Which must you use? [2026]

Everybody agrees: passwords are horrible. They’re both too simple for a hacker to crack or unattainable so that you can keep in mind. I can go on at size about why they’re so unhealthy and create such an terrible state of affairs—I wrote a thesis on it—however the actual takeaway is that password managers are actually necessary if you wish to keep safe on-line. They automate the method of producing lengthy, complicated, distinctive passwords, storing them securely, and, better of all, filling in login kinds, so you do not have to recollect or kind any of these sophisticated characters.

In terms of the most effective password managers, for a very long time, two apps had been essentially the most commonly really helpful: LastPass and 1Password.

Some time again, although, issues modified. LastPass suffered a serious knowledge breach on the finish of 2022 and has been criticized by safety researchers for the way it dealt with the fallout. Years later, there’s nonetheless fallout from the state of affairs—the ensuing class motion lawsuit has simply reached a $24.5 million greenback settlement.

Nonetheless, LastPass is a very fashionable password supervisor. So along with my earlier expertise with each apps, I dove again into every one to see how they stack up.

Desk of contents:

1Password vs. LastPass at a look

Whereas there are small variations in how 1Password and LastPass function, the truth is that they are fairly related relating to options. Not like all-in-one instruments that attempt to be the whole lot to everybody, these apps are actually meant to retailer and handle your passwords, so it is sensible that they do it equally.

This is a fast breakdown of how they evaluate, however preserve studying to be taught extra about my experiences with the apps—and what different safety consultants assume.

1Password affords a lot better safety

A password supervisor has two major jobs: to maintain your passwords secure, and to make filling them in simple. The whole lot else is type of secondary. To make issues as handy as potential, each LastPass and 1Password retailer all of your login info on their servers. It is meant to be encrypted and well-protected, so with that in thoughts, it is value taking a step again and looking out on the ongoing fallout of the LastPass hack.

In August 2022, LastPass disclosed {that a} hacker had compromised a developer account and gained entry to its growth atmosphere. It claimed that it had contained the breach and had taken mitigation measures. In September, it declared that its investigation was full and all was nicely, and that there was no proof any buyer knowledge or encrypted vaults had been compromised. Embarrassing for a safety firm, however it wasn’t the primary time the corporate had been hacked—and this was a much less compromising breach. 

Then, on the finish of November, LastPass introduced that one among its third-party cloud storage companies had been hacked “utilizing info obtained within the August 2022 incident” and that the hackers had gained entry to some buyer info. What info? Properly, it took till December 22, however LastPass got here clear: the hackers had a backup of buyer vault knowledge.

Some fields within the vault databases—like passwords, fortunately—had been encrypted, however others, like e-mail addresses, phone numbers, the IP addresses prospects used when accessing LastPass, and billing addresses, weren’t. No matter whether or not the hackers may crack the passwords, they nonetheless had a variety of private and figuring out knowledge about each affected LastPass consumer. 

And even the encrypted passwords aren’t essentially secure. LastPass has been criticized for years for its insufficient safety precautions and failure to replace legacy accounts. If somebody with a latest LastPass account adopted finest practices and used a powerful, distinctive grasp password, their knowledge might be nonetheless non-public (aside from all of the unencrypted figuring out stuff). However for those who had an older LastPass account, reused or used an insecure grasp password, or had been a very tempting goal? The hackers have direct entry to your encrypted vault and may attempt to crack your grasp password for so long as they like.

And crack grasp passwords they did. Over the previous couple of years, there was a string of crypto heists concentrating on LastPass customers. Greater than $35 million was stolen in 2023 from dozens of victims, lots of whom had been utilizing in any other case stable safety protocols. The one commonality was that all of them saved an necessary crypto account identifier referred to as a “seed phrase” in LastPass. 

There was one other hack in December 2024, when the attackers stole $5.36 million from greater than 40 crypto wallets. And TRM Labs tracked one other $35 million from 2024 to 2025 to Russian hackers and concluded it was “solely a fraction of the complete image.” 

And within the largest single instance I may discover, Chris Larsen, co-founder of the cryptocurrency token Ripple, was focused: he misplaced $150 million. Issues deliver the estimated crypto stolen to nicely north of $250 million; some figures say it is nearer to $500 million, although I could not discover any respected sources to substantiate that. 

There’s additionally no motive to imagine that these hacks have stopped, and crypto is simply the tip of the iceberg. It is unattainable to inform simply how many individuals had been the victims of other forms of scams due to their LastPass knowledge being compromised. It is solely due to the general public and really on-line nature of crypto that safety researchers have been capable of preserve monitor of the hacks and attribute them to the LastPass breach.

On account of all this, LastPass has been extensively condemned by the safety neighborhood for permitting hackers to realize entry to buyer knowledge, failing to comprise the preliminary breach, having insufficient safety measures within the first place, downplaying the severity of the breach, making an attempt in charge prospects for not having sturdy sufficient grasp passwords, and customarily simply mishandling the entire state of affairs. 

Worst of all, LastPass’s response was extremely lackluster. In September 2023, greater than a yr after the preliminary breach, it lastly began forcing outdated accounts to make use of 12-character grasp passwords and mechanically updating each account to at the least 600,000 rounds of an algorithm referred to as PBKDF2 that slows down makes an attempt to brute pressure grasp passwords. (Beforehand, the minimal for brand spanking new accounts was 100,100 rounds, and older accounts had been secured with simply 5,000, 500, and even 1 iteration with out being upgraded.)

Equally, it took till Could 2024 for LastPass to begin encrypting the URL discipline in its vaults, at the least for brand spanking new URLs. Present customers acquired a immediate to encrypt any outdated unencrypted URLs a number of months later.

There are rumblings that issues could be altering. As I write this replace, LastPass’s CEO, Karim Toubba, has made some optimistic statements in an interview with ZDNet. He says that LastPass has realized from the safety breach and invested in enhanced safety practices, each in its group and in its app. TechRadar, nevertheless, factors out that Toubba mentioned the identical issues three years in the past, so it could be value withholding judgment.

Whereas LastPass might have improved, for many individuals, it’ll be too little too late. Like me, for instance. As one of many affected customers, I needed to spend a number of hours one afternoon over my winter break altering a load of passwords. It could take lots for me to significantly think about using the app once more. (I hadn’t relied on LastPass for years, so my most necessary accounts had been nonetheless secure.)

Additionally, latest security assessments are inclined to present that LastPass is among the many extra weak password managers to a spread of theoretical assaults due to structure selections constructed into the app. Virtually no password supervisor is totally immune from these sorts of focused assaults, although they’re arduous to tug off in the actual world and infrequently reap the benefits of the methods password managers are handy by autofilling your passwords. It is value flagging that there’s a safety tradeoff to utilizing a password supervisor—it is simply that the choice is remembering a great deal of distinctive passwords or utilizing a bodily safety key. 

Briefly, the hack and LastPass’s response demonstrated that the corporate has a fairly cavalier angle towards defending the passwords you retailer with it. Structure selections made years in the past have made it extra weak to sure sorts of assaults than another password managers. Whereas a few of that is altering, I am undecided it is sufficient. 

So what about 1Password?

For starters, 1Password has by no means had a knowledge breach, though it has been focused. Even then, the corporate was upfront and sincere with prospects and revealed a full safety report detailing what occurred. When there’s a vulnerability recognized, they act quick to repair it. Extra importantly: 1Password makes use of a considerably safer setup to encrypt your vault—and encrypts each discipline. Whereas LastPass now makes use of 600,000 rounds of PBKDF2 as its default for all accounts, 1Password makes use of 650,000 iterations—and has at all times up to date outdated accounts to the most recent worth.

And even with that, LastPass locks your vault with simply your grasp password, whereas 1Password makes use of a grasp password and an extra secret key.

This comes with a draw back: to check in to 1Password on a brand new gadget, it’s essential to enter each safety elements. It may be fairly inconvenient if it’s essential to arrange a tool if you’re away from house, as you both must scan a QR code on a tool that is already logged into 1Password, or kind an extended string of characters that you just most likely haven’t got entry to. So whilst you can log in to LastPass from wherever, 1Password’s improved safety makes that more durable. Nevertheless it does imply that even when 1Password had been to undergo an identical knowledge breach, consumer knowledge could be considerably much less weak to hackers.

It is also necessary to grasp that 1Password additionally makes safety tradeoffs. It is weak to a number of the similar assaults as LastPass merely due to the way it’s designed. No answer is ideal, however some are higher than others.

With all that mentioned, regardless of the embarrassment of the latest breach, most of LastPass’s safety issues fall into the realm of “lower than very best,” not “use LastPass and you will get hacked yesterday.” If you happen to’re a daily web consumer—not somebody distinguished who may very well be particularly focused, or with a number of million in crypto sitting in a pockets—and join a LastPass account at present, so long as you utilize an honest grasp password, your knowledge ought to be secure.

Personally, I would not take the chance of utilizing LastPass as a result of I am neurotic about this stuff (and I am commonly a sufferer of impersonation and id theft). If you happen to massively choose LastPass’s interface or want its free plan, then be happy to present it a strive—simply perceive the dangers.

LastPass and 1Password are each out there on virtually each platform

LastPass and 1Password function virtually identically on cell platforms, since Android and iOS each help password administration and autofill.

Each companies even have browser extensions for Chrome, Firefox, Safari, and Edge that work equally. LastPass additionally helps Opera, whereas 1Password helps Courageous.

On the desktop, there is a greater distinction. 1Password has native apps for Home windows, Linux, and Mac that you need to use offline to entry your passwords or some other info you might have saved in your vault. These apps additionally provide a common keyboard shortcut for shortly looking out your passwords. 1Password for Chrome OS is a browser-based app, which is widespread for apps on the platform, and there is additionally a command-line software for Home windows, Linux, and Mac units. 1Password additionally affords browser extensions, which work with or with out the desktop app put in. The exception is Safari—you may want to put in the macOS app, however that is simply how Safari extensions work.

LastPass used to have desktop apps, then it removed them, however now it is bringing them again—at the least for Home windows and macOS. The excellent news is meaning you need to use keyboard shortcuts to autofill passwords and do not must depend on the browser extensions; the unhealthy information is that they’re basically simply reskinned variations of the online app.

General, the variations between the companies exist solely on the sting circumstances. Each apps help most main browsers, which suggests you possibly can run them each on any working system. If you happen to actually care about desktop apps, 1Password’s is far nicer.

Each apps are very nice to make use of

LastPass is absolutely nice to make use of—there is a motive the breach affected 33 million registered customers and 100,000 enterprise prospects. However there is not an enormous quantity of distinction between the way it and 1Password function generally.

Take logging in to your accounts. If LastPass acknowledges a login discipline, you may see a LastPass emblem in it. Click on that, and you’ll select which account you need to check in utilizing.

1Password works the identical manner utilizing the browser extension.

With each apps, you possibly can pull up the desktop app with a keyboard shortcut even outdoors the browser. 1Password’s implementation is extra polished, however it’s now a smaller level of distinction than it was a number of years in the past.

Each apps additionally make it simple to generate safe passwords for brand spanking new accounts. 

With LastPass, everytime you’re creating a brand new account, you may see an icon within the password discipline which you can click on to create a random password. Click on it, and you will see a password, which you’ll be able to click on immediately to make use of.

You possibly can select Customise to vary the parameters, just like the size of the password or whether or not or not it contains numbers or particular characters, and there is even an choice to make the password simple to say for those who create it by the complete app. These final choices are particularly useful for passwords you may nonetheless want to really keep in mind, like your Wi-Fi or Netflix password.

1Password works virtually precisely the identical. You possibly can click on the icon within the password discipline, after which use the slider if you wish to customise it.

These choices are helpful if a web site has particular necessities for passwords. I attempt to purpose for 40+ character passwords, however some websites nonetheless will not take greater than 20.

1Password and LastPass each have numerous additional options

Each apps have a variety of good secondary options. 

• Each can autofill two-factor authentication codes.

• Each make it potential to share passwords with different folks.

• Each can retailer bank card numbers, safe notes, necessary paperwork, and different issues you need to preserve secure.

• Each have password breach monitoring and general password well being evaluation (LastPass calls its Safety Dashboard whereas 1Password calls it Watchtower).

Each apps help passkeys—a brand new system that makes use of public-key cryptography to safe your accounts as a substitute of passwords. They’re meant to resolve a variety of the issues with passwords, and whereas it is taken far longer than I might like, it seems like we’d lastly be reaching the purpose the place they’re extensively out there sufficient to be helpful. Sadly, the competing implementations between completely different passkey suppliers can make issues extra sophisticated. 

Proper now, 1Password’s passkey implementation feels a bit extra polished since it has been out there for a bit longer. You should use it to create passkeys for different companies that help them, in addition to use one to safe your 1Password account.

LastPass additionally permits you to safe each your LastPass vault and different companies that help them.

Actually, there aren’t many variations right here. For nearly everybody, both service will provide an virtually equivalent password administration expertise. Even with passkeys, a variety of the implementation is fastened by how passkeys work so there simply cannot be wild variations between the 2 companies.

Neither app affords a very good free plan

Whereas there are nice free password managers out there (see: Bitwarden and Apple Passwords), neither LastPass nor 1Password falls into that class.

Let’s begin with 1Password. It is free for journalists and politicians; for everybody else, there is a 14-day free trial. After that, you are taking a look at $48/yr for a Private account or $72/yr for a Households plan with as much as 5 accounts. There are additionally enterprise plans out there from $19.95/month.

Along with a 30-day trial, LastPass affords a free plan—it is simply extraordinarily restricted.

Whereas it can save you as many passwords as you need, you possibly can solely entry your free LastPass account on one gadget kind: both computer systems or cell units. This implies you need to use LastPass to sync your passwords between your workplace laptop and your private laptop computer, however not between your laptop computer and your smartphone. It is a actually awkward caveat, and it undermines the entire “all of your passwords all over the place” factor that most individuals use a password supervisor for. On paid plans, this is not a difficulty. A LastPass Premium plan prices $36/yr, whereas a Households plan for six customers is $48/yr. For companies, a Marketing strategy begins at $7/consumer/month (billed yearly).

So, for those who’re selecting between 1Password and LastPass, you are actually selecting which app you need to spend a number of {dollars} a month on. If you happen to’re genuinely contemplating LastPass’s free plan, I might counsel testing Zapier’s article, the place we evaluate it with Bitwarden, which has a extra sturdy free providing. You may as well use Google Passwords or Apple Passwords; whereas not as feature-filled as devoted password managers, they’ve each considerably improved during the last decade.

1Password vs. LastPass: Which must you select?

For nearly everybody, 1Password is a greater password supervisor than LastPass. There’s so little distinction between the overall consumer expertise, availability, and value of the 2 apps, that the extra safety and transparency of 1Password make it the straightforward selection. 

If you happen to already use LastPass, use a safe grasp password, and do not need to undergo the minimal problem of switching companies, then sticking with LastPass is comprehensible. However for brand spanking new customers, you’d actually must need one or two of the area of interest, particular options that LastPass brings to the desk (or have a severe low cost code) for it to be a more sensible choice.

Associated studying:

This text was initially revealed in February 2019 and has had contributions from Zac Kandell and Justin Pot. The newest replace was in March 2026.