LastPass is a popular password management solution that offers convenient browsing integration and advanced functionality. It allows you to sync passwords and confidential data across multiple devices and platforms. While LastPass is set to make things simple, the security of the service has come under scrutiny because in the past, some servers were compromised. The fact that LastPass is a proprietary tool instead of an open source one, may also cause some concerns. After all, unlike open source software, proprietary solutions cannot be independently audited, which could facilitate the introduction of backdoors. LastPass may not be the first choice for those who prioritize privacy and security, but if you are looking for an easy to use option to manage your password, you may want to consider it.
LastPass offers a free and a premium version for personal users and it also supports a solution for businesses. You can sync passwords across as many devices as you want and multiple platforms including Windows, Mac OS, Linux, Android and iOS are supported. The LastPass Premium plan allows you to sync from desktop computers to mobile devices. The service can be tested for 14 days and there is a money back guarantee that covers paid customers for 30 days.
LastPass offers an extensive selection of features including auto-generation of secure passwords, auto-form-field completion, secure notes to store private information, multi-factor authentication (including biometric functionality) and you can also import existing password from your browser. It is possible to share website login details with someone else and if you are in the United States, LastPass will also let you monitor your card in real time so that you can prevent unauthorized use.
Security and Privacy
LastPass protects passwords locally with AES 256-encryption and since it is a cloud-based solution, it stores them online. Data is transferred over secure SSL connection and to reinforce the security of the password stored online, 100,000 rounds of PBKDF2-SHA256 are used. Only you have the master password and decryption key and encryption/decryption takes place outside your browser. Still, you can recover your password since LastPass creates a password hash out of your master password and username, and then it sends this to its servers. For password recover, the master password has to be combined with username and password.
Unfortunately, the security of LastPass was compromised in 2015, when their servers were hacked. Although, there were no master passwords obtained due to the fact that they are not stored by LastPass, other data including email addresses, password reminders and authentication hashes, was stolen. In theory, this information could eventually lead hackers to unveil the master passwords, but it would probably take a lot of time to figure them out. Still, the fact that LastPass holds this information is a concern because it also means that if a request is received, the data would be handed over to authorities.
The bad news is that this is not the first time that LastPass has been targeted successfully by hackers. This indicates that there are severe security issues that should be addressed. While the fact that password recovery is allowed can be practical, it may also be a weaknesses. Additionally, since the data that can help hackers to get the master password is stored in a centralized database, this is more likely to be targeted. As previously mentioned, LastPass is proprietary software, meaning that it can’t be reviewed independently to verify its integrity.
In any case, LastPass states that it is committed to keep personal information secure and it won’t share it with third-parties unless the request comes from law enforcement agencies. Personal data is not stored on their servers, unless you opt for storing login history or other features that require LastPass to retain information. The Android app asks for too many permissions, which will also rise suspicions among privacy concerned users. If you choose LastPass, you will need to trust in their commitment to secure your password. In the end, it is better that you don’t use LastPass for highly sensitive information.
Desktop and Mobile
When you opt for the desktop version, you will be able to install the browser plugin available for Firefox, Chrome, Opera, Internet Explorer and Safari. Ease of use is the main advantage of LastPass and you can import passwords saved by your browser and then disable the integrated password saving functions to let LastPass manage all your passwords. As a measure to prevent keyboard logging, a web based keyboard is used when you log in. There is an option called LastPass for Applications, which lets Windows users get control over their account from the desktop. You can get direct access to LastPass Vault and Secure Notes to enable passwords and other data for stand-alone programs.
LastPass also offers mobile apps that give you access to passwords on the go, but you will need to get a Premium account in order to enjoy all the functionality available. The Android app is easy to use and supports practical features. Links will be opened using the built-in browser and LastPass will fill in forms and passwords within this browser. While the browser is practical and works well, it doesn’t offer the advanced functionality that you can enjoy with Firefox or Chrome. The good thing is that LastPass can also be used with Chrome, or other browsers like Dolphin.
LastPass is affordable and can save you a lot of hassle. LastPass supports an array of authentication factors such as biometric authentication. Unfortunately, the security of LastPass has been broken in the past, which may put off users who expect a top level of security. They offer good encryption and a wide set of features, but there are some weak points in terms of security. Overall, LastPass would be a good choice for users who are more interested in a practical way to manage their passwords and may be convenient for handling non-confidential data.