Table of Contents
Intro
I’ve used LastPass for going on 7 years now, but there are lots of tidbits of it that bother me, the price has steadily been rising, and they removed (it seems) auto password changing when they changed to the security dashboard from the security challenge (which is more convenient, but that’s a rough feature to lose).
Ultimately, I’m looking today -and presumably over the following weeks- for a different password manager. Maybe there’s one that is as fully featured that works a little bit better for me. The main gripes I’m looking for improvements on are as follows.
- better multi-password handling (when I have to enter multiple passwords to access one account)
- better mobile/desktop syncing
- better integration with multi-factor authentication
- automatic password changing capability
Below are the password managers I’ve opted to look at, and little notes of what I’m thinking about them going into this.
- LastPass
- Proton Pass (I’m expecting this to be my new choice)
- Dashlane (I’m expecting it to have the best design)
- 1Password
- NordPass
- Keeper (This seems like it may stand the next best chance)
- Bitwarden (I’m hopeful open-source = top contender)
- KeePass (Recommended most by other CySec professionals)
TLDR:
I went with XXXXXXXX
As far as navigating this article if you’re not going to read it all, I’ll have a feature comparison next, then discuss each I more thoroughly review, give them ratings for some key things, have a rating comparison after all of that, and then my conclusion.
Given how little time I may ultimately spend with one of the password managers I test though, I may miss features. I don’t think this will be a big deal though, given if it’s not something I can easily utilize in testing out the software … does it actually matter?
I mean, probably yeah, but we’re gonna overlook that as if I made some important point concerning UX design and certainly not attribute it to laziness.
Realistically, I don’t expect to find something that has every feature of a software I’ve used for the better part of a decade AND find meaningful improvements, but I am hopeful given how heavily a lot of these services have been pitched for years. Though, given the longstandingness of LastPass, I would expect pretty deep emulations of it.
I’ll be including LastPass in my comparison for these password managers, given my history with it though I am probably still quite biased towards it, but I guess that’s more up to you. If nothing else, it’s a benchmark here.
Multifactor authentication generator app integration is something I’m looking at as far as features go, but I’m not going to be testing any such feature with my whole suite of codes due to how absolutely awful that sounds to set up over … and over … and over again. So legitimately evaluating this feature will be spottier than some other features.
And finally, to be clear, this is not sponsored in any way.
(all prices will be based on the price per year, rounded up to the nearest full dollar, always taking the lower annual payment option if available)
Feature Comparison
A Y indicates the feature is available and working.
A P indicates the feature is available and working, but requires a paid membership.
A N indicates the feature is not available.
A - indicates the feature is available in some capacity, but does not function properly.
A ? indicates I don’t know, probably because I couldn’t find it.
| App | App Fills | Browser Fills | Sync | Bank Cards | Auto Change | Multi Passes | MFA link | |
|---|---|---|---|---|---|---|---|---|
| LastPass | P | P | Y | Y | Y | N | - | - |
| Proton Pass | ? | ? | ? | ? | ? | ? | ? | ? |
| Dashlane | ? | ? | ? | ? | ? | ? | ? | ? |
| 1Password | ? | ? | ? | ? | ? | ? | ? | ? |
| NordPass | ? | ? | ? | ? | ? | ? | ? | ? |
| Keeper | ? | ? | ? | ? | ? | ? | ? | ? |
| Bitwarden | ? | ? | ? | ? | ? | ? | ? | ? |
| KeePass | ? | ? | ? | ? | ? | ? | ? | ? |
Reviews
LastPass Review
Again, this is the password manager I have used for the better part of a decade.
My main qualms with LastPass are primarily just inconsistencies and quirks. It’s got all of the features, and more, that you’d expect from a password manager, but does absolutely show it’s age here and there.
You can manage your passwords effectively, organizing them, viewing history, very simply updating them when changed (a popup just appears after changing a password -using their password generator maybe- asking if you want to update the password), autofilling your passwords, lets you manage bank account and routing numbers + card numbers and other info and lets you fill that into sites as well. It tracks breaches on emails used on accounts stored in the system, it can track your credit score for changes, there are very comprehensive settings for password generation, and it keeps track of the age, complexity score, and reuse of passwords stored in the system to help you update older accounts into generated passwords and generally keeping your passwords fresh.
The smartphone app (I have only ever used it on Android) works well enough, and syncs down perfectly fine, fills in most websites automatically with an popup, or you can click a silent notification to make an overlay appear to select a different account or quickly search for an account to fill into the app instead.
However, this is where some of those quirks show up. Syncing up from the app to the browser extension seems … iffy. Sometimes there’s no problems at all, sometimes I have to go into the app settings and force a sync to get the account to show up. A couple of times, I’ve straight up lost accounts I created and saved in the app because it didn’t sync up and when I tried to synchronize it removed that. Additionally, there doesn’t seem to be an option to set the category the account should be saved in on mobile, and when you view a mobile-created account in the browser extension there’s just a broken unicode character for the category name and one of the same in the description area. Not really an issue, but a nuisance when trying to keep all of your accounts organized to be sure.
Then going to the security dashboard, which replaced the security challenge they used to have, a few neat features got cut. My favorite was ranking your security against … other LastPass users, I guess, and it was nice to see myself high up there, and being motivated to update all my old accounts to generated passwords to get my score higher. That’s gone, cut. And the most useful of the cut features was the auto password change. What good is knowing that 700 accounts (a very minor minority of my accounts, believe it or not) use 300+ day old passwords if it would take 300+ days to go through and update all of those manually???
Overall design, I use to have big gripes with this. In Chrome, everything was fresh and polished. In Firefox the extension used a bastardization of new and old, where some dropdowns might not work unless you actually loaded up the extension page, kind of removing a lot of simplicity and generally looking bad.
Now, this is no longer the case, but I do think it’s an example of incongruity you encounter with LastPass. You open account settings from the extension page (“the vault”) and it’s an old design not super similar to the rest of the extension. The app is modern and fresh like most of the extension, but then you accidentally tap to launch an account (load the web page associated with it) instead of viewing the account information and it loads the most outdated integrated browser I’ve seen in a while, which is all but useless, particularly because it doesn’t save anything. Very security conscious, wildly unfriendly.
There’s nothing really wrong with any of this, the design all works, but I think it’s a point to be considered. Particularly because it doesn’t lend itself to a modern and streamlined feeling when using it, it comes of unfriendly to use in some ways.
Then there’s what I previously called Multi Passes, or multiple passwords for a single account, or “custom fields” as LastPass aptly calls it given you can use it to fill in any custom fields - like if you wanted it to automatically enter a PIN, I guess. My primary use of it is applications that allow me to additionally encrypt account content, for example a professional email - I have my password, then I also have my mailbox password to actually read anything.
This hardly works. You can set a type of field to fill, the name of the field, and what it should be filled with - but only static text. You can’t store a second password that is easily updated, just static text to be manually maintained. Additionally, it’s set up like a power user feature, hidden in advanced settings for an account, but it doesn’t give you any power user tools! No CSS selectors for the field, so 90% of the time, your custom fields never get filled because it’s so ridiculously loose in how you can define a field, yet strict in how it actually finds that field.
Another unfriendly tool that doesn’t even execute correctly.
And finally … the multifactor integration. LastPass has -by far- the best MFA code generator smartphone app that I have used. You would think that this would integrate FLAWLESSLY and if I didn’t want to I wouldn’t have to type in an MFA code on specified devices ever again! Wouldn’t you? No. It only works on specific sites it seems, and a nice little popup asks if you want it autofilled. You click yes. You try it! Logging out and back in … it doesn’t fill in the MFA code … What? It doesn’t seem to work correctly, AND it doesn’t seem to work on most sites.
Out of close to a hundred accounts using MFA codes generated in their own app, only one has ever asked me if I want that code autofilled, and it didn’t even work. Granted, this almost defeats the purpose of MFA from one perspective, so it’s not something that really “pushes me over the edge” to switch softwares. But it’s another quirk (maybe related to Firefox, but I’m not changing my browser becuase of my password manager …) that has no place in a software this longlasting.
This is an incredible -and as I have not yet tried other managers: the de facto- password manager, but it just doesn’t do every trick you want it to, and seems unfriendly in an uncomfortable number of ways in my opinion.
Plus, the price has been increasing. It’s still not significant at all, at 36$, but that’s up from 12$ without it being explicitly mentioned to you - seems unfriendly; Not unreasonable at all, as mentioned, but unfriendly in how they did it.
| Price | Usability | Design | Impression |
|---|---|---|---|
| 36$/yr | 7/10 | 8/10 | 6/10 |
| don’t bother telling me that though … | it doesn’t know if it wants you to be a power user or not | nice, fresh design, but has old and decaying parts you rarely see | just seems like maybe it’s too comfortable as the de facto |