Installation for Chrome and Firefox requires simply starting the download activity, which then instantly installs the extension directly onto the browser toolbar. As far as Mac devices are concerned, Safari users must double-click on the .dmg file. There is also a desktop app available for Mac which hasn’t yet been made available for Windows.
Regarding the setup of LastPass on smartphones and tablets, an app is available for download from the iOS App Store or the Google Play Store. A huge plus is that you do not have to give details of your credit card or other payment information as there is a free option.
After installing it, you will need to log in with your email and create a master password, after which it will sync your saved references.
Adding passwords to your Vault is easy: go to a website you use and log in with your username and password. LastPass then asks you if you want to save the password to your Vault to which you respond by clicking ‘Add’. As simple as that.
One small drawback is that you can only change passwords one-by-one, whereas some other password managers allow you to change more than one password at a time. Still, this isn’t something you’ll come across often while using LastPass, but basically only when first setting it up.
The user’s data in the private vault is fully encrypted and decrypted on the user’s machine. Only encrypted sensitive information is synced with LastPass. This means that not even the developers or employees of LastPass can access your master password or any of your other passwords.
The master password that you create isn’t transmitted to the cloud servers. Therefore, it cannot be obtained by a hacker. Moreover, in the off chance that LastPass is hacked, the hacker will not obtain your actual passwords but the encrypted versions of them.
LastPass uses 256-bit AES encryption, and the system depends on PBKDF2 and SHA-256 encryption keys when collecting password information. This process is called salted hashes and ensures complete security. The add-on also uses a zero-knowledge model meaning only you know the master password which unlocks your vault.
What’s more, LastPass offers multi-factor authentication. According to LastPass, its multi-factor authentication ‘goes beyond standard two-factor authentication to ensure the right users are accessing the right data at the right time, without added complexity’.
The biometric login for LastPass includes Touch ID and Face ID on iOS and macOS, as well as most Android and Windows fingerprint readers.
Even though LastPass has had two security breaches, in 2011 and in 2015, these breaches thankfully didn’t impact its users. Due to LastPass’s high level of security, the hackers were only able to access encrypted master passwords, master password hints, and email addresses. So, the hackers weren’t able to access any user’s account.
LastPass was also targeted in 2018 when it was under a large phishing attack. Fake LastPass notifications appeared on malicious websites which asked users to type in their master password.
LastPass doesn’t require your personal information unless they really need it, nor do they share that information with anyone (except in the cases of complying with the law, protecting their rights of developing their products).
In addition, personal information isn’t stored on their servers unless it is required by one of the services it offers. To make it plain and simple, if you decide that you want to save your login history, they will save it. In case you do not want this, they will not save it.
LastPass can access site URLs and the number of items in the user’s Vault for two purposes:
- assembling the data of all users to get a better understanding of the use of LastPass, so that they can improve the product;
- accurately delivering website logos in the user’s Vault for easier navigation and a better experience for the user.
According to LastPass’s website, private information “is securely synced to LastPass servers. We use firewalls, secure transfer protocols, and industry-standard practices to protect the servers and service, as well as regular third-party audits for outside review and validation of our security and privacy measures. Any other personally identifiable Vault Data (e.g., usernames, passwords, the information in notes, name of entries, values for form fields) is encrypted using our local-only encryption model, in which LastPass never knows your Master Password and never has access to personal information stored in your Vault.”
LastPass’s core is its vault, where all the passwords are stored. With your master password, you can unlock the vault and read the data that is otherwise encrypted. When you visit a website for which LastPass has stored your login information, LastPass will simply fill in the information for you. Your log in credentials can also be organized into different folders so that your vault stays nice and tidy.
Features can also be adjusted: for instance, you can adjust them so that you must re-enter the master password when accessing certain risky logins.
Besides saving your passwords, the vault can also save other types of data such as your personal information, financial information, insurance policies, wi-fi passwords, emergency contact numbers, etc. Besides auto-filling passwords, the browser extension can also autofill common forms for you (ex. credit card information), making it that much easier for you.
One of the crucial features is the built-in password generator. Just one click will allow you to create a complex password using the browser add-on or the mobile app, a password that’ll be basically impossible to crack. This password can also be customized so that it is easy to read or say, and it is, of course, automatically added to your vault.
The two-factor authentication layers extra protection. With this feature, you use your normal password along with some other form of identification. The most common form of authentication is a text message system, while LastPass’s app works not only with SMS codes, but also 6-digit generated passcodes or automated push notifications which are just one click away from logging you in.
Another great feature is LastPass’s Security Challenge which allows you to test how strong your current passwords are: it helps you update weak passwords and change user passwords.
The Premium subscription and other paid options offer additional features not available to the free plan users. For example, there’s the option of setting an emergency contact that will be able to access your data in case it’s necessary. It also comes with 1 GB of encrypted storage which can be used to safely transfer any file to the cloud.
The Teams subscription (for smaller companies) offers users access to a vault that is private, as well as access to a shared space where they can manage all forms of secure data.
The Family Plan allows you to share passwords between up to 5 other individuals. Six accounts can be linked together, with the possibility of choosing exactly which passwords will be added to the shared vault.
Regarding personal use, the free version involves one user and includes a 30-day trial of Premium. The Premium version costs $3/month ($36/year) for one user. The Family Plan costs $4/month ($48/year) and involves up to 6 individuals.
As far as business versions are concerned, there is a Teams plan which costs $4/user/month ($48/user/year) and involves between 5 and 50 users. The Enterprise plan costs $6/user/month ($72/user/year) and involves 5 or more users. The MFA plan costs $3/user/month ($36/user/year) for 5 or more users, and finally, the Identity plan costs $8/user/month ($96/user/year) and involves 5 or more users.
One of its main competitors’ free plans, isn’t as good as LastPass’s as it has a limited amount of password entries. Its premium version is also less effective in terms of practicality and is slightly more expensive than LastPass’s at $3.33/month.
Its support is unfortunately only through emails, with Premium users having priority. For users of the Free plan, it takes customer support around 2 days to answer.
Premium, Teams and Families plans have priority technical support, meaning that users can send in service tickets concerning errors or problems they might be faced with. The Enterprise package’s support is even better as it assigns a committed team of experts who are available at all times.
While support through emails isn’t instant, instant replies can instead be found in LastPass’s FAQ section. It consists of different articles and videos that can help you with the installation or any problems you might come across. There is a search bar that will help you find what you’re looking for.
Finally, there is also a community-to-community forum which is quite active and helpful, though there aren’t too many support reps on the forum to classify LastPass’s support as 24/7.
The free option is full of great features, while the Premium and Families options, along with the Business options, are all very affordable considering the features they offer to their users. Besides, LastPass is easy to use and your vault stays well organized with the addition of folders.
The software offers top-notch security measures such as 2-factor authentication and a zero-knowledge model which makes it secure and reliable. Nowadays, hackers are lurking everywhere and it doesn’t hurt having a bit of extra protection, especially since you can have it for free.
Its only real cons are the lack of a universal password changer (you need to set the passwords manually or add them one-by-one when logging into a website) and the not-so-stellar customer support. Still, both of these cons are outweighed by the pros.
Its user-friendliness, security, reliability and the fact that it is free/cheap certainly make it worth trying out.