Let me explain. I have used LastPass for several years and always liked having a secure place for my passwords and secure notes. I loved that it worked on all my devices including my phones and tablets. I recommended LastPass to everyone I knew because I believed it was the most secure way to save passwords. The truth is however, I wasn’t using LastPass correctly. I had LastPass save passwords I made up, but I never relied on LastPass to generate the passwords for me. I decided to give LastPass a shot at creating and saving my passwords. My experience was brutal!
There are so many different situations where LastPass can screw up that it’s simply not worth trusting it. First of all, there are many websites where LastPass cannot fill the form. It presents you with the icon, but clicking on it does nothing. You can click on the LastPass icon to grab your username and password and manually pasted it into the form, but that’s a bit of a hassle.
The bigger issue is in generating passwords. Over the last couple of days I changed about 40 passwords and tried to let LastPass do the work. It worked on about 15 of those sites, and screwed up the other 25. Usually LastPass ended up screwing up and saving the wrong password. How does this happen? There are several ways.
One way is when a site presents you with a “change password” form with 2 fields. One is your new password and one is the confirmation of your new password. I clicked on the LastPass password generator in the form which presented me with a password. After telling LastPass to save the new password, what I didn’t know because a LastPass dialog box was blocking the form, is that the new password was not entered into both password fields. This means I couldn’t save the new password, but LastPass had already erased my original password in favor of the new password. I found that out the hard way! The fix was manually resetting the password with the website.
Another similar situation is when a site asks you for your new password, you generate it, then it asks you for your old password on the NEXT page. LastPass has already overwritten your old password so you’re screwed again.
Another situation is when LastPass simply saves the wrong password for a reason I cannot explain. This happened to me at least 8 times and I had to manually reset those passwords as well.
Trying to get LastPass to play well with WordPress is an absolute nightmare. There are several WordPress URL’s and LastPass can’t figure them all out. You might go to https://wordpress.com, or username.wordpress.com, or en.wordpress.com. If you don’t have 3 separate entries for WordPress in LastPass you’re screwed! Try changing your password for WordPress then ending up at a different URL where LastPass can’t supply the right password. It will drive you mad, especially after you try resetting the password but LastPass overwrites the wrong one. You will go in circles like I did.
I am a developer and if I can’t figure this software out something is definitely wrong. I was such a fan of LastPass but over the past couple of days I’ve come to realize it cannot be relied on completely. If you are okay with manually copying and pasting your passwords, and being very careful when you change a password, it is a useful tool. Otherwise, I would recommend using Dashlane or some other product.
I have been in touch with the support crew at LastPass and they have been very diligent about tracking down my issues. The problem is these issues are real. They have confirmed that several of the sites I’ve mentioned have had issues with LastPass.
I just don’t understand how people actually rely on this tool. I REALLY want to like LastPass. I heard Steve Gibson rave about it and I wanted him to be right. The truth is, although I believe LastPass to be completely secure, it is also completely unreliable unless you are willing to do EVERYTHING manually. I could never recommend this for a novice or anyone who didn’t want to have to think about it.
