Reviews for LastPass Password Manager
LastPass Password Manager by LastPass
Review by Firefox user 15238324
Rated 3 out of 5
by Firefox user 15238324, 6 years agoUPDATE. DO NOT USE YUBIKEY FOR TWO FACTOR AUTHENTICATION - UNFORTUNATELY LASTPASS DOES NOT USE FIDO2 AS THE AUTHENTICATION MECHANISM AND INSTEAD USES THE YUBIKEY PSEUDORANDOM KEY GENERATOR THAT BECAUSE OF POOR IMPLEMENTATION BY LASTPASS MEANS IT REMAINS SUSEPTIBLE TO ATTACK AND LEAVES YOUR ENTIRE VAULT OPEN TO THIEVES. THIS IS A KNOWN SECURITY ISSUE AND IRONICALLY ONLY APPLIES TO PAYING CUSTOMERS. SINCE LASTPASS HAVE BEEN INFORMED OF THIS ISSUE, NO ATTEMPT TO RESOLVE THE PROBLEM HAS BEEN MADE. THIS TOGETHER WITH A LACK OF TRANSPARENCY IN THEIR ISSUE MANAGEMENT RATES THIS AS 3 STARS AT BEST. THE remainder of the review relates to usability and is based on Lastpass's own publicity which given some of their representations at the time of this review regarding Yubikey being false, should be taken with that fact in mind.
Lastpass is probably one of the more intuitive password managers on the market at the time of writing with integration into the widest number of websites and available on the widest number of platforms of all the consumer focussed password / identity management solutions. Security applications have for the most part been devoid of interfaces that make it simple for the end-user to use, or for the most part even understand, so in many ways LastPass's user interface is the main reason for its awards and subsequent user base. Functionally the range of features that come with Lastpass are impressive, if a little daunting for someone who has not seen its evolution as a piece of software and it can feel as though if you used all the features and functionality it contains – it can be used to keep secure notes and has multiple templates for recording other types of sensitive data besides passwords for websites – then you would be relying on a basket that would be holding a lot of heavy eggs. Templates include SSNs, WiFi Passwords, Bank accounts, payment cards, Insurance Details etc. and has the funtionality for creating your own templates (I created one for storing GPG Keys and another phone IMEIs among other things), that it really can feel that you could be left very exposed to identity theft if an exploitable security hole went unpatched. There is, as with all password managers, an issue that is core to single password information vaults. Your LastPass password may the the last password you'll ever need but it's also the only password you must never ever forget. Or divulge. And it needs to be good enough that it's not easily guessable. For all these reasons I believe it's critical that some form of two factor authentication is used in addition to a strong password. The second authenticator can be hardware, e.g. software like Google Authenticator which generates a pseudo-random number generator app creates a new 6 digit authorisation code every 30 seconds. (Lastpass offer their own app for generating these numbers). It's why we all should have at least two front door keys (and not keep one under the flowerpot!) However the Achilles heel that all Vault based security apps struggle with: To ensure that only you can access your data also means that as there is no means of opening the vault if you forget your LastPass password, or lose the only source of authenticating you as the authorised user. LastPass have attempted to resolve this problem with a form of escrow that grants user nominated individuals access to the Vault in the event that the primary user is unable to input their password. I understand it is there primarily to help the family in circumstances where they need to take over management of the user's affairs. but the solution has a "tacked on" feel to it. Lastpass has made a strong commitment to ensuring their offering is secure which can be found on their website. Of all the password managers on the market I have found it to be the best and rate it highly, recommending it frequently. That said there are parts of the functionality which novice users and those who aren't IT literate do find it frustrating to use. I do think perseverence in learning is rewarded - there are substantial set of FAQs, active user forums, instructional videos, user support and guides which can be easily accessed. Overall a very useful and powerful extension which provides a huge amount of tools to make your online life far more secure.
Lastpass is probably one of the more intuitive password managers on the market at the time of writing with integration into the widest number of websites and available on the widest number of platforms of all the consumer focussed password / identity management solutions. Security applications have for the most part been devoid of interfaces that make it simple for the end-user to use, or for the most part even understand, so in many ways LastPass's user interface is the main reason for its awards and subsequent user base. Functionally the range of features that come with Lastpass are impressive, if a little daunting for someone who has not seen its evolution as a piece of software and it can feel as though if you used all the features and functionality it contains – it can be used to keep secure notes and has multiple templates for recording other types of sensitive data besides passwords for websites – then you would be relying on a basket that would be holding a lot of heavy eggs. Templates include SSNs, WiFi Passwords, Bank accounts, payment cards, Insurance Details etc. and has the funtionality for creating your own templates (I created one for storing GPG Keys and another phone IMEIs among other things), that it really can feel that you could be left very exposed to identity theft if an exploitable security hole went unpatched. There is, as with all password managers, an issue that is core to single password information vaults. Your LastPass password may the the last password you'll ever need but it's also the only password you must never ever forget. Or divulge. And it needs to be good enough that it's not easily guessable. For all these reasons I believe it's critical that some form of two factor authentication is used in addition to a strong password. The second authenticator can be hardware, e.g. software like Google Authenticator which generates a pseudo-random number generator app creates a new 6 digit authorisation code every 30 seconds. (Lastpass offer their own app for generating these numbers). It's why we all should have at least two front door keys (and not keep one under the flowerpot!) However the Achilles heel that all Vault based security apps struggle with: To ensure that only you can access your data also means that as there is no means of opening the vault if you forget your LastPass password, or lose the only source of authenticating you as the authorised user. LastPass have attempted to resolve this problem with a form of escrow that grants user nominated individuals access to the Vault in the event that the primary user is unable to input their password. I understand it is there primarily to help the family in circumstances where they need to take over management of the user's affairs. but the solution has a "tacked on" feel to it. Lastpass has made a strong commitment to ensuring their offering is secure which can be found on their website. Of all the password managers on the market I have found it to be the best and rate it highly, recommending it frequently. That said there are parts of the functionality which novice users and those who aren't IT literate do find it frustrating to use. I do think perseverence in learning is rewarded - there are substantial set of FAQs, active user forums, instructional videos, user support and guides which can be easily accessed. Overall a very useful and powerful extension which provides a huge amount of tools to make your online life far more secure.
8,933 reviews
- Rated 1 out of 5by Firefox user 16634215, 17 hours agoTrust is everything for a service like a password manager. Especially online. I used to trust LastPass. A lot. Years ago, their customer service was outstanding. At one point, I couldn’t pay my subscription, and a support rep gave me three months free so I could stay with them. That blew me away. I stuck with LastPass for years because of experiences like that.
But trust in your data matters even more. And here, LastPass has failed. Security breaches and data leaks have repeatedly eroded my confidence. Their communication about these incidents has been far from transparent. Sketchy, at best. That alone was a dealbreaker for me.
I started considering alternatives like Bitwarden or local password storage. Procrastination kept me from switching. Until now.
Now, LastPass wants extensive personal data: browsing history, website activity, location, financial info, and other identifying details. Really? None of this is necessary for the current functionality. The features already work perfectly without handing over my entire digital life. And there’s no explanation for why they need it.
This is the end of LastPass for me. For a password manager, data trust isn’t optional. It’s the core. I have none left. - Rated 1 out of 5by Firefox user 19055811, 4 days agoMultiple data breatches, inconsistent form filling and now mass data collection? Thank you for reminding me switch to Bitwarden cause I really needed an excuse to finally uninstall
- Rated 1 out of 5by Firefox user 19703803, 7 days agoI don't agree donating all my personal data with details and browsing activity, to any company to make them richer and me unsafer (remember the data leak?). So I just uninstalled it, there are plenty of password manager options.
- Rated 1 out of 5by elsenfox, 7 days ago
- Rated 2 out of 5by Firefox user 19696306, 11 days agoHow is it that it breaks so many logins? For example any attempt to log in to Github just auto fills the verifier again and again and you can't log in for a long while!!!
- Rated 1 out of 5by Roguefoxx, 13 days agoYou don't need to collect all my data, and now you won't. I've been using LastPass for many years, but with your new data collection requirements I won't participate.
In Vault, go to Advanced Settings>>Export. Verify in Email. Log in. Import CSV in your new manager. I suggest Proton Pass. - Rated 1 out of 5by R1chard, 21 days agoWhy do you need all my data??? This is complete nonsense!!!! I'm a paying user, but when my subscription expires, I'll stop using your services. What happens if you get hacked? The answer is... sorry, we didn't expect that... complete bullshit. Delete all that nonsense and fast!!! People, never buy a LastPass account, go to KeePass, it's free!!! And even better!!!
- Rated 1 out of 5by Guy Incognito, 21 days ago
- Rated 1 out of 5by Firefox user 13492450, 22 days agoJust say no to invasive data gathering. Done with LastPass.
In Vault, go to Advanced Settings>>Export. Verify in Email. Log in. Import CSV in your new manager. I suggest Proton Pass. - Rated 1 out of 5by Kalter, 24 days agoWorked well for years, but the new data collection requirements are excessive and intrusive. If this doesn’t change in the near future, I’ll be switching to a different password manager.
- Rated 1 out of 5by Iyashu, 25 days agoThe new data collection permissions are incredibly intrusive. I will be moving to a different password manager.
- Rated 1 out of 5by Firefox user 12306447, a month agoThe new requirements for collecting massive amounts of data are inappropriate and unacceptable. I've been using it for years, but I had to uninstall the add-on.
- Rated 1 out of 5by Firefox user 19665368, a month ago
- Rated 1 out of 5by Cal, a month agoLastpass has no excuse for all the data they want to collect now, plus they are notable for a massive security breach so why do they think we should trust them? 0/5
- Rated 1 out of 5by Levant2004, a month agoWorked great for me, then suddenly required a ton of intrusive data collection. I'm working on switching to a new password manager.
- Rated 1 out of 5by hax, a month agoThis addon is now requesting additional permissions and wants to collect my browsing and website activity, location, personally identifying information and financial and payment information. I'm done here and switching to an offline solution with KeePassXC.
- Rated 1 out of 5by Firefox user 13929008, a month agoAgree with a previous review. You're asking for additional data, but it worked fine for me without LP having those permissions. While I can cancel the prompt, it keeps coming back. It's time for me to stop using LastPass. Let me explain it to you again. It worked fine without the new permissions. You're asking for data that you do not need. You really need to know my location to fill a username/password? My financial and payment information? That's something I can provide, doesn't mean you should automatically get access to it. Browsing and website activity? I'm done. Should have stopped using LP after the data breach forcing me to update all my passwords. The best solution is to use something locally and there are enough options. Synchronizing this data to the cloud and trusting you guys with it was a huge mistake
- Rated 1 out of 5by Firefox user 19659372, a month ago
- Rated 1 out of 5by PaganDegree, a month agoReally not happy with all this new required data collection. Why do you need my browsing activity and website activity. I think its time to look for a new password manager.
- Rated 1 out of 5by klapperkopp, a month agoCompletely broke my Passkeys support on MacOS, as already written by many others. It's more than 3 months without a fix. Just bad. I am a paying users since years but the extensions for all browsers and mobile apps have degraded over time and now I am looking into competitors. I would be long gone, if it wouldn't be such a hassle to migrate all passwords and notes including files.
- Rated 5 out of 5by Firefox user 17412839, a month ago
- Rated 1 out of 5by Spazticus, 2 months agoMultiple data breaches, poorly handled, kludgy interface, zero support.
- Rated 2 out of 5by RichEMPIRE, 2 months agoThe plug-in keeps uninstalling itself. It happens about once a month, you're typing along and all of the sudden it's no longer there. What is going on?