Pros & Cons

Familiar, well-established product with a large user base
Good autofill accuracy across browsers and mobile apps
Emergency access and account recovery options
Business plan includes directory sync and federated login
Security Dashboard shows vault health at a glance

2022 breach exposed encrypted vaults — serious trust damage for security-first users
Free plan restricted to one device type (desktop or mobile, not both)
Has raised prices while competitors have improved — value proposition weaker than before
Multiple security incidents beyond 2022 raise concern about security culture

Key Specifications

Starting Price	$3.00/mo (Premium, billed annually)
Free Plan	Yes — unlimited passwords, 1 device type (desktop OR mobile)
2022 Breach	Yes — encrypted vaults were exfiltrated; weak master passwords are at risk
Dark Web Monitoring	Included in Premium
Emergency Access	Yes — trusted contact
Business Plan	$3/user/mo (Teams), $6/user/mo (Business)
MFA Support	Yes — TOTP, hardware keys, biometrics
SSO	Business plan — Okta, Azure AD, Google Workspace

LastPass Review 2026

LastPass was for many years the default recommendation for password managers — and in terms of interface and autofill quality, it remains a competent product. But the 2022 security breach changed the calculus for security-conscious users, and it cannot be evaluated without addressing that incident directly.

If you’re currently using LastPass, you need to understand what happened and whether your vault is at risk.

The 2022 Breach: What Happened

In August 2022, attackers compromised a LastPass development environment. In November 2022, LastPass confirmed that attackers had used information from that breach to access a third-party cloud storage service containing encrypted customer vault data.

The encrypted vault data exfiltrated included:

Website URLs (unencrypted)
Usernames, encrypted with AES-256
Passwords, encrypted with AES-256
Notes, encrypted with AES-256

The encryption is only as strong as your master password. LastPass’s PBKDF2 iteration count for older accounts was as low as 1 (compared to the recommended 310,000+). Accounts with weak or common master passwords created before LastPass updated its security defaults are at meaningful risk of being cracked.

What you should do if you use LastPass: Change your master password, ensure PBKDF2 iterations are set to at least 310,000 in your settings, and change high-value passwords stored in your vault.

Features

Setting the breach aside, LastPass’s feature set is competitive:

Security Dashboard: Visual overview of vault health — weak, reused, and compromised passwords
Dark web monitoring: Email scanning for breach appearances (included in Premium)
Emergency access: Designate a trusted contact to request access after a delay period
Autofill: Among the most reliable in the category — accurate form detection across browsers
Password generator: Customizable character sets, length, and complexity

Business Plans

LastPass Business includes:

Directory integration (Active Directory, Azure AD)
Federated login (SSO through Okta, Google, Azure)
Policy-based access controls
Reporting and audit logs

At $6/user/month for Business, it’s cheaper than Keeper or 1Password Business — but IT teams should weigh the cost savings against the security incident history.

Free Plan Restrictions

LastPass’s free plan has a significant restriction: you can use it on either desktop devices or mobile devices, but not both simultaneously. Switching device types is limited to three times per year. For a free plan, this is more restrictive than NordPass (one active device but any type) or Bitwarden (full cross-device sync for free).

Pricing

Free: Unlimited passwords, 1 device type only
Premium ($3/mo): All devices, dark web monitoring, emergency access, 1GB encrypted storage
Families ($4/mo): Up to 6 members, shared folders, family dashboard
Teams ($3/user/mo): Up to 50 users, basic admin console
Business ($6/user/mo): SSO, directory sync, advanced reporting, 3 SSO apps

Verdict

LastPass is a functional password manager that works well in day-to-day use. However, we recommend 1Password, NordPass, or Keeper for new users. If you’re already on LastPass, update your master password and PBKDF2 iterations — and consider migrating to a provider with a cleaner security track record.

LastPass