Reviews for LastPass Password Manager
LastPass Password Manager by LastPass
Review by random_reviewer
Rated 1 out of 5
by random_reviewer, 3 years agoI have used this extension for several years now, and am finally switching to something else; on my way out, wanted to warn others about why I'm leaving! TLDR: (1) it's no longer working for the purpose I want in terms of helping me log into websites; (2) its new auto-fill/auto-submit behavior is actively putting my login information at risk.
Long version:
I have heard things about data breaches, which has made me nervous, but the issue that pushed me over the edge out of using the service is usability.
The extension has always been a little clunky, not recognizing urls as equivalent even after I entered them as such, logging me out at random, etc., but there has been a recent update that has made the extension not functional on several levels
1: URL recognition and search: it has always been a little dicey about which urls it recognizes (compared to the url you save for the password), but is now significantly worse. This means not recognizing urls that it should, but also "recognizing" urls that don't correspond at all (think autofilling an old neopets password into gmail level of "???") This is made worse by the fact that searching the vault has gotten more difficult: the vault is taking longer to load (sometimes refusing to open entirely), and the search function within the vault is working even more poorly than it used to (I have had to manually search through the vault in the past, but am having to do it much more frequently.)
2: Auto-fill: the extension has started trying to auto-fill login information into websites. I tried to troubleshoot this and have in theory turned the feature off, but it keeps turning itself back on and auto-filling again - which is a problem, because (a) because it is not reliably recognizing websites from the password's url field, it is not reliably auto-filling the correct information (b) it is also doing this with some website fields that are not username/password fields. In addition to filling random fields with random information from my vault, it is not just auto-filling, but auto-SUBMITTING on several websites. I have ended up having to disable the extension to avoid being labelled a bot by the websites I visit; I am also nervous about the potential security implications of lastpass pulling username/password combos from my vault to place in random website fields and press submit. This seems like a really good way to accidentally publish/send my login information for something, which is exactly what I don't want to happen! Since I have now had to disable the extension to navigate the internet, and can no longer rely on it to help me log in, this extension is now both useless and potentially risky for me; giving a heads up to anyone considering installing it to reconsider or at least wait until they have pushed out another update!
Long version:
I have heard things about data breaches, which has made me nervous, but the issue that pushed me over the edge out of using the service is usability.
The extension has always been a little clunky, not recognizing urls as equivalent even after I entered them as such, logging me out at random, etc., but there has been a recent update that has made the extension not functional on several levels
1: URL recognition and search: it has always been a little dicey about which urls it recognizes (compared to the url you save for the password), but is now significantly worse. This means not recognizing urls that it should, but also "recognizing" urls that don't correspond at all (think autofilling an old neopets password into gmail level of "???") This is made worse by the fact that searching the vault has gotten more difficult: the vault is taking longer to load (sometimes refusing to open entirely), and the search function within the vault is working even more poorly than it used to (I have had to manually search through the vault in the past, but am having to do it much more frequently.)
2: Auto-fill: the extension has started trying to auto-fill login information into websites. I tried to troubleshoot this and have in theory turned the feature off, but it keeps turning itself back on and auto-filling again - which is a problem, because (a) because it is not reliably recognizing websites from the password's url field, it is not reliably auto-filling the correct information (b) it is also doing this with some website fields that are not username/password fields. In addition to filling random fields with random information from my vault, it is not just auto-filling, but auto-SUBMITTING on several websites. I have ended up having to disable the extension to avoid being labelled a bot by the websites I visit; I am also nervous about the potential security implications of lastpass pulling username/password combos from my vault to place in random website fields and press submit. This seems like a really good way to accidentally publish/send my login information for something, which is exactly what I don't want to happen! Since I have now had to disable the extension to navigate the internet, and can no longer rely on it to help me log in, this extension is now both useless and potentially risky for me; giving a heads up to anyone considering installing it to reconsider or at least wait until they have pushed out another update!
8,913 reviews
- Rated 1 out of 5by Firefox user 19531778, 12 days agoBREAKS WEBAUTHN INTEGRATION. Any kind of external key (yubikey, touchID, whatever Windows provides) seems to be broken by this extension. Depending on the website, this can lock up the browser as a whole and force a restart.
Older versions seem to work, but it's been several months with no fix. - Rated 5 out of 5by ufu, 12 days ago
- Rated 1 out of 5by mt---king, a month agoversion 4.146.5 is a trash. it breaks the icloud passkey on macos
- Rated 1 out of 5by Stephen S, 2 months ago4.146.5 breaks all external webauthn integration: yubikey, titan keys, and mac touch id. Verified across linux and macos.
- Rated 1 out of 5by Firefox user 19454996, 2 months agoUpdate: Reverting back to 4.145.0 solved this issue.
The most recent version of Lastpass with passkeys has broken TouchID on MacOS. Lastpass trying to save passkeys results in an immediate "Unable to authenticate it looks like you canceled the passkey authentication process", because it is interfering with the MacOS touchID passkey process. Thus it is unusable on websites that I use TouchID on, and also locks up the browser, forcing me to force quit and restart it. Please issue a new update. - Rated 5 out of 5by Firefox user 16559621, 2 months ago
- Rated 4 out of 5by Firefox user 18990496, 2 months ago
- Rated 5 out of 5by Wolf Pusztay, 2 months ago
- Rated 2 out of 5by Firefox user 18764059, 3 months ago
- Rated 3 out of 5by EcceNux, 3 months agoSadly, the new versions are broken. The last working version is 4.138.3 (from January 2025). I hope LP takes care of the problems. Thankfully, the downgraded version works fine :)
- Rated 4 out of 5by Denis, 3 months ago
- Rated 1 out of 5by theTinker, 3 months ago
- Rated 1 out of 5by Firefox user 16029745, 3 months agoSo a fun thing that happens with LastPass is that a) it forces sites to reload and frequently breaks login pages, so that I have to disable the extension to log into my bank (for example). It also breaks its own site, so that I can't access my vault without reinstalling the extension and clearing my cookies/cache. Which WERE just annoying, but when I had the audacity to change my phone number meant that I couldn't access my vault to update it, then couldn't use the extension at all (because I couldn't do the 2FA). Support has been actively making it worse and asking for proof of account ownership that's either a) impossible (receipt for payment), b) deeply insecure and exploitable (a photo of my face + my ID by email), or c) frankly insane (enterprise/federal-level identity verification services). Heads up: do NOT send a photo of your face with your legal identification by email unless you REALLY want your identity stolen!
- Rated 2 out of 5by Rz, 3 months agoI personally didn't experience too many problems using LP for years. Although the forced-sign outs every so often + not being able to sign in on more than one device at a time was a big inconvenience. After all the security concerns, I decided to delete my account and switch password-managers.
- Rated 1 out of 5by JCN, 3 months ago
- Rated 5 out of 5by Firefox user 19145409, 3 months ago
- Rated 4 out of 5by Firefox user 19094018, 3 months ago
- Rated 4 out of 5by Firefox user 17311352, 3 months ago
- Rated 5 out of 5by LawDog, 4 months ago
- Rated 1 out of 5by Firefox user 19127907, 4 months agoDo a search on "LastPass breaches" to see the problem. Put simply, LastPass has demonstrated that its security infrastructure — both software and DevOps — is not robust enough to warrant trust.
Moreover, its management appears substantially more interested in minimising negative publicity than ensuring client safety. In short, LastPass cannot and should not be entrusted with your passwords. I used them for over a decade, but have now moved to the open-source BitWarden.
It was a suprisingly smooth transfer, apart from having to change all the passwords that LastPass's breaches compromised. - Rated 5 out of 5by Firefox user 14629144, 4 months ago
- Rated 5 out of 5by Firefox user 14123202, 4 months ago
- Rated 5 out of 5by Firefox user 15564935, 4 months ago
- Rated 4 out of 5by Firefox user 19116058, 4 months ago
- Rated 5 out of 5by Firefox user 13603694, 4 months ago