“‘Don’t put all your eggs in one basket’ is all wrong. I tell you ‘put all your eggs in one basket, and then watch that basket.'” — Andrew Carnegie, 1885
When it comes to privacy tools, Andrew Carnegie is usually dead wrong. In the case of, however, Carnegie is usually more dead than wrong. So much of our online privacy and security rely on guarding the single digital basket — a well-chosen password manager — into which we’ve entrusted every login key. To wit, I’ve been using LastPass so long I don’t know when I started using LastPass. But now — with new and the discovery of the — I’m finally making the switch.
True to millennial peerage, though, I didn’t stick around because I’m brand-loyal. I’ve test-driven other, and with a growing stack of encryption lit at my office-away-from-office, I’m itching to get further under their hoods. LastPass, until recently, outlasted them all. While I’m personally moving over to Bitwarden — which remains free across multiple devices and has a strong open-source foundation — I’m still steering plenty of less-techie folks to LastPass, thanks to its overall ease of use.
At $36 a year, the Premium version of LastPass is a solid deal, sweetened by the inclusion ofand 1GB of encrypted storage. A $48 annual subscription will get you the Families plan — that’s six individual accounts, shared folders and a dashboard that goes beyond your own security analytics and lets you manage the family accounts.
If you’re new to password managers, here’s how it works: You sign up for an account and create a master password. You then use that master password to log into your password manager instead of entering your login information for every different site.
Overall security is also bolstered by LastPass’ username and password generator — making it easier to create stronger passwords every time, rather than being tempted to re-use others. This feature is at its best when combined with LastPass’ automatic prompts: Not only does LastPass detect data entry fields and invite you to save a new password in your Vault (instead of directly into your browser, something you should never do), but it encourages you to generate a unique one with a single click.
LastPass’ multifactor authentication, a practicewith sensitive data, is also great for bolstering secure logins. If you’re willing to purchase the premium version, LastPass will also cross-reference your information against databases of logins known to be compromised via its Dark Web Monitoring option, alerting you if your email address has been flagged. You’ll also get a dashboard full of graphics illustrating your overall security. For instance, a visual gauge analyzes your collection of passwords and displays the percent that are considered too weak.
The smooth functionality of LastPass’ browser extensions can’t be overstated. They’ve gotten along with nearly every other extension I’ve used. The same can be said of its mobile apps. Even as app store permission schemas have changed over the years, I’ve never run into major conflicts between LastPass and other apps. That amiability extends to platforms, too. I’ve yet to find an operating system or device on which I can’t use LastPass. I’ve recommended it to journalists, lawyers, activists, family — you name it — not just because of its compatibility, but because I’ve found it exceedingly intuitive and user friendly in its setup.
I can create folders for groups of sites — carefully partitioned areas are designed to hold your credentials and banking information — and I can import and export blocks of passwords. Granted, exporting any list of passwords via plain text can be risky. Premium users can even share folders and items, grab some secure note-taking space on the cloud, and set up an emergency contact to access their accounts if they can’t.
Usability and design are about more than how smart a program looks, though. The hardest security flaw to fix is the human one. While security bugs often follow attempts to make software more convenient, it’s better to make a privacy tool behaviorally appealing, even if it is slightly less secure. A password manager that’s user friendly is one that gets used, and it’s infinitely better to have people using slightly flawed security than none at all.