Reviews for LastPass Password Manager
LastPass Password Manager by LastPass
Review by Firefox user 15238324
Rated 3 out of 5
by Firefox user 15238324, 7 years agoUPDATE. DO NOT USE YUBIKEY FOR TWO FACTOR AUTHENTICATION - UNFORTUNATELY LASTPASS DOES NOT USE FIDO2 AS THE AUTHENTICATION MECHANISM AND INSTEAD USES THE YUBIKEY PSEUDORANDOM KEY GENERATOR THAT BECAUSE OF POOR IMPLEMENTATION BY LASTPASS MEANS IT REMAINS SUSEPTIBLE TO ATTACK AND LEAVES YOUR ENTIRE VAULT OPEN TO THIEVES. THIS IS A KNOWN SECURITY ISSUE AND IRONICALLY ONLY APPLIES TO PAYING CUSTOMERS. SINCE LASTPASS HAVE BEEN INFORMED OF THIS ISSUE, NO ATTEMPT TO RESOLVE THE PROBLEM HAS BEEN MADE. THIS TOGETHER WITH A LACK OF TRANSPARENCY IN THEIR ISSUE MANAGEMENT RATES THIS AS 3 STARS AT BEST. THE remainder of the review relates to usability and is based on Lastpass's own publicity which given some of their representations at the time of this review regarding Yubikey being false, should be taken with that fact in mind.
Lastpass is probably one of the more intuitive password managers on the market at the time of writing with integration into the widest number of websites and available on the widest number of platforms of all the consumer focussed password / identity management solutions. Security applications have for the most part been devoid of interfaces that make it simple for the end-user to use, or for the most part even understand, so in many ways LastPass's user interface is the main reason for its awards and subsequent user base. Functionally the range of features that come with Lastpass are impressive, if a little daunting for someone who has not seen its evolution as a piece of software and it can feel as though if you used all the features and functionality it contains – it can be used to keep secure notes and has multiple templates for recording other types of sensitive data besides passwords for websites – then you would be relying on a basket that would be holding a lot of heavy eggs. Templates include SSNs, WiFi Passwords, Bank accounts, payment cards, Insurance Details etc. and has the funtionality for creating your own templates (I created one for storing GPG Keys and another phone IMEIs among other things), that it really can feel that you could be left very exposed to identity theft if an exploitable security hole went unpatched. There is, as with all password managers, an issue that is core to single password information vaults. Your LastPass password may the the last password you'll ever need but it's also the only password you must never ever forget. Or divulge. And it needs to be good enough that it's not easily guessable. For all these reasons I believe it's critical that some form of two factor authentication is used in addition to a strong password. The second authenticator can be hardware, e.g. software like Google Authenticator which generates a pseudo-random number generator app creates a new 6 digit authorisation code every 30 seconds. (Lastpass offer their own app for generating these numbers). It's why we all should have at least two front door keys (and not keep one under the flowerpot!) However the Achilles heel that all Vault based security apps struggle with: To ensure that only you can access your data also means that as there is no means of opening the vault if you forget your LastPass password, or lose the only source of authenticating you as the authorised user. LastPass have attempted to resolve this problem with a form of escrow that grants user nominated individuals access to the Vault in the event that the primary user is unable to input their password. I understand it is there primarily to help the family in circumstances where they need to take over management of the user's affairs. but the solution has a "tacked on" feel to it. Lastpass has made a strong commitment to ensuring their offering is secure which can be found on their website. Of all the password managers on the market I have found it to be the best and rate it highly, recommending it frequently. That said there are parts of the functionality which novice users and those who aren't IT literate do find it frustrating to use. I do think perseverence in learning is rewarded - there are substantial set of FAQs, active user forums, instructional videos, user support and guides which can be easily accessed. Overall a very useful and powerful extension which provides a huge amount of tools to make your online life far more secure.
Lastpass is probably one of the more intuitive password managers on the market at the time of writing with integration into the widest number of websites and available on the widest number of platforms of all the consumer focussed password / identity management solutions. Security applications have for the most part been devoid of interfaces that make it simple for the end-user to use, or for the most part even understand, so in many ways LastPass's user interface is the main reason for its awards and subsequent user base. Functionally the range of features that come with Lastpass are impressive, if a little daunting for someone who has not seen its evolution as a piece of software and it can feel as though if you used all the features and functionality it contains – it can be used to keep secure notes and has multiple templates for recording other types of sensitive data besides passwords for websites – then you would be relying on a basket that would be holding a lot of heavy eggs. Templates include SSNs, WiFi Passwords, Bank accounts, payment cards, Insurance Details etc. and has the funtionality for creating your own templates (I created one for storing GPG Keys and another phone IMEIs among other things), that it really can feel that you could be left very exposed to identity theft if an exploitable security hole went unpatched. There is, as with all password managers, an issue that is core to single password information vaults. Your LastPass password may the the last password you'll ever need but it's also the only password you must never ever forget. Or divulge. And it needs to be good enough that it's not easily guessable. For all these reasons I believe it's critical that some form of two factor authentication is used in addition to a strong password. The second authenticator can be hardware, e.g. software like Google Authenticator which generates a pseudo-random number generator app creates a new 6 digit authorisation code every 30 seconds. (Lastpass offer their own app for generating these numbers). It's why we all should have at least two front door keys (and not keep one under the flowerpot!) However the Achilles heel that all Vault based security apps struggle with: To ensure that only you can access your data also means that as there is no means of opening the vault if you forget your LastPass password, or lose the only source of authenticating you as the authorised user. LastPass have attempted to resolve this problem with a form of escrow that grants user nominated individuals access to the Vault in the event that the primary user is unable to input their password. I understand it is there primarily to help the family in circumstances where they need to take over management of the user's affairs. but the solution has a "tacked on" feel to it. Lastpass has made a strong commitment to ensuring their offering is secure which can be found on their website. Of all the password managers on the market I have found it to be the best and rate it highly, recommending it frequently. That said there are parts of the functionality which novice users and those who aren't IT literate do find it frustrating to use. I do think perseverence in learning is rewarded - there are substantial set of FAQs, active user forums, instructional videos, user support and guides which can be easily accessed. Overall a very useful and powerful extension which provides a huge amount of tools to make your online life far more secure.
8,935 reviews
- Rated 4 out of 5by superoci, 4 hours agoIt's great to have a password manager and works most of the time, although sometimes it doesn't want to fill passwords or passkeys some times. It is worth to mention that LastPass has been breached multiple times in the past, so it is way less reliable than other options like Bitwarden.
- Rated 1 out of 5by Firefox user 13551479, 4 days agoI can't log in because I'm supposed to get an email that never arrives and when I want to report it, I have to log in to be able to do it, damn idiotic.
- Rated 1 out of 5by am, a month ago
- Rated 1 out of 5by End, a month ago
- Rated 2 out of 5by CC, 2 months agoResponse to their headline "Why millions trust Lastpass": They used to be good, and people dislike change. Business was sold and things changed. I've had my Premium account for years, deleted today. Poorly handled data breaches, excessive data collection, and not listening to users about features nor bugs. This is how you lose the "trust of millions". I will be using Bitwarden and 1Password at work, and 1Password (most feature rich) or Proton (best privacy) at home.
- Rated 5 out of 5by MyKiev, 2 months ago
- Rated 1 out of 5by Firefox user 14972385, 2 months ago
- Rated 3 out of 5by garrettmitchener, 3 months agoData breaches, excessive data collection, and they won't fix important bugs. I have to disable it on several websites because it screws up handling of Yubi keys and it breaks logging into other websites.
- Rated 3 out of 5by ChickyKnight118, 3 months agoGreat add-on! but big problem with the security of your data.
- Rated 1 out of 5by Angelo UK, 3 months agoI would definitely not recommend this extension to anyone. I keeps getting the credentials wrong. I register as a user, and it detects invalid credentials. I open a form, and it autofills details with incorrect values, even if I had disabled this feature yesterday (and confirmed it was disabled). It's really makes it not convenient to use LastPass as password storage platform.
An this is the 4th time in 4 years that I try to use it for work. Colleagues reported nuisances are real and present for them too.
Do not install. - Rated 4 out of 5by Firefox user 19737951, 3 months ago
- Rated 1 out of 5by Jelly Time, 3 months agoUsed to be good, helpful, as of a month or two ago it demands you accept permissions allowing it to stalk your every move on firefox, they want to gather all of your browsing data for absolutely zero benefit or even any difference to your experience, just bonus money for them for selling your data while we wait for their next massive data breach.
Steer clear, keepassxc is a good one to look at instead. - Rated 1 out of 5by Nate, 3 months agoCompletely freezes Firefox when trying to log into sites with a passkey. Time to switch to Bitwarden!
- Rated 1 out of 5by Firefox user 16634215, 3 months agoTrust is everything for a service like a password manager. Especially online. I used to trust LastPass. A lot. Years ago, their customer service was outstanding. At one point, I couldn’t pay my subscription, and a support rep gave me three months free so I could stay with them. That blew me away. I stuck with LastPass for years because of experiences like that.
But trust in your data matters even more. And here, LastPass has failed. Security breaches and data leaks have repeatedly eroded my confidence. Their communication about these incidents has been far from transparent. Sketchy, at best. That alone was a dealbreaker for me.
I started considering alternatives like Bitwarden or local password storage. Procrastination kept me from switching. Until now.
Now, LastPass wants extensive personal data: browsing history, website activity, location, financial info, and other identifying details. Really? None of this is necessary for the current functionality. The features already work perfectly without handing over my entire digital life. And there’s no explanation for why they need it.
This is the end of LastPass for me. For a password manager, data trust isn’t optional. It’s the core. I have none left. - Rated 1 out of 5by Firefox user 19055811, 4 months agoMultiple data breatches, inconsistent form filling and now mass data collection? Thank you for reminding me switch to Bitwarden cause I really needed an excuse to finally uninstall
- Rated 1 out of 5by Firefox user 19703803, 4 months agoI don't agree donating all my personal data with details and browsing activity, to any company to make them richer and me unsafer (remember the data leak?). So I just uninstalled it, there are plenty of password manager options.
- Rated 1 out of 5by elsenfox, 4 months ago
- Rated 2 out of 5by Firefox user 19696306, 4 months agoHow is it that it breaks so many logins? For example any attempt to log in to Github just auto fills the verifier again and again and you can't log in for a long while!!!
- Rated 1 out of 5by Roguefoxx, 4 months agoYou don't need to collect all my data, and now you won't. I've been using LastPass for many years, but with your new data collection requirements I won't participate.
In Vault, go to Advanced Settings>>Export. Verify in Email. Log in. Import CSV in your new manager. I suggest Proton Pass. - Rated 1 out of 5by R1chard, 4 months agoWhy do you need all my data??? This is complete nonsense!!!! I'm a paying user, but when my subscription expires, I'll stop using your services. What happens if you get hacked? The answer is... sorry, we didn't expect that... complete bullshit. Delete all that nonsense and fast!!! People, never buy a LastPass account, go to KeePass, it's free!!! And even better!!!
- Rated 1 out of 5by Guy Incognito, 4 months ago
- Rated 1 out of 5by Firefox user 13492450, 4 months agoJust say no to invasive data gathering. Done with LastPass.
In Vault, go to Advanced Settings>>Export. Verify in Email. Log in. Import CSV in your new manager. I suggest Proton Pass. - Rated 1 out of 5by Kalter, 4 months agoWorked well for years, but the new data collection requirements are excessive and intrusive. If this doesn’t change in the near future, I’ll be switching to a different password manager.
- Rated 1 out of 5by Iyashu, 4 months agoThe new data collection permissions are incredibly intrusive. I will be moving to a different password manager.