Disclosure: Login Lockdown is reader-supported. If you buy through our links, we may earn a commission at no extra cost to you. Learn more
Once a clear market leader, LastPass now faces increased competition from services like 1Password, Dashlane, and Bitwarden, and it’s still working to regain user trust after its 2022 data breach.
We’ll explore its current security model, new features like passkey storage, pricing tiers, and usability across devices. You’ll also see how it stacks up against top competitors in features, value, and peace of mind.
By the end of this LastPass review, you’ll have a clear picture of whether LastPass is the right choice for your personal or business password management needs.
Highlights
- Zero-knowledge security model with AES-256 encryption and local device decryption; master passwords aren’t stored by LastPass.
- Fresh features in 2024–2025: Security Dashboard, Dark Web monitoring, and passkey storage (save and use passkeys on supported sites; not yet for logging into LastPass itself).
- LastPass plans and pricing (personal and business) remain competitive, with Premium, Families, Teams, and Business tiers.
- Context after the 2022 data breach: LastPass details mitigations (new crypto libraries, updated measures); we explain what changed and how to evaluate risk.
- Who it’s best for: Users who value cross-platform convenience, sharing, and dark-web alerts; teams that need admin policies and SSO integrations.
- Who should consider alternatives: Those who want open-source/self-hosting, or who prefer providers that were unaffected by the 2022 LastPass incident.
Why this LastPass review matters in 2025
Weak and reused passwords continue to drive data breaches.
Verizon’s DBIR reports that the human element remains involved in the majority of breaches, and stolen credentials are a dominant factor in web-app attacks. CISA explicitly recommends using a password manager to generate and store strong, unique passwords.
LastPass offers a free password generator (see screenshot below), with which you can generate random, strong passwords that include uppercase and lowercase letters, numbers, and symbols.
You control how long the password is (between one and 50 characters). And you can even select options “Easy to say” and “Easy to read” so the passwords, although strong and random, are still easier to remember.
So the question isn’t if you should use a password manager. It’s which one fits your needs. Let’s dig into LastPass.
What is LastPass?
LastPass is a cross-platform password manager with browser extensions, desktop apps, and mobile apps for storing logins, payment cards, secure notes, identities, and now passkeys. It’s widely adopted in the consumer and business markets, and its feature set is geared toward convenient, policy-driven password hygiene at scale.
On its public site, LastPass highlights an array of features, including password management, save and autofill, sharing, a Security Dashboard, Dark Web monitoring, and SaaS monitoring for businesses.
Is LastPass safe? Security model, breach context, and what changed
When evaluating any password manager, security should be the first and most important factor.
In this section of our LastPass review, we’ll break down how LastPass protects your data, what really happened during its 2022 security breach, and the changes it’s made since.
Understanding these details will help you decide if its current safeguards meet your personal or business security standards in 2025.
Zero-knowledge encryption, in plain English
- End-to-end: Your LastPass vault is encrypted on your device using AES-256, then synced in ciphertext. Even LastPass can’t see your data.
- Key derivation: Encryption keys are derived from your master password with PBKDF2-SHA-256 plus salting (high iteration count); the master password itself is not stored by LastPass.
About the 2022 incident (and the 2024/2025 aftermath)
- In 2022, an attacker exfiltrated vault data (still encrypted) and other information. LastPass’ public disclosures provide the timeline and guidance for affected users (Source: CybernewsThe LastPass Blog)
- In 2024, LastPass reported new cryptographic libraries were implemented across extensions and mobile apps (with Web Vault work ongoing at that time). This is part of hardening after the incident. (Source: LastPass Support)
Bottom line for security-conscious buyers:
If you adopt strong master passphrases and enable multi-factor authentication (MFA), the zero-knowledge model remains robust, and your vault items are encrypted client-side.
But the 2022 data breach is a valid reason to scrutinize vendor practices, credential hygiene, and your personal risk tolerance. For regulated industries and high-risk profiles, evaluate LastPass alongside alternatives and formalize key-rotation and auditing procedures.
LastPass pricing and plans (2025)
LastPass offers both personal and business plans. All plans begin with a 14-day free trial so you can test it out and decide if the plan is too small, too big, or just right.
Friendly reminder: Always confirm current pricing on LastPass’s pricing page.
Personal
- Free – Basic password vault with one device-type limitation and essential management (often includes a 30-day Premium trial). Good for simple use cases, but the device-type limit can be restrictive.
- Premium – $3 per month (billed annually) – Save unlimited passwords, remove device-type limits, and add features like Dark Web Monitoring and the Security Dashboard.
- Families – $4 per month (billed annually) – Up to 6 seats under one admin dashboard for family-level password sharing and management.
Business
- Teams – $4.25 per month (billed annually) –Designed for small teams getting started. Includes an admin console to manage users, shared folders, and 25 security policies.
- Business – $7 per month (billed annually) – Adds directory integrations, SSO for 1,200+ apps, advanced policies, and reporting.
- Business Max – $9 per month (billed annually) – Extends visibility into the org’s SaaS footprint (newer tier focused on SaaS management).
Tip: If you’re buying for a family or a small team, do the math on Families vs Teams; Families can be a better value if you don’t need admin-heavy controls.
Key security features we tested (and how they stack up)
Now it’s time for the meat and potatoes of our LastPass review. What features make LastPass a great password manager? Here are the five standouts we chose to highlight.
1) Security Dashboard and Dark Web Monitoring
The Security Dashboard surfaces weak, reused, and exposed passwords and shows an overall health score. Dark Web Monitoring alerts you if your email or credentials appear in known data breaches. This is a practical way to “chip away” at bad passwords over time.
Why this matters: Credential-based attacks are still the most common path in basic web app breaches. Knowing which passwords are weak or exposed is how you reduce blast radius.
2) Passkey storage (newish and useful)
LastPass now lets you save and use passkeys for sites that support them, including setup flows on Android and iOS.
Important caveat: you cannot log in to LastPass with a passkey yet; you can use passwordless login via biometrics, but a passkey cannot unlock the LastPass account itself at this time.
Why this matters: Passkeys are phishing-resistant and remove password reuse risk for supported services. You can adopt them gradually while keeping passwords where needed.
3) Save and autofill (browser + mobile)
Extensions for Chrome, Safari, Firefox, Edge, and Opera handle password saving, password storage, and autofill. It also lets you generate strong passwords on the fly and capture new logins seamlessly. Cross-platform syncing is table stakes now, and LastPass does it well.
4) Secure sharing (individuals, families, and teams)
You can share items (or folders) with granular access (view or edit) and revoke at any time. Families and Business tiers layer on admin controls, shared folders, group policies, and reporting.
5) Admin controls and SSO (business tiers)
Admins get policies, reporting, and SSO to 1,200+ pre-integrated apps, critical for reducing unmanaged credentials while improving user experience.
Real-world usability
A password manager is only as good as its functionality. Can you use it in real-world situations—at home, if you’re using it for personal security, or your business operations, if you and your employees are using it at work? LastPass meets your needs, personal or business, wherever you are.
- Onboarding: Straightforward import from browsers or files. The Security Dashboard immediately reveals high-impact fixes (e.g., reused passwords on critical accounts).
- Day-to-day: Autofill is predictable, and the password generator is one click away in the extension.
- Mobile: Biometrics streamline unlocks; passkey support is rolling out on both Android and iOS for sites that support it.
- Customer support: LastPass support provides an extensive online knowledge base for users to browse various topics from password generator issues to browser extension problems. If you need more personalized or specific help, LastPass makes it easy with its “Talk to support” option for subscribers.
Pros and cons
Every tool has benefits and drawbacks. Here’s a quick list of what to expect from LastPass.
Pros
- Mature zero-knowledge architecture with AES-256 and strong KDF settings.
- Security Dashboard + Dark Web monitoring drives measurable password hygiene improvements.
- Passkey storage support for compatible sites (future-proofing).
- Strong business feature set (SSO, policies, reporting, directory integrations).
- The Families plan offers good value for up to six users.
Cons
- The 2022 security breach history means some users may never feel comfortable returning. Due diligence is warranted, but be sure to check out what the company did following the breach. (Source: Cybernews)
- Some reviewers and users prefer open-source/self-hosted options; LastPass is not open-source. If that’s a deal-breaker, look at an alternative option (comparison table below).
- A few advanced features (e.g., full passkey-based login to LastPass) aren’t here yet. If that’s important to you, check out 1Password or Dashlane.
LastPass vs. the threat landscape (2024–2025)
Credential attacks continue to dominate in 2025. The World Economic Forum Global Cybersecurity Outlook 2025 Insight Report indicates that Ransomware is by far the greatest threat (45%), followed by cyber-enabled fraud (20%).
CISA guidance is clear: use long, unique passwords and a password manager to keep them, and use MFA wherever possible.
Takeaway: Any password manager you actually use daily (with a strong master passphrase + MFA) is a massive upgrade over reusing a handful of weak passwords. LastPass provides both a strong password generator and a secure vault with MFA.
Set-up checklist: How to get the most out of LastPass
- Create a long master passphrase (e.g., 5–6 random words). Store it offline and don’t reuse it. (Aligns with CISA/NIST guidance on length and uniqueness.)
- Enable MFA (authenticator app or biometric-based passwordless).
- Install extensions on every browser you use daily; enable mobile autofill.
- Run the Security Dashboard and fix the top 5 weak/reused passwords each day until your score is healthy.
- Turn on Dark Web Monitoring for your primary email(s).
- Adopt passkeys where supported (Google, PayPal, etc.) and store them in your vault.
- Share securely (no plaintext passwords over chat/email); use item or folder sharing.
Who should (and shouldn’t) choose LastPass in 2025
LastPass, like any tool or software, isn’t for everyone. Here are some quick points to help decide whether it’s a good choice for you.
Choose LastPass if you want:
- An easy consumer experience with strong hygiene nudges (Dashboard + Dark Web) and Families value.
- Business-grade SSO, policies, reporting, and broad user provisioning.
- Early passkey management alongside traditional passwords.
Consider alternatives if you:
- Require open-source or self-hosting for policy/compliance reasons.
- Prefer a provider without LastPass’ 2022 breach history.
Comparing LastPass to alternatives
If LastPass isn’t the best choice for you and your family or business, there are other options available that may be a better fit. The table below compares LastPass and its top competitors: 1Password, Dashlane, and Bitwarden, so you can see how they stack up.
LastPass review verdict: Should you subscribe to LastPass?
If you want a mainstream, easy-to-use password manager with helpful hygiene coaching (Security Dashboard, Dark Web monitoring) and sharing that scales from solo to family to business, LastPass is still a solid pick in 2025.
Of course, the 2022 breach is a valid concern. If that history is a deal-breaker for you, shortlist alternatives (see the comparison table above). If you stay with LastPass, mitigate risk with a strong master passphrase, MFA, and steady cleanup via the Dashboard.
Regardless of the password manager you choose, it’s vital to have one to protect your digital assets. To learn more about cybersecurity and current relevant trends, read and subscribe to our blog.
FAQs about LastPass
Is LastPass safe after the 2022 breach?
LastPass uses zero-knowledge encryption: your vault is encrypted client-side with AES-256, and LastPass doesn’t store your master password.
The 2022 incident did not decrypt vault contents, but it did expose encrypted data. LastPass has since implemented new cryptographic libraries in 2024. Use a strong, unique master passphrase and MFA. (Source: LastPass Support)
Does LastPass support passkeys?
Yes. LastPass supports storing and using passkeys on supported websites. You can’t use a passkey to log in to LastPass yet; use passwordless or biometrics instead.
What’s in the Security Dashboard?
It scores password health, flags weak, reused, and compromised passwords, and pairs with Dark Web Monitoring to alert you to exposures.
Does LastPass work on all my devices?
Yes. Cross-platform extensions and apps handle save and autofill across major browsers and mobile OSes; the free plan limits you to one device type.
Is LastPass good for families?
Yes. The Families plan gives 6 seats, a simple admin dashboard, and shared folders so you can centralize sensitive logins (banking, streaming, utilities).
What about business use?
Teams and Business tiers add SSO, policy enforcement, and reporting. Integrations cover 1,200+ apps to reduce password sprawl.