The bottom line: Effective, secure, and easy to use, LastPass offers a broad base of password-management features for free that can be expanded when upgrading to the premium version. It's an essential add-on for modern Web browsing.
Passwords have gotten so complicated that even people with ferociously sharp memories can struggle to recall the eccentric combinations of letters, numbers, and symbols. There are passwords for personal e-mail, work e-mail, bank accounts, Twitter, and Facebook, and woe to anybody who uses the same one for those two malware magnets. On top of that, it's recommended that you regularly change your passwords so they don't get compromised. Passwords are a pain, but LastPass slices through the Gordian knot of password management with a deft and effective cross-platform browser add-on.
Installing LastPass is straightforward, except that you can choose between the universal installer or browser-specific add-ons. The easiest option is the universal installer, which will work with Internet Explorer, Firefox, and Chrome on Windows. Mac users will have to download individual add-ons for each browser.
LastPass takes the pain out of passwords
After creating a LastPass account and master password, which is used to access your password list, LastPass will ask to suck up all your passwords into its cloud-based, AES-256-encrypted servers. This key aspect of LastPass, the cloud-based storage, is then followed by an option to remove all your locally stored passwords. This prevents them from being compromised after you've begun using LastPass, although it also means that you will be tied to LastPass from that point. You can always export your passwords later, although after using the add-on for more than a year we've had no problems.
After installing, restart your browser and you'll see a gray or red box icon on your browser's toolbar. Red indicates you're logged in, while gray indicates you're not. Once logged in, you can visit LastPass' spreadsheet layout of your passwords with one click. This is called your "password vault," and while it's navigable, it could use some tweaking, too.
You can organize your passwords into folders and groups, you're told up front how long ago the password was last used, and there are quick links to Edit, Share, and Delete the password. A search field at the top will automatically search through URL and username. You cannot search by password.
A list of global actions such as settings, import and export, history, and manually adding sites lives on the left of the password list. To the right is a short list of options to be used when you select a password, currently limited to share, delete, and change group. At the top of the interface are tabbed options for managing your form-fill profiles, identities, shares, and applications.
Much of the add-on's heavy lifting happens in editing windows that open on top of your vault, but are not separate browser windows. This includes individual password editing and configuring, and changing LastPass' settings. The separate window is understandable for security purposes, but it detracts from the overall experience as an overlay.
Features and support:
LastPass offers a shocking number of features. The free version will be more than enough for most users, while upgrading to the premium version will get you LastPass for mobile devices and browsers, remove ads from your vault, provide priority e-mail and phone support, and give you multifactor authentication. This heightened level of security requires you to use a YubiKey or USB key in conjunction with your LastPass master password to gain access to your vault.
Basic and premium users alike will get LastPass' deep array of password-management tools. It will auto-detect username and password form fields. If it has the credentials for the page you're visiting, it will ask you to fill in the info. You can also set LastPass to automatically fill in credentials, or even automatically log in. When you visit a site that you're creating new credentials for, it will ask if you'd like it to create a password for you. Via the vault, you can change the default level of security for generated passwords. It will also detect when you've changed the password for a site that's already saved, and ask you if you'd like to change the saved version.
From within the Settings option in the vault, you can change your master password, configure the vault auto-log-off time, change the default security level to one of three presets or customize a fourth, and manage equivalent domains and URL rules for sites with more than one log-in.
While LastPass can be used solely from its Web site, and provides a virtual keyboard so you don't have to worry about a keylogger swiping your master password, some key features come only with the add-on. One of these is the on-the-fly creation of a one-time password, and there are others. The add-on menu shows you a list of recently used passwords, and allows you to copy credentials to your clipboard without revealing them first, fill forms, manage secure notes, customize hot keys, and change the LastPass icons.
It doesn't skimp on password tweaks, and that's a good thing.
Measuring add-on performance is notoriously difficult, although Internet Explorer 9 Beta did note that LastPass only slowed down the browser's boot time by 0.16 seconds. The default threshold for warning the user about add-on performance impact in IE9 Beta is 0.2 seconds or slower. Google Chrome dev 9.0.587.0 put LastPass' memory usage at 14MB of RAM, high for an add-on. Browsing with the add-on versus without it revealed no noticeable slow-downs on a daily use computer.
Password security and management have long been a deficient part of any browsing experience, and LastPass solves that problem while also making your passwords accessible anywhere. Cross-platform, cross-browser, and secure with a hefty range of options, this is the gold standard for password management.