LastPass review: This virtual vault makes password protection effortless
Correction: In our original review, we mistakenly said you needed the paid plan to get two-factor authentication and mobile device support. LastPass is actually free to use on multiple devices, and two-factor authentication is included in the free version. We have corrected the review. PCWorld regrets the error.
LastPass remains something of a gold standard for password managers. One of the first full-featured tools of its kind, this combination vault, form-filler, and password generator ticks off all the boxes in our password manager checklist.
After you sign up and install the LastPass browser plugin, it captures your login credentials when you visit a website for the first time. When you return to a site, a small icon appears in its login fields showing how many accounts you have stored. Clicking it opens a drop-down menu revealing each account so you can select the appropriate one. You can also select an auto-login option for each account to have LastPass sign you in automatically whenever you visit that site.
All the website accounts are managed from your “vault.” Websites associated with your passwords are displayed as tiles, or if you choose, in a list. On each tile are buttons for accessing your login details, securely sharing them with someone else, or deleting them. And to be honest, those are the only reasons to visit your vault; you can access individual accounts as well as LastPass’ main features right from the plugin.
Coming up with unique, complex passwords is one of the biggest obstacles to practicing good security. LastPass dramatically eases this burden with a powerful password generator that auto-creates up to 12-character passwords using upper- and lower-case letters, numerals, and special characters. There’s also an option to make the password pronounceable for easier recall. The password generator icon appears in the login fields whenever you’re creating a new account or you can access it anytime from your vault or the browse plugin.
But passwords are not a set-it-and-forget-it deal. Changing your passwords every so often as a precautionary measure can strengthen your security. LastPass offers two tools to simplify this. The first is auto password change. Instead of manually logging in to an account and changing the password manually, LastPass will do it with the click of a button for 80 popular sites including Facebook and Amazon. The second, Security Challenge, will audit your vault for weak, old, and duplicate passwords as well as any for sites known to have been compromised.
These features alone make LastPass indispensable, but it protects more than your passwords. You can create and securely store form-fill profiles that include personal data to more easily complete online purchases, reservations, and site registrations. And its Secure Notes feature lets you safely store bank account and social security numbers, safe combinations, and other sensitive info.
LastPass also recently added an Emergency Access feature that lets you designate trusted people to access your vault when you can’t.
LastPass’ robust free version gives you access to all these features plus two-factor authentication across all your desktop *and* mobile devices. For $12 a year, an upgrade to LastPass Premium adds features including desktop fingerprint identification, YubiKey and Sesame multifactor authentication options, and LastPass for your applications.
Given the rich features you get, LastPass should the first password manager you try. And don’t be surprised if it’s the last. You can get plenty of mileage out of the free version, but given the added security an ultra-affordable upgrade brings, you shouldn’t be shy to open your wallet.