If you're looking to boost your digital privacy with a password manager, we compare how two popular options currently stack up.
It wasn’t long ago that I raised an editorial toast to the reigning champion of password managers, LastPass, recommending it not only for its broad suite of premium features but — most crucially — for its refusal to let down its veteran fanbase of free users, even as it faced sweeping scrutiny over an ownership change.
A moment of silence, then, for our beloved fallen freeware: As of March 16, 2021, LastPass free-tier users are only able to use the service on one device type — either desktop or mobile, but not both. Goodnight, sweet prince.
The move tragically undermines a key security principle that’s made LastPass’s free version so effective at core security — its seamless multiplatform integration. Using a password manager to boost security, perhaps more so than many other privacy products, pivots on a fulcrum of maximum user convenience. Internet users are bound to forget about their password manager altogether if it isn’t immediately and consistently visible as they browse the web across devices. As a result, they’re likely to store their ever-increasing number of passwords in a browser itself, which is a much less secure option.
With more types of internet-connected devices in users’ hands — and with a digital divide contributing to a broader shift toward accessing the internet via phone — internet use is becoming more fluid. So a free password manager that can’t adroitly pivot between your devices just isn’t going to cut it.
Along with losing multiplatform access, people using LastPass’s free tier also no longer have access to email customer support. Password managers are arguably the most intimate service in our digital lives. Used well, they hold the keys to our individual kingdoms. While their encryption typically blinds password managers’ parent companies from viewing your actual passwords, LastPass still offered a bunker-busting option to reset a free-tier user’s master password in an emergency.
Now imagine being a free-tier user, caught overseas trying to negotiate a login issue, and the company you trust with more access than any other won’t even reply to an email. Ouch.
These factors combine to nullify any competitive advantage its free-tier service gained LastPass, and draws it into closer combat with its peers. Meanwhile, 1Password has been closing in on the crown steadily, even as it touts only razor-thin marginal victories in key areas. We’re looking forward to getting you fresh CNET reviews of 1Password and several of its peers soon. In the meantime, however, here’s where the two password-privacy titans stand in comparison.
1Password is closing in on LastPass’s lead in password management since LastPass added its new free-tier restrictions. With its hyper-flexible platform compatibility, transparency-boosting company policies, robust security features, and silky-smooth interface — 1Password leaves us wondering whether LastPass can hold onto its crown.
LastPass’s legacy swiftly soured after announcing its prized free tier will now be limited to use on just one device. LastPass has never been at greater risk of being dethroned, as its security and compatibility advantages over 1Password are reduced to razor-thin marginal wins.
Cost-effectiveness: 1Password for singles, LastPass for families
Both of these password managers are comparable in base single-subscription price, but 1Password ekes out a lead by just a few pennies.
A single one-year subscription to 1Password costs $35.88 and comes with unlimited login storage, 1GB of document storage and optional two-factor authentication through Yubikey for additional security. LastPass offers the same for $36.
LastPass beats 1Password on family plans, though. LastPass’s family plan costs $4 a month and allows up to six users, while 1Password family plans start at $5 per month and allow only five users.
Both managers offer a trial period, but LastPass is better, offering you 30 days compared to 1Password’s 14.
Platform compatibility: 1Password (by a nose)
Both managers work on Windows, MacOS, Linux, Chrome OS, Android, iPhone and iPad. Both offer ways to work with Chrome, Firefox, Safari, Edge and Opera. On mobile, the two come to a draw. But on your laptop? 1Password’s got native apps that run with its browser extensions, while LastPass just relies on browser plug-ins. This gives it a slight advantage in flexibility, but only in outlier cases.
1Password also has a Chrome OS app that lets 1Password live in your browser, and offers keyboard shortcuts for fast-searching your logins across all of its desktop options. And if you want to run a leaner version of 1Password, you can also use its mini-apps on Windows and MacOS.
Because the managers are both browser-focused, the compatibility factor also gives you an idea of their overall usability — how they look and feel for an average user. If you have a sluggish machine or are working with extremely limited processing power, LastPass’s browser extensions are your better option for a speedy browsing experience.
Comparing for visual ease, though, LastPass organizes your password vault in a nested folder system, while 1Password’s similar system also lets you add tags to your logins. Can’t remember the name of that movie site you were using last week? Just search “entertainment” in 1Password’s tags to see the list of streaming sites you logged into.
1Password, like LastPass, works across Windows, MacOS, Linux, Chrome OS, Android, iPhone and iPad. 1Password
Security: Both are secure, but 1Password is more transparent
LastPass beats 1Password hands-down on one important security perk — password generation. While both have random password generators, LastPass spits out stronger passwords more quickly than 1Password with a one-click process. You can’t customize the parameters of password generation like you can in 1Password, but that’s arguably stronger since it reduces the human error factor by default. Even with less parameter customization, password generator settings in LastPass can still be more easily adjusted for sites that are picky about password selection. You can also enable LastPass to automatically update your passwords.
Overall, though, 1Password has the edge.
Both LastPass and 1Password encrypt your logins locally to normal AES-256 standards — meaning your passwords are encrypted before they’re sent across the internet — rather than relying on a cloud-based service to scramble them later. And LastPass does offer more convenient two-factor authentication, so you’d think it would have an advantage there, but that’s not necessarily the case.
1Password also offers two-factor authentication but its onboarding process gives it a superior security advantage over LastPass.
LastPass and 1Password both encrypt your logins locally before they’re sent across the internet. LastPass
For LastPass, you only need a master password to create your vault and access it across all platforms. With 1Password, you use a master password to access your vault across platforms but during setup you’ll need that master password plus a security key. 1Password also boosts privacy by offering a convenient QR code setup option so you don’t risk exposing that key via manual typing. On Macs, you can use Touch ID to unlock 1Password, and on iOS devices you can use Face ID as well.
1Password’s Watchtower feature adds another inch to its narrow competitive edge. Watchtower regularly scans the dark web for any appearance of your unique credentials, alerting you if it finds your info out-of-pocket. LastPass offers a similar feature called Dark Web Monitoring. While we’re excited to get a closer comparison on the two features in the future, for now the difference appears to be that Watchtower lets you select which sections of your vault you want it to check for. This ability to create intra-account bulkheads could offer you more control over the flow of data between your manager and your credentials.
While some might point out that LastPass’s history of bugs and breaches makes it a less certain bet, I’d say that’s a shortsighted argument: There’s always a strong correlation between the popularity of any security tool and the length of its bug rap sheet. There are three more important factors to weigh: the damage incurred by the breach, the company’s bug-killing and prevention process and the company’s transparency.
While LastPass has competently addressed these factors in its own way, LastPass came into the spotlight again in February as researchers discovered seven web trackers attached to LastPass’s Android app.
1Password wins for me on this one — for now — because it appears to have gone further than LastPass in the depth and substance of its third-party audits, and because it was found to have zero web trackers by the same organization.
Neither manager enjoys the distinction of being proudly open-source — like BitWarden, which is racing forward to grab the baton of best free password manager — but 1Password seems to be striving for maximum transparency. And that’s a move worthy of the crown.
We’re looking forward to seeing who ends up with that crown in our forthcoming reviews, but for now the competition between 1Password and LastPass is just too close to call — and that should worry LastPass regardless of the outcome.