L
- Category
- Passwords · SaaS alternative
- Cost
- Freemium
- Country
- US
- Licensing
- Proprietary
# PROS AND CONS
+ what works
- +Mature browser extensions and mobile apps across all major platforms
- +Built-in TOTP, password sharing, and dark-web monitoring on paid tiers
- +Long track record and large user base, so integrations are well covered
− watch out for
- −2022 breach exposed encrypted vault backups; follow-on crypto thefts traced to it have continued for years
- −Closed source, so the encryption claims cannot be independently audited
- −Free tier is restricted to a single device type (mobile or computer, not both)
- −US jurisdiction and private equity ownership, with no transparency report comparable to peers
# PRIVACY NOTES
Vaults are encrypted client-side with a key derived from the master password, so LastPass should not see plaintext credentials in normal operation. The 2022 breach undercut that posture in practice: attackers exfiltrated backup copies of customer vaults that mixed unencrypted URLs with encrypted secret fields, giving them offline brute-force access to any vault protected by a weak master password. LastPass operates from Boston and is owned by private equity sponsors Francisco Partners and Elliott Management via LMI Parent, L.P. after spinning out of GoTo in 2024. US jurisdiction applies.
# REPLACES
icloud-keychain
# TAGS
#proprietary · #browser-extension · #breach-history
# DOES THIS WORK FOR YOU
# NOTES FROM PEOPLE WHO TRIED IT
Comments (0)
No comments yet. Be the first.