القائمة الرئيسية

الصفحات

LastPass vs. 1Password: Which password manager should you use? [2023]

LastPass vs. 1Password: Which password manager should you use? [2023] https://ift.tt/Ysaio9B

Passwords are terrible. They're either too easy to guess or impossible to remember, and using the same one everywhere is practically inviting hackers to take down all of your accounts at once. Which is why password managers are a good idea.

Password managers generate secure passwords for you, store them securely, and fill out login forms for you. When it comes to the

best password managers, two apps come up most often:LastPass and1Password. LastPass is widely known for its free option, while 1Password stands out because of its polished design.

How do they stack up? Here's a comprehensive look.

1Password vs. LastPass: Feature comparison

1Password and LastPass both generate secure passwords and store them for you, keeping them in a vault you can access across all your devices. Both use one master password to secure your vault, meaning you only need to remember one password to access all of your accounts.

Because you use these services in connection with all your other apps, subtle differences in how they work can have a big impact, namely for ease of use. How easy is it to share logins with other people? How about changing your passwords? Or toggling between multiple accounts?

Here are the features we're highlighting in our showdown.

Apps and platform compatibility

LastPass and 1Password both have robust app support across many platforms.

A password manager isn't very useful if you can't use it everywhere. If you're going to have passwords that are difficult to remember and type in, you're going to need the software to help you enter your passwords no matter what site you're on.

Both apps have robust support for most browsers and operating systems, so it's unlikely to be a deciding factor, but here's the full list just in case.

 

LastPass

1Password

Chrome, ChromeOS

Yes

Yes

Firefox

Yes

Yes

Opera

Yes

No

Safari

Yes

Yes

Edge

Yes

Yes

iOS

Yes

Yes

Android

Yes

Yes

Windows PC

No

Yes

macOS

Yes (website in a window)

Yes

Linux

No

Yes

 

 

 

Because these apps are supported by so many different platforms, there are inevitably differences in how they work on each platform. We've tested on various platforms, but keep in mind that it might look a little different on your device.

LastPass and 1Password operate almost identically on mobile platforms, since Android and iOS both support password management and autofill. Both services also have browser extensions for Chrome, Firefox, Safari, and Edge that work similarly.

On the desktop, however, there's a bigger difference. 1Password offers native desktop apps for Windows, Linux, and Mac users; LastPass more or less relies on browser plugins.

1Password has local apps for Windows, Linux, and Mac that you can use offline to access your passwords or any other information you have stored in your vault. These apps also offer a universal keyboard shortcut for quickly searching your passwords, something LastPass no longer offers on the desktop. 1Password for Chrome OS is a browser-based app, which is common for apps on the platform, and there's also a command-line tool for Windows, Linux, and Mac devices.

1Password also offers browser extensions, which work with or without the desktop app installed. The exception is Safari—you'll need to install the macOS app, but that's just how Safari extensions work.

LastPass, on the other hand, doesn't really focus on desktop apps. The company offers a "universal installer" for both Windows and Linux that will download browser extensions for every browser, or you can download them all individually. There is a Mac app, but it's more or less just the web version of LastPass running in a dedicated window that comes with a Safari extension. LastPass's own documentation recommends that you use a combination of browser extensions and mobile apps.

Overall, the differences between the services exist only on the edge cases. Both apps support most major browsers, which means you can run them both on any operating system. However, if you want to use a local desktop app for offline use, 1Password is your only choice.

Setting up your vault

LastPass and 1Password are both easy to set up, especially if you already use saved passwords.

LastPass pop-up after logging in with a new account, confirming that you want to add it to your vault

Both services require you to create an account to begin. Like any other web service, you enter and verify your email address, select which plan you want to use, and create a password. Since this password will protect all of your other passwords, you'll want to make sure it's strong and that you never use it anywhere else. So take some time to create a long, hard-to-guess password.

Since long passwords can be hard to remember,

we suggest using a passphrase, a collection of seemingly unrelated words that are easy to remember. Something likeZapierWinstonDoggosPlanetCheeseTreats. But…don't actually use that.

The main difference in the setup is that 1Password also gives you a secret key, which you'll need to access your vault on other devices. LastPass requires just your master password, while you can't get into your 1Password vault without your master password and secret key. This gives 1Password a slight edge in making unauthorized access to your vault more difficult, without much extra inconvenience—you'll get a PDF file with the key after creating your account, which includes a QR code you can scan to avoid typing your username and secret key out manually.

So, now that you have an account, how do you get your password vault up and running? It depends where you're coming from. If you've been using another password manager or saved passwords in your browser, you can import them into

LastPass or1Password. Both work similarly: you export a .csv or .xml file from your old password manager, then import that file into your new one.

If you don't have saved passwords, then you need to build your vault, which refers to all the logins you have stored in your account (1Password also refers to smaller, more specific groups as vaults, while LastPass calls them folders). Both make this pretty easy to do. Install the extension in your browser, and then log in to any given website like you normally would. Once you've logged in, there will be a pop-up on the screen, asking if you want to add the login to your collection. Go about your web browsing like normal, saving your sites as you log in, and you'll have your vault built up in no time. Both apps work similarly on mobile. When you log in to a recognized app or webpage, they will ask whether to save the login information to your vault. Both apps also let you add passwords to your vault manually.

Given how well both apps tend to capture passwords when you first log in, though, you're unlikely to need to use this feature often. On the whole, both make it easy to add your existing passwords to your vaults, whether it's all at once or over time.

Logging in to your accounts

Both make it easy to sign in in the browser, but 1Password is better for other desktop apps.

If LastPass recognizes a login field, you'll see a LastPass logo in it. Click that, and you can choose which account you want to sign in using. Click the account you want to log in with, and LastPass will autofill that username and password.

Autofilling a password using LastPass

1Password works the same way using the browser extension.

1Password autofilling a password based on the account you choose

But with 1Password, you also have another option: the Quick Access bar in the desktop app. Use the keyboard shortcut Ctrl/command-Shift-Space in any application to bring up this bar, which you can use to search all of your passwords and copy any shortcut. This works outside of the browser, meaning it's handy if you're logging in to a desktop app. This is much faster than what LastPass offers on desktop—you can find any password in just a couple of keystrokes, without touching the mouse. If you prefer clicking to keyboard shortcuts, though, you can right-click, select 1Password, and then select your account.

Creating new passwords

LastPass and 1Password both have robust password generators, with a slight edge to LastPass.

The best passwords are long, random ones you can't remember. Of course, humans aren't good at creating actual randomness, which is why LastPass and 1Password have password generators to take care of that for you.

With LastPass, whenever you're creating a new account, you'll see an icon in the password field that you can click to create a random password. Click it and you will see a password, which you can click right away to use.

Generating a password in LastPass

You can choose Customize to change the parameters, like the length of the password, whether or not it includes numbers or special characters, and even an option to make the password easy to say. These last options are especially helpful for passwords you might still need to actually remember, like your Wi-Fi or Netflix password.

1Password works a little differently. You can click the icon in the password field, but you won't be able to customize—only to accept the given password.

Generating a password in 1Password

If you need to generate a password, click the 1Password extension icon in your browser's toolbar, create a new login, then generate the password there. You can customize the parameters to make a long nonsense password, a passphrase made up of

random unrelated words, or a PIN. You can tweak things like whether it uses numbers or symbols or which symbol is used to separate words in a passphrase. Once you have a password you like, you can copy and paste it into the password field.

If a site has special requirements for passwords, the generator in LastPass is slightly more convenient to tweak, though 1Password can also get the job done.

Changing your passwords

1Password is easier if you have multiple accounts, but LastPass is more flexible on-the-fly.

It's best practice to change your passwords every once in a while. And even if you ignore those best practices, you'll eventually get locked out of an account or a website you have an account on will get hacked. Regardless, when it comes time to change your password, LastPass and 1Password will both attempt to pick up the new password and update your vault. LastPass gives you a brief pop-up telling you that it's changed the password in the vault, while 1Password will ask if you want to use the new password—either as a new account or replacing one of your existing ones. LastPass's approach is more proactive, but 1Password gives you more flexibility, particularly if you have multiple accounts at the same website.

More importantly, both services have ways of letting you know if your password is out of date or needs to be changed. LastPass offers a Security Dashboard that will scan your database for duplicate, weak, or old passwords. There's also Dark Web Monitoring, which will compare your passwords against a database of known security breaches. All of this adds up to an overall security score that will tell you just how safe your online life is.

1Password's Watchtower offers similar features. It's integrated with Have I Been Pwned, a prominent database of leaked passwords, so you can find out if one of your passwords was leaked in a breach. You will also see a list revealing which passwords are weak and which sites offer two-factor authentication. This helps you actively keep track of security risks. There's a scoring system that is somewhat similar to credit score ratings in a similarly confusing way. Still, you can tell at a glance how you're doing, and that's nice.

Sharing logins with others

LastPass has more features on the low end and includes sharing outside of teams.

When it comes to sharing login information with others, LastPass has a clear advantage on the cheaper plans. Even a free personal LastPass account can share logins with others. In the Sharing Center section of the web app, you can enter a friend or colleague's email address and choose which items to share with them. You can even hide the password, letting them log in without letting them see the password in their vault. Since 1Password doesn't even offer a free tier, this is a strong advantage.

The sharing center in LastPass, opened to share a single login with another user

At the high end, the two are much more similar. Both 1Password and LastPass accounts at the family, team, and enterprise levels let you create "vaults" or "folders" containing multiple logins to share with your team. That allows you to share sets of passwords with specific groups, e.g., your Marketing team. Each service has a dashboard to manage who has access to what: the admin can give permissions to view and change all passwords, or restrict what can be done with them on a user-by-user basis.

The big difference between the two apps is how they think about sharing: 1Password works exclusively in vaults, while LastPass lets you share both folders and individual logins. Sharing of individual logins is available on all LastPass plans, while 1Password has no similar feature. Both allow sharing with guests outside of your team/organization, but to share just a single login with 1Password, you'd have to create a vault with nothing more than that single login, which can be an administrative headache if you have to share different sets of logins with a lot of different people.

1Password offers a feature LastPass doesn't, though: the ability to temporarily create a public link that anyone can use to access your password. You can set an expiration for the link, which is nice, but I wonder if creating links like this is a good idea. It's better than just sharing your password over text, granted, but not much better. Sharing a password using LastPass's feature strikes me as the more secure option.

So, with that in mind, if you're just managing your team's or family's passwords, there isn't a killer feature to distinguish the two. If you have to deal with freelancers or anyone else that's not a permanent member of your team, then LastPass is probably the better option.

Data storage and protection

LastPass and 1Password both store data on their servers.

Even though you store your data on 1Password or LastPass servers, they can't access your vault or any of your logins. All the data is encrypted, which means it's an incomprehensible blob of data if you don't have the encryption keys. Those keys are generated on your device using your master password (and secret key for 1Password), and those are never sent anywhere, even to LastPass or 1Password. This secures your vault against data breaches or social engineering attacks, but also makes account recovery more difficult.

Recovering your account

LastPass gives you more convenient options, while 1Password puts more control in your hands.

1Password emergency kit

It is very, very important that you don't lose the login information for these apps, because you may be locked out completely. Neither LastPass nor 1Password can access your vault, which is good—that's why your passwords are secure. But this also means that, if you forget your master password, it can be an enormous hassle.

Having said that, both services have ways to handle this. In general, 1Password leans more toward the preventive style of handling disasters—which means the app is expecting you to be responsible. When you sign up, you'll get an Emergency Kit, which has your secret key, email address, and space for you to fill in your master password. They recommend printing and keeping a copy somewhere like a safety deposit box, though an encrypted copy kept offline—like on a USB stick you keep locked away—can also work.

If you're on a shared plan, someone on your team/business/family plan may be able to help you restore your account in the event you lose your Emergency Kit, or you can export your vault from a device that hasn't logged out.

This page provides a list of options you can try if you get locked out of your vault. However, they all involve working around the access you already have. There's no method for the company to help you regain access to your vault if you lose your password.

LastPass, on the other hand, provides more convenient recovery methods, which are arguably less secure. If you've enabled biometrics on the LastPass mobile app, you can use that to recover your password. You can also set up recovery through SMS codes or one-time passwords sent via email. The SMS codes are sent to your phone number and activate a locally-stored one-time password to unlock your vault, after which you will create a new master password. You can also get a one-time password sent to your email account, though these are specific to each combination of computer and web browser, so using one can be a little complicated.

This process can pose a mild security risk, since an attacker who has access to your phone or email could theoretically use the same process to get access to your vault. But SMS recovery codes are off by default, and emailed recovery passwords should be a little difficult to use since they have to correspond to the exact computer and browser. In other words, an attacker would have to also be using your computer for the recovery passwords to be useful.

This page has more information about all of your recovery options.

Advanced security features

LastPass and 1Password both offer compelling security features.

Watchtower in 1Password, giving you an indication of how secure your passwords are

There are a few extra features that aren't the main selling points, but may be useful for deciding which password manager you choose for your business.

Two-factor authentication

1Password andLastPass both offertwo-factor authentication to protect your vault. Both work with many common authentication apps and hardware keys, with LastPass supporting slightly more. Unless you're using something obscure for security, it's unlikely this would be a deciding factor.

Emergency access

LastPass has an

Emergency Access feature in personal and family plans, allowing someone to access your vault if something happens to you (such as illness, death, or disappearance). A trusted person can request access to your account at any time. If you don't refuse the request within a set amount of time, they get access to your vault, which you can revoke at any time.

Travel mode

1Password lets you set some vaults as safe for travel and others as not. When you turn on travel mode, the sites that are listed as not safe for travel are removed from your device. This is useful especially at border crossings where you may have to hand your phone or computer to the authorities, and also helps any time you're traveling with data that would be dangerous if lost or stolen.

Restrict access to particular countries

By default, LastPass only lets you access your account from the country you created it in. When traveling, you have to proactively allow it to let you access your vault from whatever country you're going to. This prevents malicious actors coming from another country from getting access to your vault.

Pricing

LastPass is cheaper, for the most part

 

LastPass

1Password

Defining features

Individual

Free basic (limited to computers or phones); $3/month premium (billed annually)

$2.99/month (billed annually)

Single user, access to all apps

Family

$4/month, up to 6 users (billed annually)

$4.99/month (billed annually); up to 5 users

Multiple users, unlimited sharing between them, management dashboard

Teams

$4/user/month (billed annually), 5-50 users

$19.95/month for up to 10 users (billed annually)

The above, plus admin dashboard and user management

Business

"Business" plan starts at $6/user/month (billed annually)

$7.99/user/month (billed annually)

The above, plus dedicated customer support, advanced reporting, and advanced security policies

Enterprise

Business-specific add-ons available

Custom pricing

Can be customized to specific business needs

LastPass is the cheaper option for individual plans; 1Password tends to be cheaper for groups. LastPass has a free individual plan, which 1Password lacks, but it's extremely limited. You can't sync the free version between computers and phones—you have to choose to use it only on computers or only on phones. 

There's no free version of

1Password—there is a 14-day free trial, but anything past that will cost you. For personal plans, pricing is identical at $3/month for one user. For families, though, LastPass is the better deal: LastPass is $4/month for up to six users, while 1Password is $5/month for up to five users.

Team and enterprise plans have more complicated cost differences. LastPass has a teams plan that costs $4/user/month and a business plan that starts at $6/user/month. 1Password similarly has a teams plan for up to ten users that costs $19.95/month, which is cheaper than LastPass for teams with between six and ten users. There's also a business plan for $7.99/user/month, and an enterprise tier with a custom rate. 

So for the most part LastPass is cheaper, except in very specific situations, though not by much.

1Password vs. LastPass: Which password manager should you use?

Both LastPass and 1Password are solid password managers, covering the majority of use cases you're likely to run into.

LastPass is the only app that offers a free version. But for the extra money, 1Password offers local apps, a more polished UI, and a somewhat firmer security stance—which is probably better for larger teams.

Related reading:

This article was originally published in February 2019 by Zac Kandell. The most recent update was in November 2022.