As part of our commitment to security, we want to make sure our customers and the public are aware of recent reports from LastPass users of fraudulent SMS account recovery requests. Our security and engineering teams have recently observed potential “credential stuffing” attacks occurring. Credential stuffing attacks are events when a malicious or bad actor attempts to access user accounts (e.g., in this case, LastPass) using e-mail addresses and passwords obtained from third-party breaches related to other unaffiliated services. Using an encrypted password manager and only using complex, unique passwords – bolstered by multi-factor authentication – is the ideal protection against this type of attack.
We want to reassure you that there is no indication that LastPass or LogMeIn were breached or compromised.
LastPass will store your Apple account password so you can sign onto any Apple device or platform. First download and log in to LastPass. In Safari, open up Preferences and click Passwords. Copy-paste any stored logins to new entries in the LastPass vault. Once authenticated, your LastPass Vault opens, and you can use the Safari app extension icon in the web browser or the LastPass Menu Bar icon in the top navigation to use the Quick Search feature (if enabled) open your Vault, generate passwords, manage your Preferences, check for updates, log out, and quit. Use the LastPass Safari app extension. Internet Explorer – Right-click the web browser toolbar and select LastPass Toolbar to reveal. Safari – Go to View Customize Toolbar then drag and drop the LastPass icon into your toolbar. Confirm that another add-on/extension/theme is not interfering – Temporarily disable all add-ons/extensions/themes and re-enable LastPass. Instructions will vary for each web browser.
How LastPass Protects Against Malicious Activities
LastPass was built with security in mind and includes various features, including the account recovery process, designed to protect against unauthorized or malicious access. The account recovery process specifically, requires several steps designed to ensure that recovery can only be executed by the real owner, including requiring a one-time passcode (OTP) that the account owner receives via email or text to be input during the recovery login flow. Once OTP receipt has been confirmed, the user must additionally execute the recovery process on a browser or platform where the user has previously logged in successfully via LastPass Browser Extension (e.g., on Chrome, Edge, Safari, etc.). This process is being triggered but cannot be completed as expected on an attacker machine.
LastPass also has many industry-standard protections in place, from various infrastructure level solutions, such as multiple web application firewalls, DDoS protection solutions, and malicious request filtering engines, to various application-level protections where we limit unusual behaviors in various ways. Operating and keeping these tools up-to-date is a continuous commitment from us to keep our users safe.
Creating a Strong Master Password
It’s very important that you use a strong Master Password and it should never be used as a password for any other website or app. If you or your end users have re-used your LastPass Master Password anywhere, we recommend immediately changing your LastPass Master Password and enabling multi-factor authentication on your account, as well as your end users’ accounts.
Although you’re protected by the many layers of encryption and security we put in place to keep your data safe, using a strong, unique Master Password will not only help to protect you from a brute-force attack but should also ensure that a breach at another random website won’t affect your LastPass account. While we enforce industry-standard minimums when creating the Master Password (must be at least 12 characters long, at least 1 number, at least 1 lowercase and 1 uppercase letter), LastPass users should make the Master Password as strong as possible. Specifically, that means a Master
Password should be long and unique, with a mix of character types.
Dangers of Password Re-Use
As the world continues to work remotely and spend more time online, there have been a generally observed increase in cyber-attacks and breaches. Unfortunately, with large data leaks, millions of usernames and passwords are out there for anyone to abuse. The easiest way for attackers to make use of those credentials is to systematically try logging in to other websites, such as LastPass, with the same username and password combinations.
Creating long, strong and unique passwords is one of the main reasons you’re using a password manager like LastPass. We’re fortunate to be one of the most popular password managers available, but that doesn’t mean our service is exempt from these attempts either. Because re-using passwords is such a common (though dangerous) practice, we do everything we can to protect our users.
What Can LastPass Users Do?
To help ensure your LastPass and other online accounts are secured from bad actors or hackers, we recommend users follow these online best practices:
To help ensure your LastPass and other online accounts are secured from bad actors or hackers, we recommend users follow these online best practices:
- Use a strong, secure master password for your LastPass account that you never disclose to anyone.
- Never reuse passwords on multiple accounts, especially your LastPass Master Password. Use a different, unique password for every online account.
- We strongly advise using the LastPass Security Dashboard to identify websites saved in your vault where you’re re-using passwords. LastPass can help you replace those passwords with strong, unique ones using our password generator tool.
- Enable dark web monitoring in the Security Dashboard. Once it’s on, you can relax knowing that LastPass is monitoring your account security for you. If an account is at risk, you will receive an alert in your email and in-product.
- Turn on multi-factor authentication for LastPass and other services like your bank, email, Twitter, Facebook, etc.
- Beware of phishing attacks. Do not click on links from people you don’t know, or that seem out of character from your trusted contacts and companies.
- Run antivirus, end-point protection, and/or anti-malware protection software, as well as regularly update your software and anti-virus signatures.
- Make regular backups (either locally or to the cloud) of your critical data – this will serve you very well in case of ransomware attacks and similar. If all else fails, you do have your data in a safe pace. Create a bi-weekly or bi-monthly habit to synch/run backup to catch up any changes.
Managing passwords is a pain, isn’t it?
With over 80% of today’s data breaches being caused by weak, stolen, or reused passwords, password management tools are becoming increasingly important. They store and generate secure, encrypted passwords for you — the only password you have to remember is the single master password to the manager itself.
LastPass is one of the most popular password managers on the market, but it’s not right for everyone. In this post, we compiled some of the best paid and free LastPass alternatives you can use.
LastPass has announced that starting March 16, 2021, its free plan will only include access to unlimited devices of one type (desktop or mobile).
You can read more about the news here.
Wanted to quickly compare between the free and paid plans across all LastPass alternatives? Click the button below to grab the one-page cheat sheet PDF:
An overview of LastPass
LastPass generates, stores, and syncs secure passwords to all your chosen devices. It allows you to share passwords with others, alerts you to weak and duplicated passwords, and uses a zero-knowledge approach (the company does not store, track, or sell your data).
Key features:
- More password recovery options than most password managers.
- Uses AES 256-bit encryption (the same encryption method used by high-security banks and the military).
- User-friendly interface and easy to follow instructions.
Potential drawbacks: There is no access to direct customer support.
Cost: Alongside the free plan, the premium plan costs $3 per month and the family plan costs $4 per month.
The best LastPass alternatives for easy password management
Below, you’ll find a breakdown of the benefits of using LastPass and the best LastPass alternatives.
1. NordPass
AppSumo Deal: NordPass
Store your passwords, credit card details, secure notes, and personal information — and access them at any device at any time.
$29.00 | $58.99
Build by the team behind NordVPN, NordPass is the next generation password manager fit for individual users and businesses alike. With NordPass you can safely store your passwords, credit card details, secure notes, and personal information.
Key features:
- Identify vulnerable passwords, check if your data has ever leaked, and generate new complex passwords to protect your accounts
- Autosave passwords with a click and the next time you log in, NordPass will fill your details for you
- Password strength checker to boost your online security
Potential drawback: Newer tool (first introduced in 2019) compared to other LastPass alternatives.
Cost: Personal plan starts free with paid plan starts at $1.99 per month, billed annually. NordPass also comes with a family plan at $3.99/month, billed annually for up to five unique accounts; and a business plan at $3.99 per user per month, billed annually. For a limited time, you can get NordPass for $29 a year on AppSumo.
Who it’s best for: Anyone who never wants to reset their passwords again and who longs for peace of mind while browsing online.
2. PassCamp
PassCamp is a browser-based password manager for individuals and small teams. It uses a zero-knowledge approach and offers end-to-end encryption (as well as other features) to enable safe management of sensitive data.
Key features:
- Stores passwords as public keys (passwords are converted into a code that only the owner can see)
- Auto-fills password fields with a browser extension for Google Chrome, Mozilla Firefox, and Safari
- Shows the history of changes made to passwords or notes
Potential drawbacks: Limited integration with third-party apps like Gmail, Dropbox, and Office 365.
Cost: The personal plan starts free and the personal premium plan is €2.50 (approx. $2.95) per month. The team plan costs €3.50 (approx. $4.16) per month.
Who it’s best for: Small to midsize teams who want to safely store and share passwords for multiple accounts.
3. Dashlane
With over 14 million customers, Dashlane is one of the popular premium LastPass alternatives. It handles all the basic and advanced tasks of a password manager with ease and has unique features for extra security.
Key features:
- Biometric logins across Android and Apple devices
- Compatible with Windows, Mac, iOS, Android, Linux, and Chrome OS systems
- Built-in VPN for added online security (available with paid options)
Potential drawbacks: The paid plans are expensive, and the free version is limited to 50 passwords.
Cost: Starts free and then $3.33 per month, billed annually. Dashlane also has a family plan at $4.99 per month, billed annually.
Who it’s best for: For teams that need to manage sensitive data and want the extra assurance and convenience of a built-in VPN.
4. RoboForm
RoboForm is a budget-friendly password manager for personal and business use. Individual users can create and store complex passwords, while businesses can easily assign credentials, delegate permissions, deploy security policies, and view reports.
Key features:
- AES-256 bit encryption for secure password creation, storing and sharing
- Passwords can be synced across multiple desktop and mobile devices
- Notes can be associated with passwords
Potential drawbacks: RoboForm has no breach monitoring or encrypted storage.
Cost: In addition to the free plan, personal plans start at $1.99 and family plans at $3.98 per month, both billed annually. The business plan costs $3.35 per month, billed annually.
Who it’s best for: Personal users and businesses who need a budget-friendly password management software.
5. 1Password
While 1Password is compatible with all devices and operating systems, it is geared towards Mac and iOS users. The password management app features multiple browser add-ons, auto-fill forms, a digital wallet, and a flexible password generator for more control over the passwords you create.
Key features:
- Travel Mode hides specific vaults on your devices when traveling (for a limited time)
- Multiple vaults to organize and store different passwords
- The Watchtower feature reports vulnerabilities and even reports credit card expiry dates
Potential drawbacks: There is no free version available. (But you can get a 30-day free trial.)
Cost: Personal and family plans start at $2.99 per month, billed annually. Team and business plans start at $3.99 per user per month, billed annually.
Who it’s best for: Government workers, executives, and teams who travel frequently and manage sensitive, or top-secret data.
6. Sticky Password
Sticky Password is a LastPass alternative that securely stores all your login credentials and generates new, secure, and unique passwords for your accounts.
Its ability to sync via Wi-Fi without accessing the cloud offers an extra layer of security, but it lacks the advanced features of other premium password managers.
Key features:
- Offline access to your password vault
- Biometric and PIN code logins
- Syncs passwords across and is deployable on Windows, macOS, Android, and iOS devices
Potential drawbacks: Does not automate password updates.
Cost: The premium plan is $29.99 per year and comes with sync, backup, and password sharing — features that are absent in the free plan.
Who it’s best for: Individual users who want a minimalistic password management tool.
7. Enpass
Enpass is a straightforward password management app that combines intuitive design with mobile compatibility for ease of use.
Key features:
- Saves passwords locally or on third-party cloud storage
- Provides secure password sharing options
- Free when used on Windows, macOS, and Linux desktop devices
Potential drawbacks: No real two-factor authentication options for logging into the device.
Cost: The app is free for desktop users. If you use over 25 items in a single vault, paid plans start at $12 per year for the first year, and then $23.99 per year after that.
Who it’s best for: Desktop users who want a free password management app.
8. Keeper
Keeper is a well-rounded password manager and digital vault that stores website passwords, financial information, and other documents using AES-256 bit encryption and a zero-knowledge system.
As a LastPass alternative, it offers multi-factor authentication and has rare features like dark web monitoring and encrypted messaging.
Key features:
- Add text, documents, and photos to each password entry
- Easy to use password import features
- Advanced security options for business users (DUO Security and RSA SecurID)
Potential drawbacks: Users have reported the app interface as “old fashioned and boring.”
Cost: $3.75 per user for the business plan, and $5.00 per user for the enterprise plan. Personal plans start at $2.91 and family plans start at $6.24.
Who it’s best for: Medium to large teams who need to manage and store sensitive documents and assign credentials.
9. Bitwarden
Bitwarden is an open-source, desktop-based password manager with AES-256 bit encryption and a zero-knowledge model. The rich features available in the free version and the cheaper family pricing plans make it a popular alternative to LastPass.
Key features:
- Self-hosting options for maximum security
- APIs to automate onboarding and management functions
- Security reports that reveal weak passwords and show helpful data security metrics
Add Lastpass To Safari Mac
Potential drawbacks: Limited support for iOS
Cost: The premium plan starts at $10 per year, the family plan costs $40 per year. Business pricing is $3-$5 per user depending on the features required.
Who it’s best for: Individuals who want a cheap family password manager that enables more control over data security.
Which LastPass Alternative Should You Pick?
Password manager has became a must-have tool as the world is getting more digitalized and everyone is working remotely.
LastPass offers an excellent free plan and a strong premium plan with desirable features and pricing. There’s a lot to like, but it’s not your only option.
Lastpass Safari Extension Not Showing Up
If you want a free LastPass alternative with strong features, go with an open-source application like Bitwarden. If you want premium plans suitable for larger teams, 1Password and Dashlane are great alternatives.
Lastpass And Safari
Or you can download our LastPass Alternatives Cheat Sheet to quickly compare the free and paid plan across all the password managers mentioned in this post.
For more business tools at the fraction of their original cost, check out the AppSumo store.