Security

LastPass vs. 1Password: Which is better? Post your perspective

Password management is more complex and fraught with dangers than ever. Which service offers the best silver bullet? We turn it over the the TechRepublic community to decide.
pwd-security-112013.jpg
 Image: iStockphoto/pressureUA
With people having to manage more and more online user accounts and high profile sites like Adobe and Twitter being attacked and user passwords being compromised, many users are turning to password management solutions to deal with the unscalable issue of managing all of their passwords and keeping them secure. The two most popular password managers are LastPass and 1Password

These solutions create highly secure passwords for all of your accounts and then use software (browser plugins and mobile apps) to manage the entry of your passwords across various sites and devices. The only thing you have to do is create one super-secure master password that you can remember. 

There are advantages and disadvantages to both LastPass and 1Password (and there's also an open source alternative called KeePass). These solutions can increase both security and convenience, but there's also the issue that if you decide to use one of these services then you have a single point of failure (your master password) if someone targets you. Nevertheless, more and more users are opting for these kinds of solutions and the subject of which one to recommend will continue to come up.

In typical TechRepublic fashion, we're going to call on the wisdom of the crowds to help answer this question. There are lots of highly-technical brainiacs in the TechRepublic community and we'd like to call on your valuable perspectives and experiences to help people make the right choice. 

Discuss.

About

Jason Hiner is the Global Editor in Chief of TechRepublic and Global Long Form Editor of ZDNet. He is an award-winning journalist who writes about the people, products, and ideas that are revolutionizing the ways we live and work in the 21st century.

60 comments
mmth42
mmth42

Here's the trouble with LastPass. You start it and sign in, and then it freezes. Task Manager says it's still running, but after 3 hours I'm giving up. I may try it once more with a freshly downloaded copy, but it looks as though it's incompatible with 64-bit Windows 7. Oh--now it says it's already installed. What a botched up installation program!

villagechris
villagechris

I've been a LastPass user for 3+ years and am very satisfied with its cross platform (Windows, Mac, and BlackBerry are my platforms).


I believe LastPass is the only option that provides multifactor authentication...another level of security that I wouldn't and couldn't live without. 


LastPass has made dealing with the Heartbleed vulnerability so easy when changing passwords. I'm hooked!

capefarvel
capefarvel

i have been using RoboForm for 5 years now. was good for Windows. for Mac, not so. in fact, it's very bad for Mac. it works but not properly. their browser extension is a joke!!! they have not done anything for Mac users. i use their Anywhere version. it works okay on my PC. on Mac it also use lots of cpu and crashes. you can not also see more than 15 characters of the title of your site. meaning, i have 40 wordpress websites i manage, and i name them like "wordpress administrator thiscompany.com". in their chrome and safari and firefox extension, they allow 15 characters. so it truncates the item name to "wordpress administrator t....." so i have to guess which one or rename each item. ridiculous!!! i have requested this basic UX flaw since 2010 but they keep saying we do not plan to do so. i think no one at Roboform company has actually used or using Mac. i can't wait to get rid of them but they have made it impossible to move from them! export function is disabled now. so i can not export and import onto another app such as lastpass. i DO NOT recommend RoboForm at all! 

jaakl
jaakl

I've used 1password for years. It is great on mac and ios, but their Android app really sucks. It provides read-only viewing, no search at all with my 1000+passwords it is almost unusable. There is even no working sync, only way to re-sync what I found was to reinstall the application. I'm looking for alternatives now, LastPass and KeePass are in my shortlist. I like open source as such, but if user experience is like moving to linux desktop then it is not really worth it.

IronMit
IronMit

There is no contest! LastPass is way better because it offer multifactor authentication whereas 1Password does not. Any password managers that does not offer this option should not deserve recommendation.

dookerj
dookerj

Did Lastpass launch a facebook marketing campaign on here?  

I get that it's good, but on paper 1Password looks better, and my friend who works at an office that uses Lastpass office-wide says they all hate it.  I'm curious about a real comparison of the two.

water-man
water-man

When you are multiplatform (windows, ubuntu, android) there is actually only one choice: LastPass.

Passwords, safe notes, security checks, ubikey, very good integration with weblogon's. 

I have used Roboform in the past (Windows only) but never felt happy in the same way as I feel with LastPass.  Originally feared it to be too complex for my partner but after a short learning curve she is a happy user as well, allowing us to share passwords as well.

T. Sombrero
T. Sombrero

I'll second Mr. Barnhouse's no-confidence vote in 1password.  (Customer since 2010.) I like the features but we're talking broken links in emails, license key screwups on upgrades, surprise upgrades that break your stuff… all fairly minor but taken together gives pause. Cryptography is complex business and my experience with agilebits makes one wonder.   Which is how I stumbled on this discussion, looking for alternatives. 

cavalierking55
cavalierking55

I use Roboform. It has worked well for years for me. The real problem is that people are not using reasonable passwords and saving them on a secure USB or such and then changing once a year. Maybe it's a pain to change, but what is your privacy worth? It's easier than changing the oil in your car.

benlange
benlange

Lastpass is great for me.

tcoburn4
tcoburn4

I say forget either one and use Keepass instead.   (keepass.info)  Roboform is probably the worst, but my definite favorite is keepass because it works on all major platforms

ComputerPhil
ComputerPhil

This is like asking to choose between two pieces of candy (LastPass and 1Password) instead of just buying the whole bag (RoboForm). If you are going to be trusting sensitive login credentials to this software I do not suggest going with the cheapest or newest option but the BEST option. The best option when it comes to password management is (and has been for the past ten years), RoboForm.

Regulus
Regulus

I'm using LastPass and am just getting used to recently released ver 3.xx.  Sorry, I don't have direct experience with other options.  I do have a non MS PW Protected document on a usb stick that is legible in both Linux & Win as a master reference.  As a tech, I have at least 5 units that are dual/multiple bootable with multiple browsers on each instance.  Xmarks & Lastpass are installed on all which gives me access to anything at any time no matter where I am.   For me, Xmarks / LastPass does the job, but I haven't bothered with experimenting with another solution as I'm quite satisfied with current results.

beck.joycem
beck.joycem

Roboform for me for the last 10 years. Partly inertia, I'll admit. Use Roboform Everywhere on windows and Android. Not only logins, but Safenotes, contacts and bookmarks. I really appreciate having a single set of bookmarks independent of platform or browser.

hal.potter
hal.potter

I also use RoboForm and it works well for me. I use Mac's, PC's, iPhone, iPad and Windows Surface and RoboForm works on all platforms. I use RoboForm Anywhere so it will sync across all devices. It also works with all browsers.

xrayangiodoc
xrayangiodoc

DashLane seems to be working well for me. Costs $20 a year with the syncing feature enabled between all your devices (IOS, Windows, Android). Otherwise, it's free.

tsivonen
tsivonen

Only positive comments for both LastPass and 1Password. I used both for two years. 1Password replaced Apple's Mobile Me Keychain synchronization for my personal information and Safari browsing. LastPass handled my professional information and Firefox/Chrome browsing. I typically have all three browsers open with different sites/services/applications for each. Switching between applications is quicker than switching between windows in an application. (at least for me)

Even with Apple's renewed synchronizing the Keychain in Mavericks I am going to stay with 1Password for my personal information. I am debating whether to continue LastPass. The extra cost isn't much but X-Marks has not synced well over the past year so I have moved to Chrome and Firefox's built-in tool. Professionally I have moved more into Google's Walled garden so it is only the move to iOS that is putting LastPass in question. 

I really like the how 1Password works. It does have some quirks but not much to understand in order to use it to its full potential. If you are a Macintosh user combine a MacUpdate account and getting Licenses and such into 1Password is very easy. The Take Control of 1Password by Joe Kissell at $10 clearly set the work flow for me. Pairing it with Dropbox was easy as well.

 There is nothing wrong or even difficult about LastPass. Kissell's guide was likely the reason I have moved toward 1Password. For whatever reason I haven't read through the guide for LastPass. I can't even say what it is like. It just didn't happen. LastPass has done a fine job. If I had to guess it is the troubles with X-Marks that may have started tilting the balance.

A positive for 1Password is that the iOS app works better for me than LastPass'. I do want to put their update through a good test the next few weeks before I can truly decide. I still like the comfort of separating my personal from professional stuff. If LastPass works well. I'll re-up for the year and continue using both.

Hobed
Hobed

I've used KeePass for years.  I found it flexible, reliable, safe and free.  It is constantly being upgraded.  I go with open source whenever possible.

Dick9999
Dick9999

A feature not often mentioned in LastPass (+1) is the possibility to exchange passwords or passphrase with other LP users, safely. 2 choices: just send the record and the receiver can see and use all info. Ideal for transferring a key. Second option is to grant access to a website. The receiver cannot see the password, but can logon. Reverting/withdrawing supported too!

I did list the risks when storing password type of information in the cloud, or storing it on my laptop. Largest risk were laptop stolen, lost or broken, all taken care by the cloud solution. Illegal access, bankruptcy, out of business all easily solved by a backup which is encrypted (DIY)

Do I store my bank accounts in the cloud? Yes, but for peace of mind I do not store a postfix, that I type behind the stored and already very strong password. The postfix is the same for all my sensitive passphrase and passwords.


joetron2030
joetron2030

I've used KeePass for several years now under Windows. I started with the portable version running off a USB thumb drive. 

My KeePass "solution" has evolved as my use of devices has evolved. My current usage is that my primary KeePass DB file is still the one on my USB flash drive. However, I always drop a copy of it for use with mobile devices on Boxcryptor encrypted storage (inside my Dropbox storage) for all of my portable devices (Android smartphone, iPod Touch, and iPad mini).

However, when people ask me for a recommendation, I usually suggest they look into LastPass. 

mcondic
mcondic

+1 for Roboform.  Have used it for many years.  I hope your article addresses whether or not we should be storing our passwords in the cloud.  I use Roboform Desktop because I don't want my passwords in the cloud.  That means that I can't sync to my mobile device at the moment.

peterg
peterg

LastPass works well for my organization.

Rick-J
Rick-J

Also a happy LastPass user. Tried KeePass but there are (or at least were) problems with cross-platform compatibility with different database versions. The annual subscription to LastPass is a small price given the value of the whole package. I agree with all the good things already said about it, so I won't repeat!

It also supports storing other secure data, not just web page logins, an essential requirement for my purposes.

kbarnhouse
kbarnhouse

NO confidence vote to 1password. 


Bad pricing model and poor customer support - I don't trust them, so will be moving my business elsewhere

I bought a full package for $70 a few years back. It never worked great so I was excited to discover that the systems were getting upgraded. Wrong...

They stopped supporting the system I bought. I'd have to pay $50 all over again to get a manageable product

They offered an "early upgrade" discount to customers via Social platforms, but didn't actually email their existing customers to say that this was going on. And when I asked for the $10 discount to be extended, they refused.

rob.alfieri
rob.alfieri

No contest. LastPass is a truly robust and mature product with leading edge features. Strong data encryption, integration with every major browser, two-factor authentication supporting both Authenticator and Yubikey, ability to share credentials with other users (team, family members), full control over password generation parameters, support for mobile platforms, tools to help identify accounts where password security is lax, support for local desktop applications, and a development team that responds and listens to its customers.

frylock
frylock

+1 LastPass

Been using it for a while, works great. Used the free version for a while, it's quite usable if you don't want to pay for something. But it worked so well I happily switched to premium.

I tried KeePass as it is (arguably, potentially) more secure than a third-party managed solution. I may be getting too old for OSS tough, in the end the convenience of LastPass won out.

joseph_mcmanus
joseph_mcmanus

One name: 

Steganos Password Manager

It Does it all with many bells & whistles, check it out!

coptechs
coptechs

+1 for Roboform. Been using it for years and now with their Roboform Everywhere licensing model it is a bargin! Great features too. I would like to see dual factor auth though.

jsp09
jsp09

+1 LastPass.  Cross platform (Windows, Mac, iOS, and Android are my platforms), a digital copy of my wallet, and the cheap yearly subscription are what keep me as a client.  Also, I like wearing my ubikey around my neck like a nuclear missile key, in the unlikely event that i would need to access LastPass from a strange computer.

ellrllgllo
ellrllgllo

I've been using KeePass for the last 6 months. No problems at all. In order to access my password database from my Droid and my computers, I keep the database in Dropbox. 

And did someone mention the price tag of a piece of software? I didn't know that paying money and getting new software were synonymous.  

srichards
srichards

Another Vote for Roboforms. Have used it for at least a decade, tried Lastpass but prefer the added features of Roboforms.

LorinRicker
LorinRicker

+1 LastPass -- I've used it for several years, have paid the tiny/reasonable annual subscription fee to help keep it in business, and I recommend it frequently to friends and colleagues. It works flawlessly on my Android phone (Galaxy III), and across all my Linux desktops, lap/netbooks.  And if I ever just "have" to touch a Windows pc, it (LP) is there too. Before LP, I used weak, memorable and rather common passwords across the 'Net -- now, all my Internet resources and favorite sites are pwd-protected with strong, generated (non-memorable) passwords, and LP serves as my usual gateway to most-all things Internet.  They just updated to v3.0 this past week, and it looks and works great!

johnblogs
johnblogs

@capefarvel  I used RoboForm for many years but lately I switched to LoginBox which works much better. They are new and only released iPad and iPhone so far but I read they'll add more platform soon.


I tried many of those password app and this perform the automatic login better than any other. And it's so simple to use.

pervel
pervel

@IronMit  This is a complete misunderstanding. Multifactor authentication only makes sense if your data are stored on a remote server. LastPass does that. 1Password does not. Thus, multifactor authentication is a non-issue for 1Password and similar password managers.


However, in order to sync passwords across devices, 1Password allows you to use 3rd-party services of your own choice. Dropbox is the recommended and does indeed offer multifactor authentication. So again the point is moot.

IronMit
IronMit

I strongly disagree! Sticky Password is one of the worst password managers because it does not offer multifactor authentication like LastPass does. I will not touch any password managers that does not offer this option.

stevenjklein
stevenjklein

@water-man  Hmm, I'm multiplatform (Windows, Mac, and iOS), and I find that 1Password works perfectly for me on all platforms.

Having said that, I am not going to offer an opinion about LastPass because I don't use it.

I'd guess that very few folks have a lot of experience with more than one password manager. Using such an app requires a certain investment in time to install and configure it, and learn how to use it. That's especially true for those of us using it on more than one computer & OS. All that investment is lost when you switch.

I'd need a very compelling reason to switch. If LastPass had some extremely attractive feature that 1Password lacks, that might catch my attention. But I'm not aware of any such feature.

Likewise, if 1Password stopped offering such great support, I might start shopping elsewhere.

But I've been using 1Password since mid-2011, and in all that time I've found the product itself and the company support to be excellent.

IronMit
IronMit

You do realize that LastPass works on all major platforms as well?

jayboston
jayboston

@kbarnhouse This is exactly why I'm looking at alternatives.  Thinking I'll give Lastpass a try.  I've also moved to Android from iPhone, but my wife still has an iPhone, so I'm hoping lastpass will work well for us both

IronMit
IronMit

No, it is not! TapIn doesn't offer desktop version. 

roykirk
roykirk

@jsp09

 @jsp09 +1 Lastpass here as well.  I've been using it for a few years now and absolutely can't live without it.  It's the first app I install on my PCs and devices.

 Haven't tried Keepass, but from the comparison's I've read between the two, both are considered very good, but it sounded like Lastpass has the features and convenience that I enjoy, so I happily pay my $12 a year for the Premium subscription.  I don't need to try Keepass, though I'm sure it's a great solution too.

I am unfamiliar with 1Password, so can't comment on its viability.

krisoccer
krisoccer

@ellrllgllo I've been using KeePass for years on Windows and it's been a great time-saver for me. I'd be interested in looking at these other options to see if they have any features that are missing from KeePass.

mikin
mikin

@IronMit it seems like you are missing a point here. They do support additional authorisation by sending a PIN code.