessed from any website. It is possible for a malicious site, according to some reports, to also run commands on user’s computers. LastPass engineers set to work once more to correct the problem.
It is not easy to witness hacks or leaks. However, there are some ways that you can see this.
- A Critical Approach. LastPass will show you the problems. You can then move on to another password manager.
- Philosophical Approach. LastPass, with its many users and notoriety makes it probable that they are more frequently attacked than other password managers. LastPass’s popularity means there is more potential for white-hat hackers, and other “good people” to look for issues with it than for lesser-known products.
- The Optimistic Method. Another way to see it is a positive. This is because any piece of moderately-complex software will have bugs and vulnerabilities. LastPass problems are constantly being discovered and fixed. That makes the product more secure and safer (at least in theory).
It’s up to you how you react to the many leaks and hacks discovered in LastPass Code.
LastPass might have access to some of your private data according to Hackernoon.com ‘s 2017 posting. LastPass’ URLs, as the author pointed out, are not encrypted. LastPass could not display the logos of sites stored in LastPass vault if they were.
LastPass saves URLs in the same way as other data. It stores them instead of encryption. Many URLs are sensitive.
For instance, credentials can be embedded in URLs using ways. These scenarios could result in you sending LastPass confidential information via an unencrypted format. Most websites will not allow this.
Although this is a potential privacy issue, it can be solved if the appropriate circumstances are met. The only way anyone can take advantage of this vulnerability is to have access your vault data. Hacking into your computer would be possible, as well as accessing LogMeIn’s data.
The third-party auditor also stated, as previously mentioned that LogMeIn is equipped with systems to block unauthorized access. Once again, it is up to you whether or not this situation presents an unacceptable risk given your circumstances.
LastPass subscription and prices
LastPass pricing depends on your requirements. The Free plan will suffice for most users. You can also see that Premium and Familys plans have additional benefits.
LastPass is a password manager that targets individuals or groups of users. LastPass, however, offers Business plans with all the necessary features for organizations.
Bitwarden can be used by a single person or small groups. The company offers a free plan as well as accounts for organizations that may meet your requirements. Open source code has been verified by security experts. Their code is open source and has not been reported as being compromised or leaked data.
1Password is a good choice if you’re looking for a password manager to manage corporate environments. Both provide a broad range of security features as well as strong business capabilities.
LastPass could be a suitable fit.
Your needs, and various other factors will play a role in this decision. A free plan works well if you only need assistance remembering passwords. LastPass plans are available for managing passwords for an individual, family member, or entire organization.
Bitwarden, however, may appeal to you if you’re more concerned about privacy and security. Your threat model and previous security issues may lead you to explore other options.
You can also see the main guide on password managers for more options.
Check out these additional password manager reviews.