I have used LastPass as my primary password manager for many years ̵1; if I had to guess, I would say it must be close to ten years now. And during those years, it has let me down, disappointed me and frustrated me on several occasions. A few weeks ago I finally switched to 1Password. I should have done it ages then.
To be clear, there is nothing glossy wrong with LastPass – or at least that’s what I said to myself for several years. Of course, the Android app does not always automatically fill in options and the Chrome extension stays logged in literally all the time. The app has suffered several data breaches over the years as well. But there are quite a few for the course, right?
Not even close.
I honestly did not realize how bad the password manager LastPass is until I used 1Password. The Android filler issues are one thing – a little annoyance at best – but the poor security implementation of an app that is supposed to store some of your most private information is completely unforgivable.
LastPass security protocols are pathetic
If you have a LastPass account, you already know how it works: you install the app or go to the website and log in. Maybe you also have two-factor authentication enabled in your account – good for you. But it is voluntary, and if you do not already know that LastPass offers 2FA, it is pretty much guaranteed that you have not activated it. (How can you activate something you were not aware of, after all?)
And if you install the Chrome extension, you only need to sign in once. After that, as long as the computer stays online, you will never be asked to log in again. Then everyone who has access to your computer also has access to your passwords. It’s a disaster just waiting to happen. You can change this behavior in the LastPass add-on settings, but it’s just puzzling that auto-lock is not enabled by default. You should not have to choose a better security, especially not in a password manager.
But 1Password does things differently. First of all, it not only forces 2FA out of the box, but it puts a “secret key” when you create your account. This is a very complex key that is required every time you log in to a new device (Note: only at the first login – after the device is confirmed, you can log in with only your username and password). The key is automatically generated and shared with you in a document when you register for 1Password. This key is also stored on your trusted devices, so it’s easy to keep safe but hard to lose.
There is a high level of security for all your passwords. Do you know what else 1Password does that LastPass does not? Automatically lock the vault in the Chrome extension by default. Both 1Password and LastPass lock the vault after a period of inactivity on mobile, but the same does not apply to browser extensions. It’s puzzling. (If you are using LastPass and do not want to switch, enable this feature Account Options> Additional Settings> Logout after many minutes of inactivity.)
Now, LastPass could fix both of these issues quite easily by forcing 2FA and automatically locking the vault by default. But it has been years now and none of these things have been done. Hard to say if or when they will ever come. So it’s time to change.
1Password has never seen a data breach
Since 2011, LastPass has been involved in five data breaches or other security incidents – 2011, 2015, 2016, 2017 and 2019. To be fair, some of these were not major; only exploits detected. And in all of these cases, LastPass did a remarkable job of disabling or correcting these vulnerabilities. It is fair to give credit where it should.
But if you Google “1password data breach”, the first option is not a high-profile leak that 1Password was a part of. It’s a link to the 1Password blog about what would happen if the company were ever part of a crime, beginning with the words “1Password has never been hacked.” If you are considering a switch, it is worth reading. Even if you are not considering a switch right now, it is worth reading. It can change you.
The Android app is much more reliable
One of my biggest points with LastPass is how completely unreliable the Android app’s autofill options have been – even after Google implemented the autofill API, which I hoped would solve these problems. But no.
I’m not sure what the deciding factor is here, but sometimes the auto-fill feature works well on LastPass. Other times it is never called at all. And secondly, it is prompted but says that there are no saved passwords for that app / website. And there is no way to search directly from the autofill message.
Again, 1Password fixes all these issues. To begin with, there has not been a single time that it has not offered a question about a password. And in the case where it does not associate a password from a website with the corresponding app, you can search directly from the query and assign the password to the website there – it only takes a few taps. The association is then stored, so logging in next time will be even easier. LastPass has nothing like it.
To be fair, if you are an iOS user, you have probably not experienced any of these issues. Options for automatically filling in iOS passwords seem to work very more reliable than Android, because I have not experienced any issues with LastPass on iOS. That said, 1Password works just as well, so you lose nothing if you make the jump.
Switching was more painless than I ever expected
I have an embarrassing confession: the main reason I did not change before is that I did not want to spend time doing it. In my head, this would take hours. It’s actually so wrong that I feel stupid just to say it. The switch literally took like five minutes. No joke – five.
In fact, 1Password has an excellent guide for doing just that on its support site. In the end, there are two steps: export your LastPass vault and then import it into 1Password. In my experience, everything was synced beautifully.
In total, I had 1Password running on three phones and four computers in about 20 minutes, which includes removing LastPass from these devices. I feel ridiculous for waiting so long.
But there is a smaller catch. For some reason, there are two versions of the 1Password browser extension – one requires the desktop app to be installed and the other does not. I recommend that you use the 1PasswordX extension, which works on its own. Otherwise, you also need to install the desktop app, which honestly is just redundant. As an added bonus, the 1Password extension has a much lower impact on system resources than the LastPass extension (at least in Chrome).
But there is also the issue of pricing. For most people, LastPass is free – you can use it on several devices without paying a penny. If you want to add encrypted file storage to the mix, you can do so for $ 3 per month.
But 1Password is $ 3 a month out of the gate or $ 5 a month for the whole family. You know the saying “do you get what you pay for?” Well, I do not think it’s more true than it is here – 1Password is more secure and convenient than LastPass, which more than makes it worth $ 3 a month.
If you have been considering switching from LastPass to 1Password, I highly recommend it. I wish I would have done it years ago.
Publication: 1Password offers free accounts for journalists, which I switched to before I wrote. This in no way shaped the results or outcome of the article.