LastPass
SecurityPassword management and digital vault
LastPass offers the most accessible browser-first password management experience with built-in emergency access and business plans that include free family accounts for every employee.
LastPass is a widely used password manager that stores and autofills passwords across all devices. Its free tier provides basic password management, while premium adds dark web monitoring and emergency access.
Reviewed by the AI Tools Hub editorial team · Last updated February 2026
LastPass — In-Depth Review
LastPass is a password manager that stores credentials, secure notes, payment information, and other sensitive data in an encrypted vault accessible across devices. Founded in 2008 by Alex Simons and Marvasol Inc., LastPass was acquired by LogMeIn in 2015 for $110 million and later spun off as an independent company in 2022. It has over 33 million users and 100,000 business customers. LastPass was once the most popular password manager in the world, known for its generous free tier and browser-first approach. However, its reputation suffered significantly after two major security breaches in 2022 that compromised encrypted vault data and source code, leading many users and security experts to reconsider their trust in the platform.
Vault and Password Management
LastPass stores passwords, credit cards, bank accounts, secure notes, addresses, and custom item types in an AES-256 encrypted vault. The master password is used to derive the encryption key locally via PBKDF2 with 600,000 iterations (increased from 100,100 after the 2022 breaches). The browser extension auto-detects login forms, offers to save new credentials, and generates strong passwords during registration. The vault organizes items into folders and supports tagging for quick search. The Security Dashboard analyzes stored passwords for weakness, reuse, and presence in known data breaches, providing a security score and actionable recommendations.
Cross-Platform Access
LastPass is available as browser extensions for Chrome, Firefox, Safari, Edge, and Opera, with native apps for Windows, macOS, iOS, and Android. The web vault provides full access from any browser without installing software. Unlike some competitors that require a desktop app for full functionality, LastPass operates primarily through its browser extension and web vault, making it accessible on devices where you cannot install native applications. Autofill works across browsers and mobile apps using accessibility services on Android and the AutoFill framework on iOS.
Sharing and Emergency Access
LastPass allows sharing individual passwords or folders with other LastPass users. Shared items can be configured to allow or hide the actual password (the recipient can use the credential for autofill without seeing the password). Emergency Access lets you designate trusted contacts who can request access to your vault after a configurable waiting period (immediately to 30 days). If you do not deny the request within the waiting period, access is granted — providing a dead man's switch for estate planning and emergency scenarios.
LastPass Business
LastPass Business plans provide centralized administration, shared folders with fine-grained permissions, security policies, SSO integration via SAML 2.0, directory integration (Active Directory, Azure AD, Okta, Google Workspace), and reporting dashboards. Administrators can enforce password policies, require MFA, and monitor employee security scores. The admin console provides visibility into how many employees are using weak or reused passwords without exposing the actual credentials. LastPass Business also includes a free Families account for each employee, which helps drive adoption by extending the tool to personal use.
Security History and Current State
LastPass's security track record is a significant concern. In August 2022, an attacker gained access to LastPass's development environment via a compromised developer account. In a follow-up breach, the attacker accessed cloud storage backups containing encrypted customer vault data along with unencrypted metadata (website URLs, company names). While the vault data itself remains AES-256 encrypted, users with weak master passwords or low PBKDF2 iterations (pre-2023 defaults) are at elevated risk. LastPass has since increased PBKDF2 iterations to 600,000, mandated master password requirements, and engaged security firms for ongoing assessment. However, the breaches fundamentally damaged trust, and security researchers generally recommend alternatives like 1Password or Bitwarden for new users.
Pros & Cons
Pros
- ✓ Browser-first approach works on any platform without requiring native desktop app installation
- ✓ Emergency Access feature provides a thoughtful dead man's switch for estate planning and trusted contacts
- ✓ Business plans include free Families accounts for all employees, driving adoption through personal use
- ✓ Extensive sharing features allow password sharing with or without revealing the actual credential
- ✓ Wide platform support with extensions for all major browsers and native mobile apps with autofill
Cons
- ✗ Two major security breaches in 2022 compromised encrypted vault data and source code, severely damaging trust
- ✗ Free plan is now limited to a single device type (mobile or desktop), eliminating the cross-device sync that made it popular
- ✗ Pre-breach accounts with low PBKDF2 iterations may have weakened encryption on stolen vault data
- ✗ Customer support has been widely criticized for slow response times and unhelpful interactions, especially on free plans
- ✗ Web vault and extension UI feel dated compared to modern competitors like 1Password and Bitwarden
Key Features
Use Cases
Small Business Password Management on a Budget
Small businesses with limited IT resources use LastPass Teams to centralize credential management. Shared folders organize passwords by department or project, admin policies enforce minimum password standards, and the included Families plan incentivizes employee adoption for personal use.
Enterprise SSO and Directory Integration
Larger organizations use LastPass Business with SAML SSO and Active Directory integration to provide employees with single sign-on for supported apps and a vault for everything else. Directory sync automates provisioning and deprovisioning as employees join or leave the company.
Personal Password Hygiene Improvement
Individual users migrating from browser-saved passwords use LastPass to consolidate credentials in one encrypted vault. The Security Dashboard identifies weak and reused passwords, and the password generator creates strong replacements. Dark web monitoring alerts when credentials appear in new breaches.
Estate Planning and Emergency Credential Access
Users configure Emergency Access to designate family members or business partners who can request vault access after a waiting period. This ensures critical credentials (financial accounts, insurance, utilities) remain accessible to trusted parties in medical emergencies or death.
Integrations
Pricing
Free / $3/mo Premium
LastPass offers a free plan. Paid plans unlock additional features and higher limits.
Best For
Frequently Asked Questions
Is LastPass still safe to use after the 2022 breaches?
LastPass has taken steps to improve security since the breaches: increasing PBKDF2 iterations to 600,000, mandating stronger master passwords, and engaging external security firms. If you have a strong, unique master password and have updated your PBKDF2 iterations, your vault data remains encrypted with AES-256. However, many security experts recommend migrating to 1Password or Bitwarden, especially if your account predates 2023 when default iteration counts were lower. If you stay, change your master password and verify your security settings.
How does LastPass compare to 1Password?
1Password is generally considered more secure (dual-key encryption, no history of breaches), has a more polished interface, and better developer tools. LastPass has a lower price point on business plans and includes free Families accounts for employees. 1Password has no free tier; LastPass has a limited free plan. For new users, most security professionals recommend 1Password or Bitwarden over LastPass due to the breach history and trust concerns.
Can I still use LastPass for free?
Yes, but with significant limitations since March 2021. The free plan restricts you to one device type: you can use LastPass on your computers OR on your mobile devices, but not both. You lose email support, emergency access, and the security dashboard. For many users, these restrictions make the free plan impractical for daily use. Bitwarden offers a more capable free tier with cross-device sync, making it the better free option.
How do I migrate from LastPass to another password manager?
Export your vault from LastPass as a CSV file (Settings > Advanced > Export). Then import the CSV into your new password manager (1Password, Bitwarden, and Dashlane all support LastPass CSV imports directly). After confirming all data transferred correctly, delete your LastPass account. Important: the exported CSV contains all passwords in plaintext, so delete it securely after import and never email it or store it in cloud storage.
What data was exposed in the 2022 LastPass breach?
The attacker obtained encrypted vault backups and unencrypted metadata including company names, end-user names, billing addresses, email addresses, phone numbers, and website URLs stored in vaults. The vault data itself (passwords, secure notes) remains AES-256 encrypted with your master password. However, the unencrypted URLs reveal which services you use, and the encrypted vaults could theoretically be brute-forced if your master password was weak. Users with strong master passwords of 12+ characters are at low risk of vault decryption.
LastPass in Our Blog
LastPass Alternatives
LastPass Comparisons
Ready to try LastPass?
Visit LastPass →