March 4, 2021

1Password vs. LastPass: Which is Better? Which is Safer?

Written by

Despite the best efforts of software and security professionals, many growing businesses share logins between users — usually as a cost-reduction effort. But securely sharing unique, complex passwords is nearly impossible without a password manager software.

Sharing passwords via insecure methods — written down, via email, or storing them in a spreadsheet—increases the likelihood that those passwords, and the data they protect, will be exposed to hackers. A data breach in the US in 2019 cost companies an average of $8.19 million—nearly twice as much as the global average. A password manager software can reduce the risk of exposure.

Password managers were originally created to solve the problem of creating unique, secure passwords, and then remembering them. Businesses of all sizes now adopt enterprise-wide password management tools to create and administer a corporate password policy where users securely share passwords to decrease the likelihood of a breach.

Choosing the best password manager for your business can be difficult, especially when you try to satisfy everyone in your company. This article will focus on two enterprise password management leaders: 1Password and LastPass. We’ll provide an overview of each platform and then compare 1Password vs. LastPass pricing, their differences and similarities in functionality, and each company’s approach to password security.

Also Read: Best Password Management Software & Tools (eSecurityPlanet.com)

1Password Overview

track employee password security with 1password.

The latest version of 1Password is 1Password 7, which is available for all operating systems including Mac, Windows, Linux, and the Command Line. The accessibility of the software from all these tools makes it an ideal product for implementation across the enterprise.

Both the individual and business-oriented plans support mobile applications for Android and iOS, which means you can access passwords stored on your computer via your mobile device. When you connect your mobile device to the internet, the app syncs with the desktop version to keep all versions up to date.

Most businesses will prefer the robust functionality and granular control offered by 1Password Teams, Business, or Enterprise, although some small businesses may get away with a Family plan. All versions include desktop and mobile applications, unlimited sharing of passwords, automatic syncing, and access control. The Business version increases data storage from 1GB per user to 5GB, provides an unlimited password history (as opposed to 30 days), and offers more options for groups, activity logging, and role-based access. Business also provides priority customer support.

LastPass Overview

monitor user behavior with lastpass enterprise.

LastPass is a cloud-based password management tool, so you don’t have to install a desktop app to get started using LastPass. It’s available on Mac, Windows, or Linux computers, and they offer extensions for major browsers including Safari, Chrome, Internet Explorer, Microsoft Edge, and Opera. These extensions make using the service easier, but they’re not required.

LastPass comes in several versions. Free, Premium, and Families tiers are for consumer use, while MFA (multi-factor authentication), Teams, and Enterprise are recommended for business use. There is also an Identity plan that combines the MFA and Enterprise capabilities.

Yes, you can use LastPass completely free of charge. But as of March 16, 2021, you will need to choose to use your account on either mobile or desktop. You also won’t be able to share passwords with other users or have access to any of the other features that make a password manager useful. But you can generate, store, and automatically fill passwords, and that’s better than no password manager at all. For very small companies or companies that are not concerned with sharing passwords across teams, the free tier is a no-excuses way to start using password management.

Business plan pricing is based on the number of users, with the Teams plan starting at 50 recommended users. All business plans include offline mode, a security dashboard, two-factor authentication, and self-guided support.

Comparing integrations and security for 1Password vs. LastPass

You’re probably reading this article because you’ve narrowed down your search for a password manager to these two options. While both applications are a strong choice, one may be a better fit for your unique situation.

LastPass has more options for directory integrations, supporting Active Directory, Okta, OneLogin, Microsoft Azure AD, and API access. Currently, 1Password supports Azure Active Directory and Okta for automated deployments.

The more fundamental difference between the two platforms is this: LastPass’s security is authentication-based, while 1Password’s is both authentication and encryption-based.

An authentication-based system checks your credentials — in this case, your Master Password — and then provides or denies access based upon whether or not your credentials match those stored by the authenticator. These credentials may or may not be stored in plain text, and there are typically backdoors that allow access in case your password is forgotten or that allows administrators to reset passwords, so you can regain access.

In an encryption-based system, resetting a lost encryption key with a backdoor method simply isn’t possible, as the key is used to generate the “code” that encrypts your data. This means that your employees will need to download and securely store their 1Password encryption key to access the system in case of a lockout. Neither you as the admin or 1Password as the vendor will be able to access their password vault for them if they lose it. This is why, according to 1Password, they don’t (and probably can’t) offer multi-factor authentication in the same manner as an authentication-based system like LastPass.

If security is your only concern, 1Password’s locally installed option is certainly the way to go, but usability is just as important. For that, the cloud-based options from either LastPass or 1Password might be more appropriate, since they offer business-friendly features that help less-savvy users recover and change passwords.

Choosing the right password manager tool

In conclusion, both tools should greatly increase the security of your business data while also making it easier to create and store secure passwords. But each service is only as good as the passwords it stores. If you use weak passwords (like “password” or “1234”), write passwords down on post-its stored on the underside of your keyboard, or store plain text passwords in a spreadsheet as well as your password manager, hackers and bad actors can still access them. The software also can’t help if you commit the other cardinal sin of password management — using the same password for multiple sites.

Ultimately, the decision between LastPass vs. 1Password will come down to your unique situation — your users, your OS environment, your regulatory requirements, or your IT admin’s preference.

Free Download

Cyber Security: How to Protect Your Business

Get My Free Guide

7 Comments

  1. Neil

    Hi Charles,

    Have you checked Enpass Password manager? I found it last week when I was looking for LastPass alternative due to recent vulnerability in LastPass.

    Obvious 1Password was my first choice but my pocket can’t afford it desktop version and it’s not availabe for Linux. So I searched some other alternatives and then I encountered Enpass. It’s a lesser known yet powerful password manager. I will highly recommend to have a look at Enpass as it’s one of the best cross platform password manager and I think everyone can afford this as it’s doesn’t have any subscription and has free desktop app.

  2. Mike

    LastPass feature to automatically change passwords does NOT work. This as of 10 minutes ago. LP has what they call a “security audit” which evaluates passwords in various terms … known breaches in certain sites, similar or identical passwords used on multiple sites, missing or blank passwords, and old passwords. So far so good. They even offer to fix those problems for you at the click of a button. (O.K. about 45 clicks, by the time you remove and replace LastPass with a version that has that feature.

    Once it goes to work you’ll notice that it is SLOWWWW. Maybe 2-3 minutes for each site. But the worst part is that it returns a message telling you that it failed. So now you have invested the better part of an hour messing with all of this to accomplish nothing at all.

    Should you be so foolish as to open a support ticket, they will run you through the typical non support tactic of having you untinstall, and reinstall. Once that also fails, and maybe two days later for this conversation go to on, they will tell you that they kown about the problem and they have it on a list somewhere and may do something about it someday but they won’t tell you when.

    So much for LastPass security, and LastPass support. I’m looking for an alternative to switch but I do not want to as I’ve a lot of time with LP. But seriously, another problem of LONG standing is that it won’t fill login credentials to one of those popup boxes that some sites present you when you attempt to log in. I don’t think they even PLAN to address that.

    I’m seriously considering printing out ID/PWD lists and carrying them in my wallet.

  3. Cyber

    Between LastPass and 1Password which one is better? Keeper is! I believe they have a better security model, easier synchronization between every device, browser, and platform, it’s easy to use and it’s not hard on the pocket book. Checkout Keeper Security.

    • Aleks Peterson

      Thanks for the feedback, Cyber. Cool name, too. What is that . . . Greek?

  4. Alexander

    The thing about 1Password that is a deal-breaker for me is that I paid the $64 for the Mac version and I have been unable to use it on Windows without it being a massive pain in the butt, and they want you to pay separate for the Windows version and then in order to use it on Windows to sync across both Windows and Mac they want you to subscribe to their service to sync the passwords online, which is bull. I feel like I got robbed because I’m not able to use the Windows version after paying a whopping $65 for it on Mac.