LastPass Review

Long-running password manager with a paid family/team focus. Note: experienced security incidents in 2022 — the company’s response and current posture are part of the story.

LastPass was, for many years, the default recommendation in the password-manager category. The 2022 breach changed that. In November of that year, LastPass disclosed that attackers had exfiltrated encrypted customer vault backups alongside plaintext website URLs, names, billing addresses and email addresses.

Over one million UK residents were among those affected. The UK Information Commissioner's Office subsequently found that LastPass had not implemented the technical and organisational measures expected of a service of its size — including allowing employees to access business systems from personal devices and permitting accounts to be linked under a single master password.

Krebs on Security has since traced roughly $150 million in cryptocurrency thefts to the stolen vaults, with researchers documenting between two and five six-figure heists per month as weaker master passwords are brute-forced offline. The company has tightened its baseline in response. Encryption remains AES-256 with PBKDF2-SHA-256 key derivation, but the default iteration count was raised to 600,000 rounds, and a 12-character master password was enforced for all customers by early 2024.

Multi-factor support is genuinely broad, covering TOTP authenticator apps, FIDO2 / U2F hardware keys and biometric login through Touch ID, Face ID, Windows Hello and Android fingerprint. Platform reach is among the widest in the category — Windows, macOS, Linux, iOS, Android, watches and VR, plus extensions for Chrome, Firefox, Safari, Edge, Brave and Opera.

Pricing is competitive. LastPass Premium runs at roughly £2.30 / $3 a month billed annually, with a Families tier covering six accounts for $48 a year. The free tier still ships zero-knowledge AES-256 encryption, an unlimited vault, 2FA and password generation, though since March 2021 it's been restricted to a single device class: pick computers or mobile at first login and lose the other unless you upgrade.

Capterra's aggregate rating across more than 2,700 reviews sits at 4.6 out of 5, citing fast setup and folder organisation as everyday strengths. The difficulty is that the security record now sits in the foreground of the decision. Trustpilot reviewers report billing and cancellation problems, with some accounts being charged years after deletion attempts.

Digital Trends's editorial verdict is that the poor security track record overshadows the strengths. We'd weigh those facts before treating LastPass as the obvious choice.