Best Password Managers: Top 4 Reviewed


The developers of LastPass say they built the product from the ground up to provide access to password data on any device -- and it shows.


Once installed and configured, LastPass is a breeze to use. The application maintains a local copy of your data on any Windows, Mac or Linux machine. A single icon on your browser navigation bar gives you access to all its features.

But as with RoboForm, some setup and configuration details can be a bit involved if you're supporting more than one platform or browser, or want to add two-factor authentication. For example, when I accessed the "download" screen on, the site recommended a download for Firefox -- the browser I was using at the time. But there are separate downloads for each additional browser you want to use with LastPass -- and a total nine different variations of the program you can download for the Mac.

LastPass runs on the iPad and any Windows, Mac or Linux computer via a browser extension for Chrome, Firefox, Internet Explorer and Safari browsers. You click the red LastPass icon on the browser navigation bar to access the account log-in screen and a drop-down list of key features. Once logged in, you can access your database on the LastPass Web site, set up profiles, log into sites, create and access secure notes, or configure some very detailed security settings.

LastPass uses your e-mail address as your user name. Since your user ID is easily guessed, that makes it doubly important that you choose a strong password.

When you visit a Web site that LastPass recognizes, you can configure it to automatically fill in the account credentials and log you in without prompting. There are no buttons to push. Of all of the products reviewed here, LastPass had the most seamless process for automating the log-in process.

Each machine that you use LastPass on has its own encrypted, local copy of the password database, which synchronizes with a master database hosted at the Web site. You can also log into the site directly and view your data from anywhere, without using any browser extensions.

LastPass for the iPad keeps a synchronized copy of your password data. Because it can't integrate with the Safari browser on iOS devices (iPad, iPhone, iPod Touch), the app includes a simple, embedded browser of its own. A list of your passwords appears in one tab. Press on a site name and LastPass launches a new tab, loads the site and logs you in.

Other features include the ability to analyze your existing passwords for weaknesses and an option to automatically delete the passwords stored by your browsers (which are not very secure).

The basic version is free, but if you want to use LastPass with any mobile devices other than the iPad, you'll need LastPass Premium. The $12 annual subscription fee adds support for a variety of popular smartphone operating systems, including iOS, Android, BlackBerry, Windows Mobile, Palm WebOS and Symbian S60. It also includes access from USB keys that can run portable versions of Chrome, Firefox or Internet Explorer and upgraded support (basic support is via e-mail only).

The portable browser/LastPass combination on a USB key for Windows, Mac OS X or Linux supports a local, synchronized copy of your password data. Using a USB key is good for accessing LastPass data from untrusted machines because you don't need to install LastPass locally and nothing is left behind on the machine when you finish using it. To help thwart key loggers, LastPass lets you create and use one-time passwords; you can use your mouse to click on a virtual "screen keyboard" and enter your master password that way.

The for-pay version also offers two-factor authentication using either a one-time password-generating program called Sesame or a hardware key called YubiKey. If you don't want to spend the 12 bucks, the free version of LastPass comes with a basic two-factor authentication scheme called Grid. I strongly recommend using the two-factor authentication feature on any device that travels outside of your office or home.

For comprehensive coverage of the Android ecosystem, visit

Subscribe to the Security Watch Newsletter