We’ve talked before about the importance of using a password manager in this age of constantly hacked services. There’s no perfect solution yet, but we’ve been able to prove time and time again that letting a human pick passwords is pretty much the most flawed approach you can take. We can’t remember passwords, and we can’t even invent random ones, so we fail from both sides. We cannot be trusted. If you use a password manager, can choose to have it create random passwords your brain would never think of, and which you can never type. We’ve also talked about using Bart’s awesome xkpasswd tool to generate random and yet typable passwords.
I’m betting that many of you are in the camp of “yeah, I know I should use a password manager, and I’m really really going to get around to that soon.” Sort of like the old days when we all knew we should be doing backups but it was just too darn hard, so we didn’t start doing them until it got as easy as plugging in a backup drive. Now there’s really no excuse not to use LastPass or 1Password.
You may recall that I have been a LastPass user for a few years, but I’ve been frustrated because they were never able to fix the problem I had that it would stop logging me out when I was idle, which was enough to push me to 1Password. Now that I’ve used both for a while I’d like to walk through each one and give you some pros and cons so you can make your own decision. Remember, they’re both GREAT services, and you will not go wrong either way. I remember when Dorothy was trying to decide and she made a big pro/cons chart for herself, and in the end flipped a coin. She ended up choosing 1Password and so did Bart, which might be all you need to help you decide.
- Free for web access
- Mobile Apps are Cross platform for Premium subscribers ($12/year) – iOS, Android, Windows Phone, and even BlackBerry
- Vetted by Steve Gibson – he got to look at the source code and confirmed they can’t possibly unlock your vault
- Can share passwords with a trusted person (and they get updates when you change them)
- New Family Share folder within everyone’s vault
- Browser Extensions for all the major browsers
- On the computer, only Website and browser extensions, no menubar app, no standalone application
- Audit your passwords (don’t be surprised if you do badly)
- Very helpful during Heartbleed, told you which sites to update and which ones to wait because they hadn’t been patched yet
- Passwords are stored encrypted locally and on the LastPass servers (good or bad, you decide)
- Had trouble where it won’t log me out when I’m idle – a deal breaker for me
- Interface is acceptable but not super pretty
- More steps to enter a password via the web than with 1Password
- Customer service slow and unhelpful. Feels like an open source application.
- LastPass works with TouchID ONLY in Safari. Can’t open the mobile app with TouchID (https://lastpass.com/support.php?cmd=showfaq&id=7976)
- More expensive
- Single user, single platform license is $50 (cross platform Windows/Mac single user is $70)
- Family pack is a good deal, 5 family members for $70
- You might like a one time purchase better than a monthly fee, but 1Password has traditionally charged upgrade fees for major point releases, so it’s definitely going to be more expensive than the $12/year for LastPass
- Upgrades are affordable – mine was only $20 to go from a single user to family pack with an upgrade
- iOS app is free to get logins, credit cards, identities and Secure Notes
- For $10 for the premium option you also get access to your software license keys, wireless routers, you can organize with folders and tags, access multiple vaults, view attachments and create custom fields
- For Application serial numbers it searches for the icon for the app and displays it beautifully
- Identifies Credit Cards with their logos so they’re easier to choose
- Animations just make me happy
- Watchtower checks websites for vulnerabilities – found out ifttt had a vulnerability since I last changed my password so I was able to fix that up
- Checks for weak passwords
- Checks for duplicate passwords
- Checks passwords by age (e.g. 3+ years old)
- I used this to clean up the last of my bad passwords – like how as I fixed each one, they disappeared from view so I could feel the progress without waiting for a long web refresh
The bottom line is that for what’s important for me, 1Password is now the clear winner. The better technical support, better TouchID support, nicer user interface are all worth the money. If money is your primary concern, LastPass is an excellent choice, as long as it logs you out properly when you’re idle. If that stops working for you like it did for me, then I’d cut something else out of my budget so I could afford to run to 1Password.
If you’ve been a LastPass user, and my discussion has convinced you to jump ship to 1Password, there’s a really useful script you’re going to need. This script will take the export of your LastPass data and convert the data so that it will slide nicely into your new shiny 1Password vault. If you don’t use this script, you will be missing a LOT of data that you’ll have to replicate. Without it my 125 software license files didn’t come over! I should mention that it was written by a 1Password evangelist, not vetted by AgileBits, but Bart did review the script and said that it does not send your passwords to China OR the NSA. I put a link in the shownotes to the script.