Welcome back to the fourth Annual edition of the Best Password Manager.
Each year I review and discuss the best Password Managers, and if the recent LastPass breach has taught us anything - it’s that finding a better and more secure password manager is worth spending some time on.
This year we will be scoring 1Password, Keeper, Bitwarden, Synology C2, Dashlane, and LastPass, though you can probably guess my opinion on that last one!
And we’ll be scoring them on Security, Features, Support, any major frustrations, and of course, Pricing.
Most, if not all of these, offer some form of affiliated discount, so if you wanted to sign up for any of these services, there’ll be some links to some discounts down below.
Full Disclosure - Over the last year, I have worked with and been paid by most of the Password vendors to make sponsored content for them on my YouTube channel. It seems my previous years' videos have gotten their attention. But this post is not sponsored by any of the password managers, the video however IS sponsored by AVG - more on them a bit later, and as always, my opinions are my own, so I am free to say what I want. More information on my ethics statement can be found here:
My ETHICS Statement: https://www.petematheson.com/ethics/
So to kick things off, let’s take a look at last year's Winner; 1Password.
1PASSWORD
Security (10/10)
In terms of security, 1Password has a unique and strong approach as standard with their use of a Secret Key to protect your password vault.
So, in addition to your username and master password, when you sign up for their service, the device you are using generates a Secret Key. It’s something that’s not known to 1Password and isn’t stored by 1Password.
In addition, they have support for Two-factor authentication either using an App such as Authy or Microsoft Authenticator, and they also support something which I’d highly recommend everybody uses along with any password manager, and that’s a Yubikey.
So as far as security goes, I sign into 1Password with my Username, Master Password, plus the Secret Key, which nobody knows except for me, AND I have to physically plug the Yubikey in and touch it to confirm that I’m trying to sign in.
Now, these are an optional extra, you don’t have to use them - but given that you might be storing everything from usernames, passwords, bank and credit card details, personal ID, and passport information - it’s well worth doing this. There won’t even be a trace of those passwords left on your device.
1Password is one of the ONLY Password Makers out there to have ZERO embedded trackers in their Android App which is a big deal, considering others are embedding marketing trackers into theirs - so keep reading for more on that.
They also have a bug bounty program that rewards anybody for finding security holes in their product, with an insane $1 million top reward for finding a critical flaw in the product.
And as far as their bug bounty goes, they have already paid out over $100k to bug crowd researchers.
It doesn’t stop there, in a Post shared on Twitter, a user discloses how fast 1Password jumped on a reported issue and fixed it AND paid them their reward the same day.
So far, 1Password has never been breached, and with their implementation of the secret key AND support for security keys like the Yubikey, I have to score 1Password a 10/10 for setting the standard when it comes to security.
Features (9/10)
Features have also been an area where I’ve seen some significant improvements over the past year for 1Password.
One of the more recent updates which have impressed me has been where you go to log in to a website and are presented with a multitude of options; would you like to sign in with Apple, Facebook, or Google - or let's use the Epic website as an example, perhaps there are about 10 different options! But you don’t remember which one you used to sign in.
The latest 1Password update now remembers this for you and can automatically sign you in using the right account.
Another recent update for Mac also removed the need even to have a browser plugin installed because with the Native Mac App, you can simply hit a keyboard shortcut, and it would auto-fill anywhere. Be that in a browser, an App, or even the Mac OS Prompts themselves.
This aside, 1Password lets you store anything from simple logins to driving license information, debit and credit cards, one-time passwords, and a whole host more with their handy feature that provides guided templates when creating new passwords. Or, it can do it automatically on the fly as you’re signing in and use 1Password to generate new secure passwords for you.
1Password has browser integrations for practically every browser and across every operating system, including less-supported platforms such as Linux and even Command Line, as well as providing one of the first direct safari and iOS integration which can be used across all Apple devices.
Furthermore, if you’re in the US, then you have access to integrations such as Privacy.com to create virtual payment cards for specific subscriptions or with spending limits, there’s a Fastmail integration that lets you hide your email address when signing up for services, and more recently an integration with a crypto wallet called Phantom.
WatchTower is their monitoring service which will alert you to any weak passwords of yours which are leaked online, and finally, the ability to see an overall Security Score of your Passwords gives a great indication of how well protected you are online.
And finally for features, 1Password are I think the only one that has boldly published a page that explains their future vision of what 1Password will look like. Simply visit future.1password.com, and it will explain the types of challenges they are trying to solve, with many of these having the individual consumer at the centre. Including their latest PassKeys announcement, which enables secure, totally passwordless sign-in on any device.
I’m going to score a 9/10 on features, and the only reason points are docked here is that most of the integrations are only for the US market, so I can’t actually use them here in the UK. But overall it really feels like 1Password is still pushing the whole Password Manager industry forward - or rather dragging everyone else behind them.
Support (8/10)
For Support, 1Password offers support via their Community Forums, Twitter, and direct Email Support.
Over the last year, I haven’t needed to contact their support team for any reason - but for this post, I decided to contact them via both Twitter and Email to see how quickly they responded.
Query sent in at 10:30 am on Monday - They responded at 1.37 pm - so about 3 hours, pretty damn good!
So a fairly respectable response here. Though they don’t offer telephone support - so as far as Support goes, I’ll go with a 8/10 for 1Password.
Major Frustration (8/10)
For major frustrations, I wanted to cover any issues that I’d experienced over my time using 1Password since the last post, and there has been only a couple.
Firstly, there have been a few times where the usernames and passwords either refuse to fill in via my desktop browser or where I’ll have to do the action twice because the first time I click to auto-fill, it didn’t fill anything in.
That’s the first one.
The second one has been what I would say is a fairly consistent experience on Android, where it just doesn’t prompt you to fill in anything.
I’ve found myself having to go back and forth to copy usernames and passwords across, whereas, on iPhone and Windows, and Mac desktops, it’s been mostly flawless.
For scoring, a perfect score here would be ten and something that makes this product impossible to use would be 0. So I would say that it depends on which devices you are using. If you’re on Windows or Apple, then it’s just a minor frustration. If you’re on Android, failing to Autofill could be a major one for you. So I’m going to score a 8/10 here.
Pricing (5/10)
Pricing-wise, 1Password starts from $2.99 per month for a Personal Subscription or $4.99 per month for a family subscription, which includes five people under one account, and you can add more for $1 per month each.
1Password also offer their product free for journalists or a discount for journalist organisations which is something I’ve not seen offered by any other password manager.
So for pricing, we’ll score a 5/10 to get us started so we have room to score either way.
Let’s see now if anyone can de-throne 1Password, starting with - Keeper!
Keeper
Security (9/10)
Security is a top priority for Keeper and is still very strong.
Keeper encrypts the vault containing all of your passwords and then encrypts the individual passwords separately, using separate encryption keys to do so and using a strong form of encryption.
Keeper is also one of the only Password Managers to have Zero embedded trackers in their Android app, though, and like 1Password, Keeper has never been successfully breached.
They offer similar support to 1Password with the likes of 2-Factor authentication such as Apps like Authy, but also Yubikeys and authentication with devices such as Apple or Android Watches and Fingerprint or FaceID for mobile devices.
They also have a bold claim on their website, from a blog post updated in 2023 to say that ‘Keeper is the most secure, certified, tested and audited password security platform in the world.’
Digging into this a little further from a blog post in July of 2017, Keeper talks a little about their Emergency Access feature, more on that in a moment - with the example of someone passing away who held passwords for some critical business accounts.
And even though they didn’t have emergency access setup, they could still get into the account by getting into their email account, following a password reset procedure, and providing answers to several security questions.
Just from my experience - people's email accounts get phished every day, and people provide easy-to-find answers to security questions which, to me, makes this feel like it would be possible to get into someone's account if someone wanted to.
But with that said, I also feel like I’m being too harsh on Keeper, because, from my research, they are still one of the most secure password managers out there, and so I’m going to score them a 9/10 here with a point docked for their seemingly self-endorsed statement and also, I do feel that 1Passwords implementation of their Secret Key is more secure given that example I just mentioned.
Features (7/10)
For features within Keeper, it depends on who you are.
For the regular Joe, it does everything that you would need and expect a password manager to do.
It stores generates, and, auto-fills your various usernames and passwords into websites and apps without issue - and that includes across Android devices, something which 1Password seems to struggle with.
You also get custom Fields, which means you can store all sorts of information, from Personal ID such as driving license and passport information to credit and debit cards, including photos. So all good stuff there.
If you’re somewhat of an IT Techie, then Keeper has many integrations with more enterprise platforms that may interest you.
And whilst they don’t have many or rather any consumer integrations, they do have a built-in ability to grant up to 5 emergency contacts access to your vault in the event of an emergency.
This does make for a very convenient way of giving access to say, your significant other in the event that you’re put into hospital and they needed to get access to your life or health insurance policy information which is stored in your Keeper vault.
All they’d do is request access; you would then get an email asking to grant them access, which you can either immediately approve OR if you don’t respond within the time frame given, access will automatically be granted.
This, I feel, is one of those features which is important and handy to have; I know my wife would be lost with knowing how to log into half of the various insurance policies and investment accounts that I have - BUT similar to what I’ve just explained - it also makes me question how secure Keeper is if they have the right to permit someone else to your vault. I can’t find anything publicly that discusses this security aspect here, only talking about how convenient it is.
And from my world of working in the IT Industry, we all know that convenience is the enemy of security.
Speaking of which - if you are an IT Company looking to resell a Password Manager to your clients, then Keeper has an MSP Product that is ideal for you - and I’ll leave some links below for that which I think will have some discount baked into them.
That aside, Keeper offers some add-on services at an additional cost - a Concierge service to help you get everything set up, Secure File Storage, and their Breach Watch service, which monitors and notifies you of any leaked passwords.
I’m going to score 7/10 on features here. As far as the basics, it covers everything well. It’s a shame things like Breach Watch are an add-on, and for the consumer, there aren’t many integrations which you’d benefit from.
But it does what a password manager should do, and it does it well.
Support (8/10)
As far as support goes - the issue was raised at 11.40 am on Monday, the response received at 1.09pm - So under 2 hours!
I’ll go with 8/10 for Support here - It was slightly faster than 1Password but there are also fewer support options, and still no telephone support.
Major Frustration (8/10)
For major frustrations, actually, I don’t have much to say here at all. Auto-fill works well across both Android and iOS, though admittedly, they don’t have as nice of an autofill experience on Mac as 1Password. But that’s not a feature they offer, so I can’t dock points for that.
I think if anything, it’s going to be that features like their Breach Watch service that monitors any leaked passwords and storage are an additional cost. So I’m going to score Keeper as an 8/10 for actually, lacking any major frustrations.
Pricing (3/10)
In terms of pricing, $2.92 for a Personal Subscription and $6.25 for a Family Subscription with up to 5 People.
They also offer a Keeper Plus Bundle, which bundles in the File Storage and BreachWatch for $4.87 per month.
This overall makes Keeper quite a bit more expensive than 1Password, so I’ll score them a 3/10, but with it being better at Autofill on Android and still very secure, this might be the better choice for you if you carry around an Android phone.
Up next - let’s talk Bitwarden.
Bitwarden
Bitwarden is another firm favourite that crops up often in discussions. Mainly because it’s free and it’s open source. So let’s talk about what that means.
Security (8/10)
For security, Bitwarden's claim to being secure is the fact that it’s open source. Which is a good claim to have. The fact it’s open source means that anybody can review the code for the software to confirm that it is secure and encrypted properly and all of that good stuff.
Like many other providers, Bitwarden also gets audited to confirm everything is as it should be - and Bitwardens method of encrypting your Master Password means that it would be difficult to near impossible for anybody to find and decrypt your master password.
However, as we’ve just seen with LastPass, IF someone did get hold of your password database, then they could try and brute force access into your account by just hammering it with random password guesses repeatedly until they get in. This is what people are most concerned about with the recent LastPass breach.
Because if you have an easy-to-guess Master Password, your account will be very easy to crack.
The way to protect against this is to use 1) a strong master password and I would say, 2) a physical key, like a Yubikey.
These things work like front door keys to your house. You can't get in if you don’t have a key. In fact, they work better than a front door key because, with a Yubikey, you can’t even smash a window to get in and skip the Yubikey altogether.
That’s not to say Bitwarden is any less secure than some other password managers, but what I would say is that Bitwarden feels more ‘techie’ overall.
Just generally browsing through Bitwarden's website, whilst you do feel reassured about how secure the product is, I can’t help thinking that only the techies amongst us can actually understand what it’s talking about.
Bitwarden also offers the ability to host your Password Manager service, so you’re not storing anything in the Bitwarden cloud. But again, this is probably something only for those technically savvy enough to do so. Otherwise, you’ll risk the security of your passwords even more.
With that said, it’s still not as secure, in my opinion, as 1Passwords Secret Key, which - I can’t see as anything other than uncrackable unless you somehow shared or leaked your secret key.
AND, Bitwarden still embeds two trackers in its Android App. Yes, they are only so they can create a log when the app crashes, but these are trackers that the likes of Keeper and 1Password don’t have, and a thread on Bitwardens Community has many people requesting they remove the trackers to keep up with the likes of 1Password and Keeper - so all of this combined, I’m going to score Bitwarden 8/10 for Security.
Features (5/10)
Like most other Password Managers out there, Bitwarden is pretty solid regarding standard Password Manager features. All of what you should come to expect from a Password Manager.
It covers pretty much all operating systems and all browsers, with some additional options for Linux and command-line users.
The only ‘feature’ that feels above and beyond what comes as standard is Bitwarden Send, which lets you share information with other people securely whilst being able to set restrictions around the date, how many times they can access it, or even a password to access what you’ve shared. All of this is encrypted throughout its journey.
You’ve also got an Emergency Access feature similar to that of Keeper, though again, that raises security concerns - more on that in the Keeper section.
But you do get things like account health and data breach reports to notify you when any of your passwords are leaked online BUT these tools are kept separate from the desktop client, meaning you have to login via a web browser and then manually run these checks - which isn’t as user friendly or intuitive as other password managers.
And as mentioned in the security section, they offer a self-hosted option, so if you don’t trust ‘the cloud,’ you can host everything yourself, including taking on the burden of ensuring that how and where you’re storing everything is secure.
Given the price point, it’s quite impressive - but as far as features above and beyond, there just doesn’t seem to be much on offer here, and therefore I’m only going to score a 5/10 on features.
Support (5/10)
Support contacted at 12:48 on Monday - response was received at 4.50pm - so 4 hours. But they didn’t exactly help me - they just pointed me to an article that I’d already read, which is why I contacted support.
4 hours is also slower than others so far, but honestly - 4 hours is still incredibly good for a response. I was kind of expecting some of these companies to take a day or two to come back to me - so they’ve all over-delivered on my expectations!
5/10 for Support, is still great! But not as fast as the others, and not a very helpful response.
Major Frustration (7/10)
With Bitwarden and Major Frustrations, for me, it’s that the client just feels clunky and bland. I know you’re not meant to judge anything based on looks - but it just feels like I’m using an old Windows XP app that should have been updated but hasn’t.
Things like being unable to click and drag the client when clicking in certain areas can get quite annoying.
Another silly and probably minor thing, but the area on the left side here where you switch between Logins, Cards, Identity, and Notes - you have to click on the actual text, if you still click on the row, which in my eyes should still select the item, it does nothing. It’s just empty white space. As is the huge white space with the Bitwarden logo on the right.
There’s an area where I’m trying to scroll using the bar down the side, but instead, it’s moving the whole client - really annoying!
Also, those tucked-away features in the web version which aren’t built into the app itself, information on which passwords have been leaked - which means a bit of back and forth - again, something that feels a bit clunky to me.
There haven’t been that many major developments in the product since last year, no crazy innovation like we’ve seen with some other password managers, though - and I said this in the last review - but as far as this product goes for regular people - Bitwarden is Good. But if you’re a more advanced Techie user, it may score higher.
I will score major frustrations as a 5/10, with points docked for the clunky interface and hidden features.
Pricing (9/10)
As far as pricing goes though - Bitwarden is very impressive. For just $10 per YEAR that includes 1Gb of Encrypted File Storage offers fantastic value,
And they also offer a family version at just $3.33 per month, which includes up to 6 users.
You can also buy additional storage at $4 per GB / Year. You can’t really beat Bitwarden for pricing if you look at the Premium account, but if it’s a family account, then you can still get very close and sometimes even beat their family pricing when considering discounts on some of the other password managers - again links below for all of those which I’ll try to keep up to date over this year.
But because the Personal Premium pricing is so competitive, I will score Bitwarden a 9/10 on pricing here.
But wait, there is a new entry for the free slash low-cost password manager. Enter - Synology!
Synology C2
Security (7/10)
Synology offers a fresh approach to a low-cost but strong password manager with their C2 Password Manager.
Better known for their range of Network Attached Storage, Synology has published their C2 Password Security Whitepaper that details exactly how your data is kept secure and is similarly in line with the other password managers reviewed today.
Synology is, however, one of the first and only password managers I’ve come across, which will let you choose where your data is stored.
Not a huge issue for most people, but from the comments, I do know that some people like to know where their data is stored.
With Synology, you can choose between the EU, US, or APAC regions.
Once logged in, you enter your decryption key, which is the same one used across other Synology C2 services, to decrypt your password data.
From reading the white paper, this seems to be somewhat halfway between what everyone else is doing to secure your password data and the way 1Password works with generating a unique key.
So for Synology C2, you sign in with your Username, Password, and Decryption Key.
There are two issues with this, though - firstly, the Decryption Key is set by you, not randomly generated. So that means you could be entering a very easy-to-guess decryption key here.
Secondly, Synology C2 doesn’t support hardware keys like Yubikeys, which I know I keep banging on about, but again - if you’re storing your life’s information in one place, you want to ensure it’s as secure as possible.
Now a way around this that I’ve used is to sign in to Synology C2 using my Google Account, which does support Yubikeys, so I sign in, tap my key, and then it prompts me for the decryption password. That does work. But it’s something that should really be supported by default.
7/10 for C2. Extra points for the Decryption key, but taken away again for no Yubikey support.
Features (4/10)
Now Synology C2 Password is one of the newest players in the Password Manager space, so they haven’t had a huge amount of time to develop industry-leading features, but, being Synology does have some advantages with their experience in security and storage devices, in that it seamlessly integrates your account with other C2 Services.
There is currently one major drawback which I’ll talk more about in the Dashlane section though - and that is that there is no desktop app on Windows or Mac for Synology’s C2 Password Manager.
It’s all accessible via web browser only. Again, more on that in a moment.
As far as C2 Password goes, it does everything you should expect. Autofill on Apple, Windows, and Android, you can also securely share records with other people by inviting them to see a shared vault, though it’s not as well built out as other password managers offering similar features.
But what Synology offers is a Secure File Send feature where you can control how it looks and what they can do with it. Add text or watermarks to images and restrict how long they can access it and whether they can download the file or just view it.
One other major limiting feature right now has been their supported devices, notably, that Safari is currently not supported, there’s no mention of the likes of Linux or command line access, and one final notable omission is the lack of breach notifications for any passwords which may have leaked online.
4/10 For features here.
Support (5/10)
Support seems to be email only and via a contact form - but again, something I’ve not seen before is when submitting a support request, you get the option to speed up your response time by allowing support reps outside of the data location you’ve chosen to assist.
I think all of us would probably just check Yes here to get the fastest response we can.
But as far as how long you need to wait. Support case submitted at 3.50pm and response received at 9.54am the next day.
Which considering I checked the option for speeding up my response, I’m surprised it took that long.
I could understand if that was because I submitted at 3.50pm, their support team went home at 5pm and came back at 9am the next day.
But that is vastly longer than everyone else we’ve tested so far.
I’m going to score, unfortunately, a 4/10 here for Support. The only saving grace is that their response was pretty good explaining the answer to my question, and not pointing me at an article as Bitwarden did.
Major Frustration (3/10)
In terms of major frustrations with Synology C2, the App looks modern, it works well, doesn’t seem to have issues auto-filling in on my devices. It does lack Safari support, so that might be an issue for you - personally, I’ve switched over to Brave recently and so the Chrome plug-in works well for that.
Points docked for no Yubikey support and no desktop app - which I’ll explain more about in a moment.
3/10.
Pricing (10/10)
But what it lacks in features and Yubikey support and does poorly for browser support, it does well with Pricing.
Synology C2 is Free for a single user, with all of the features and limitations I’ve mentioned already.
You can upgrade to the Plus version for $4.99 for a whole YEAR - seriously, a whole YEAR! And that gives you essentially a family version with up to 6 people, including a shared vault between you.
So I think on Pricing alone, forgetting everything else - this has to be a 10/10. It’s the cheapest one available so far. Just keep in mind its limitations around security and those limited features.
A quick pitstop now at Dashlane!
Dashlane
Security (7/10)
Regarding security with Dashlane, let me talk more about one issue that affects Synology too, and I’ll forever sit on since Dashlanes decision to transition from an App to a Browser Based password manager a couple of years ago.
I skipped out on reviewing them for the last year and possibly the year before that because trying to review them mid-transition to a browser-only approach was a very messy experience with things not working or features in one place but not another.
I have a few concerns about being browser-only.
- Firstly and most obviously, you always have to have your browser open to access your credentials - so yet another tab that you have to have there permanently.
- Secondly, I know so many people who have had their browsers compromised with toolbars and browser redirects, and basically - they’ve clicked on or downloaded dodgy stuff. So when I speak broadly about what I’d recommend - having to access and manage your passwords with a browser is too big of a security risk for me. Who’s to say that you haven’t installed a bad browser plugin that’s logging what you’re doing or what passwords you’re storing?
- And thirdly, I use my password manager to log in to more than just websites. So when I open an App on my Mac, I have to open my browser, log in, find the password, copy, paste - all that stuff, which I don’t have to do with other desktop app-based password managers.
That aside, they take a similar approach to encryption to others which are detailed in their Security Whitepaper.
But another thing they’ve backtracked on, since going from a desktop app to a Web app, is removing support for physical security keys as part of 2 Factor Authentication, like these Yubikeys - which is a step back in my opinion.
You can use them to unlock Dashlane day to day once you’re logged in, but not as part of the login process - which seems a bit backward to me.
You can kind of work around this by using the Yubikey authenticator, but it still takes what should be a fairly simple experience and makes it way too complicated for most general users to understand.
So it’s a 6/10 on Security for me for Dashlane.
Features (5/10)
Dashlanes features are pretty well covered, though - a security score and alerts for any breached passwords, and similar to others, you can store more than just passwords - your card information, ID such as passports and driving licenses, and securely store documents.
You can share, but it’s quite limited in terms of the restrictions you can place when sharing.
Nothing major here, but also no real issues - so for features, I’ll go with 5/10 for not pushing the boundaries with any new developments or integrations.
Support (7/10)
With all of that said - Support was an interesting one for Dashlane. They’re the first ones I’ve come across that offer Live Chat support. And hopping on to ask a question, once I got beyond the automated chatbot, I was in queue position two whilst waiting.
Chat started at 2.55 pm and chat responded to at 3.01 pm So they won the fastest response out of all Password Managers so far! So a 7/10 for Support, frustratingly, none offer any form of telephone support.
Major Frustration (4/10)
For major frustrations, the auto-fill on iPhone can sometimes be a bit clunky though it seems to work OK on Android.
And I think I’ve already given it away, but the lack of an app to me causes me problems when using the software, and the lack of Yubikey support too, so major frustrations get a 4/10 here.
Pricing (4/10)
Pricing for Dashlane is $2.75 per month for their Advanced account, which gives you Dark Web Monitoring as standard.
But they also have a Premium tier at $4.99 per month which also includes a VPN. And finally, they offer a $7.49 per month subscription, which is quite pricey but comes with up to 10 accounts for friends and family.
On the face of it, that’s cheaper than 1Password for a personal subscription but almost double for a family subscription. So I’m going to score this as a 4/10 for pricing.
Overall, I wouldn’t recommend Dashlane, but if a browser-based password manager is one for you - then it’s not a bad choice. Even though I somehow seem to have a premium subscription that expires in 2056! I’d still personally choose to use another option.
Next up, I need to tell you something very important about LastPass - because it’s made headline news recently, as well as some shocking, shocking information on their response to a flaw discovered in their product.
LastPass
OK, so if you’ve read any of my previous comparisons on Password Managers, you’ll know that every year I’ve called them out on this - and this year is no different.
They spent a huge amount on marketing and baiting everyone with a free product, then restricted it to force people to upgrade to their paid plan.
We're talking about, of course, LastPass
They include MARKETING trackers in their Android App for what reason, I honestly don’t know - which have NO place whatsoever in any App.
And in December 2022, LastPass had a breach so bad that they advised all of their users to change ALL passwords that they stored in LastPass as a precaution.
Just before writing this post I also came across this… this is just… nuts.
The same security researcher that I mentioned at the beginning of this post who disclosed a security issue with 1Password. Well, they found an issue with LastPass.
So they followed their bug bounty process, which was ignored.
They contacted Support, who responded in broken English ‘We are not sure to understand you request we are a password manager, are having issue with LastPass’?
A few more direct responses and still - no useful responses came back.
And it basically took them multiple attempts to explain to LastPass what they’d discovered. Only to get a semi-final response to say “Yes we will escalate your issue - but “We don’t understand what you are referring to. Is this an error with the report? Is a phishing email?”
And quite rightly, the response from this security analyst was simply ‘What the f**k LastPass?’.
And right below that, they posted the 1Password timeline for comparison. A night and day difference!
So I’m not going to score or review LastPass. I warn you every year when I make one of these posts, and every year there’s a new LastPass breach to talk about.
It’s a Bad Product, Bad Service, it gets hacked constantly, so it’s a flat 0 across the board. Don’t use it - and if you are using it, then I strongly recommend migrating to one of the other password managers I’m covering in this post.
Summary
Looking at the overall scores and feedback - I am going to be sticking with 1Password for yet another year. I feel the features and innovations that they keep delivering each year are pushing the industry forward. But Keeper, for me, comes a VERY close second, and I will admit that I think the user experience on Android is better with Keeper.
But for their Security, they are pushing the industry forward with new features and integrations, I think 1Password still takes the win for me personally.
But if you’re after something more affordable, Synology C2 I think would just about win for me over Bitwarden, just for the nicer interface. I think if Bitwarden would update to a more modern UI that has everything in one place, rather than having to jump back and forth between desktop and web app then that could sway me.
But there are, of course, a tonne of other password managers I could go through - Roboform and NordPass, to name a couple - but so as not to drag this post out, I’ll link to posts I’ve made on these already below, let me know if you spot any mistakes, or if you have any questions in the comments below, see you soon!
Thanks!
🛒 Get 25% off 1Password Personal: https://geni.us/99P59LS1rrw-1
🛒 Get 25% off 1Password Families: https://geni.us/99P59LS1rrw-2
🛒 Get 25% off 1Password Business: https://geni.us/99P59LS1rrw-3
🛒 Get 30% off Keeper Personal and Family: https://geni.us/99P59LS1rrw-4
🛒 Get Bitwarden: https://geni.us/99P59LS1rrw-5
🛒 Get Synology C2: https://geni.us/99P59LS1rrw-6
🛒 Get Dashlane: https://geni.us/99P59LS1rrw-7
https://www.petematheson.com/the-biggest-password-manager-scandal-this-decade/
Pete Matheson
