It was not long ago that I raised an editorial toast to the reigning champion of password managersLastPass, and not only recommends it for its wide range of premium features, but – most importantly – because it refuses to let its veteran lover down for free users, even if it’s thoroughly scrutinized for a change in ownership.
A moment of silence for our beloved freeware: from March 16 LastPass free users can use the service on only one device type – desktop or mobile, but not both. Good night, sweet prince.
Read more: The best password manager to use for 2021
The move tragically undermines a key security principle that has made the free version of LastPass as effective as core security – its seamless multiplatform integration. Using a password manager to increase security, perhaps more than many other privacy products, is at the heart of maximum user convenience. If it is not immediately and consistently visible during all browsing, a password manager can be quickly forgotten, and your increasing number of passwords is more easily stored in a browser itself (a much less secure option).
With more types of Internet-connected devices in the hands of users – and with a digital divide that is contributing to a wider shift towards access to the Internet via telephone – Internet use is becoming more fluid. So a free password manager that can not rotate between a user’s devices will simply not cut it.
In addition to losing multiplatform access on March 16, people using the free level of LastPass will also lose email customer support from May 17. Password managers are probably the most intimate service in our digital life. Used properly, it holds the keys of our individual kingdoms. While their encryption usually blinds password managers’ parent companies to see your actual passwords, LastPass still offered a bunker option to reset the master password from a free level in an emergency.
Now imagine that you are a free-level user, who is caught abroad negotiating a sign-up issue, and the company you trust with more access than any other will not even answer an email. Ouch.
These factors combine to undo any competitive advantage gained by the free service of LastPass, and pull it into a closer battle with its peers. Meanwhile, 1Password is gradually joining the crown, although it offers only razor-sharp marginal victories in key areas. We look forward to receiving new CNET reviews from 1Password and several of its peers soon. In the meantime, though, this is where the two password-privacy titans stand in comparison.
1Password
1Password joins LastPass’s leadership in password management since LastPass announced its new restrictions at free levels. With its hyper-flexible platform compatibility, transparency enhancing enterprise policies, robust security features and silky soft interface – let 1Password wonder if LastPass can hold its crown.
Sarah Tew / CNET
LastPass’s legacy is rapidly deteriorating after announcing that its valued free level can only be used on one device. LastPass has never been in greater danger of being dethroned, as the benefits to security and compatibility over 1Password are reduced to a fleeting marginal victory.
Cost-effectiveness: 1 password for singles, Lastpass for families
Both of these password managers are comparable to the basic price for one-time subscriptions, but 1Password gives a lead of just a few cents.
A one-time one-time subscription to 1Password costs $ 34.88 and features unlimited sign-in storage, 1GB of document storage and optional two-factor authentication by Yubikey for added security. LastPass offers the same for $ 35.
However, LastPass beats 1Password on family plans. LastPass family plan costs $ 4 per month and allows up to six users, while 1Password family plans start at $ 5 per month and allow only five users.
Both drivers offer a trial period, but LastPass is better and offers you 30 days compared to the seven of 1Password.
Look at this:
Keep your data safe with a password manager
1:13
Platform compatibility: 1 password (on the nose)
Both drivers work on Windows, MacOS, Linux, Chrome OS, Android, iPhone and iPad. Both offer ways to work with Chrome, Firefox, Safari, Edge and Opera. On mobile devices, the two come equally. But on your laptop? 1Password has native applications used in conjunction with its browser extensions, while LastPass relies solely on browser inserts. It offers a slight advantage in flexibility, but only in exceptional cases.
1Password also has a Chrome OS application that makes 1Password available in your browser, and provides keyboard shortcuts to quickly search your logins through all of its desktop options. And if you want to run a slimmer version of 1Password, you can also use its mini-applications on Windows and MacOS.
Because the drivers are both browser-oriented, the compatibility factor also gives you an idea of their overall usability – how they look and feel to an average user. If you have a slow machine or work with very limited processing power, LastPass’ browser extensions are your better option for a fast browsing experience.
Compared to visual convenience, however, LastPass organizes your password safe into a nested folder system, while 1Password’s similar system also allows you to add tags to your logins. Can’t remember the name of the movie website you used last week? Just search for “entertainment” in the 1Password tags to see the list of streaming sites you have subscribed to.
1Password, like LastPass, works in Windows, MacOS, Linux, Chrome OS, Android, iPhone and iPad.
1Password
Security: Both are secure, but 1Password is more transparent
LastPass beats 1Password practically on one important security advantage – password generation. Although both have random password generators, LastPass spits out a stronger password faster than 1Password with a one-click process. You can not adjust the password generation parameters as you can in 1Passwords, but it is probably stronger because it reduces the human error factor by default. Even with less parameter customization, LastPass’ generator settings can still be more easily customized for sites that are picky about password selection. You can also enable LastPass to update your passwords automatically.
In general, however, 1Password has the lead.
Both LastPass and 1Password encrypt your logins locally according to standard AES-256 standards – which means your passwords are encrypted before being sent over the Internet – instead of relying on a cloud-based service to scramble them later. And LastPass offers more convenient two-factor authentication, so you would think it would have an advantage there, but that is not necessarily the case.
1Password also offers two-factor authentication, but its on-board process offers an excellent security advantage over LastPass.
LastPass and 1Password both encrypt your logins locally before sending them over the Internet.
LastPass
For LastPass, you only need a master password to create your safe and access it on all platforms. With 1Password you use a master password to access your safe on different platforms, but during setup you need the master password plus a security key. 1Password also enhances privacy by setting up a convenient QR code option so that you do not expose the key by typing in manually. On Macs you can use Touch ID to unlock 1Password, and on iOS devices you can also use Face ID.
The Watchtower feature of 1Password adds another inch to the closely competitive advantage. Watchtower regularly searches the dark web for the appearance of your unique entries and alerts you if it finds your information out of pocket. LastPass offers a similar feature called Dark Web Monitoring. Although we are excited to get a closer comparison with the two features in the future, it now appears that the Watchtower allows you to choose which parts of your vault you want to view. This ability to create shots within accounts can give you more control over the flow of data between your manager and your credentials.
Some may point it out LastPass’ history of errors and violations making it a less certain bet, I would say it is a short-sighted argument: there is always a strong link between the popularity of any security tool and the length of the bug rap page. There are three more important factors to consider: the damage caused by the offense, the process of killing and preventing the business, and the transparency of the company.
While LastPass aptly addressed these factors in its own way, LastPass came back into the spotlight in February as researchers discovered seven web trackers connected to the LastPass Android app.
1Password wins for me on this one – for now – because it seems to have gone beyond LastPass in the depth and content of its third-party audits, and because it was found to have zero web-trackers through the same organization.
No driver enjoys the distinction of being proud of open source, like BitWarden, which rushes forward to grab the discount best free password manager – but 1Password seems to be striving for maximum transparency. And it’s a move worthy of the crown.
We look forward to seeing who finishes with the crown in our upcoming reviews, but for now the competition between 1Password and LastPass is just too close to call – and that will worry LastPass, regardless of the outcome.