It wasn’t long ago that Ito the reigning champion , LastPass, recommending it not only for its extensive set of premium features but, more importantly, for its refusal to let down its veteran fanbase of free users, even as it faced widespread scrutiny for a change in ownership.
A moment of silence, then, for our beloved fallen freeware: As of March 16, 2021,they can only use the service on one type of device, either desktop or mobile, but not both. Good night, sweet prince.
The move tragically undermines a key security principle that has made the free version of LastPass so effective at core security: its seamless cross-platform integration. Using a password manager to increase security, perhaps more than many other privacy products, revolves around a foothold for maximum user convenience. Internet users are sure to forget about their password manager entirely if it is not immediately and constantly visible while browsing the web on all devices. As a result, they are likely to store their ever-increasing number of passwords in a browser, which is a much less secure option.
With more types of Internet-connected devices in the hands of users, and with a digital divide contributing to a broader shift toward Internet access via the phone, Internet use is becoming more fluid. So a free password manager that can’t deftly switch between your devices simply won’t cut it.
In addition to losing cross-platform access, people using the free tier of LastPass no longer have access to email customer support. Password managers are possibly the most intimate service in our digital lives. Used well, they hold the keys to our individual kingdoms. While its encryption typically prevents password managers’ parent companies from seeing your real passwords, LastPass still offered a bunker-busting option to reset a free-tier user’s master password in an emergency.
Now imagine being a free tier user, stuck abroad trying to negotiate a login issue, and the company you trust with more access than any other doesn’t even reply to an email. Oh.
These factors combine to negate any competitive advantage its free-tier service LastPass gained and bring it into closer combat with its peers. Meanwhile, 1Password has been steadily closing in on the crown, even as it only touts minimal marginal wins in key areas. We look forward to further CNET reviews of 1Password and several of its peers soon. In the meantime, though, this is where the two titans of password privacy compare.
1Password is closing in on LastPass’ leadership in password management since LastPass added its new free tier restrictions. With its hyper-flexible platform support, company policies that increase transparency, strong security features, and silky-smooth interface, 1Password leaves us wondering if LastPass can keep its crown.
LastPass’s legacy quickly soured after it announced that its prized free tier will now be limited to use on a single device. LastPass has never been at greater risk of being dethroned, as its security and compatibility advantages over 1Password come down to minimal marginal gains.
Profitability: 1Password for Singles, LastPass for Families
Both password managers are comparable in single subscription base price, but 1Password gets a head start of only a few cents.
A single one-year subscription to 1Password costs $35.88 and comes with unlimited login storage, 1GB of document storage, and optional two-factor authentication through Yubikey for added security. LastPass offers the same for $36.
However, LastPass beats 1Password on family plans. LastPass’s family plan costs $4 per month and allows up to six users, while 1Password’s family plans start at $5 per month and allow only five users.
Both managers offer a trial period, but LastPass is better, giving you 30 days compared to 1Password’s 14.
Platform compatibility: 1Password (by nose)
Both managers work on Windows, MacOS, Linux, Chrome OS, Android, iPhone, and iPad. Both offer ways to work with Chrome, Firefox, Safari, Edge, and Opera. On mobile, the two come to a tie. But on your laptop? 1Password has native apps that run with their browser extensions, while LastPass only relies on browser plugins. This gives you a slight edge in flexibility, but only in outliers.
1Password also has a Chrome OS app that lets 1Password live in your browser and offers keyboard shortcuts to quickly find your logins across all of your desktop options. And if you want to run a more efficient version of 1Password, you can also use its applets on Windows and MacOS.
Because both managers are browser-focused, the compatibility factor also gives you an idea of their overall usability: how they look and feel to an average user. If you have a slow machine or are working with extremely limited processing power, LastPass browser extensions are your best bet for a fast browsing experience.
However, for visual ease, LastPass organizes its password vault in a nested folder system, while 1Password’s similar system also allows you to add labels to your logins. Can’t remember the name of the movie site you used last week? Simply search for “entertainment” in the 1Password tags to see the list of streaming sites you’re logged into.
Security: Both are secure, but 1Password is more transparent
LastPass beats 1Password in one important security advantage: password generation. While both have random password generators, LastPass spits out stronger passwords faster than 1Password with a one-click process. You can’t customize password generation parameters like you can in 1Password, but it’s arguably stronger as it reduces the human error factor by default. Even with less parameter customization, the password generator settings in LastPass can still be more easily adjusted for sites that are picky about password selection. You can also enable LastPass to automatically update your passwords.
Overall though, 1Password has the upper hand.
Both LastPass and 1Password encrypt your logins locally to normal AES-256 standards, which means your passwords are encrypted before they’re sent over the internet, rather than relying on a cloud-based service to encrypt them later. And LastPass offers more convenient, so you’d think you’d have an advantage there, but that’s not necessarily the case.
1Password also offers two-factor authentication, but its onboarding process gives it a superior security advantage over LastPass.
For LastPass, you only need one master password to create your vault and access it on all platforms. With 1Password, you use one master password to access your vault on all platforms, but during setup you’ll need that master password plus a security key. 1Password also increases privacy by offering a convenient QR code setup option so you don’t risk exposing that key through manual typing. On Mac, you can use Touch ID to unlock 1Password, and on iOS devices you can also use Face ID.
1Password’s Watchtower feature adds another inch to its narrow competitive edge. Watchtower regularly scans the dark web for any semblance of your unique credentials and alerts you if it finds your disbursed information. LastPass offers a similar feature called Dark Web Monitoring. While we’re excited to get a closer comparison of the two features in the future, for now the difference seems to be that Watchtower allows you to select which sections of your vault you want it to check. This ability to create partitions within the account could give you more control over the flow of data between your administrator and your credentials.
While some might point out thatmakes it a less safe bet, I’d say a short-sighted argument: there’s always a strong correlation between the popularity of any security tool and the length of its rap sheet. There are three most important factors to weigh: the harm caused by the violation, the company’s error prevention and elimination process, and the company’s transparency.
While LastPass has competently addressed these factors in its own way, LastPass was back in the spotlight in February asattached to the LastPass Android app.
1Password wins for me on this one, for now, because it appears to have gone further than LastPass in the depth and substance of its third-party audits, and because the same organization found that it had no web trackers.
Neither manager enjoys the distinction of being proudly open source, like BitWarden racing forward to take over from— but 1Password seems to strive for maximum transparency. And that’s a move worthy of the crown.
We look forward to seeing who ends up with that crown in our next reviews, but for now, the competition between 1Password and LastPass is too close, and that should worry LastPass regardless of the outcome.