Security incident on record — CRITICAL: Major breach November 2022 — encrypted customer vaults stolen. Second breach 2023.
▪ Editorial verdict
LastPass has the largest review volume in the password management category and historically strong user ratings. The honest assessment in 2025 is that the November 2022 breach - where encrypted customer vaults were stolen - and the subsequent 2023 incident fundamentally changed the risk calculus for security-conscious buyers. While LastPass has made architectural improvements since, the breach history is the most significant in password manager history and procurement teams will raise it.
This is not a verdict on whether LastPass is currently secure. The architecture has been improved. It is a verdict on whether the reputational and risk management cost of choosing LastPass is justified when alternatives with no breach history are available at comparable pricing.
The verdict: for new deployments in 2025, the breach history makes LastPass difficult to recommend when 1Password, Bitwarden, and Keeper offer comparable features with no equivalent incidents. Organisations with existing LastPass deployments should conduct their own risk assessment and consider migration.
Last reviewed: May 2026
G2
4.52,022 reviews
Gartner
4.290 reviews
Gartner MQ: Not in MQ
Enterprise Password Management assessment
PROTECTIONAdequate
Vault security
2 / 5
Scored 2 because the November 2022 breach resulted in encrypted customer vaults being exfiltrated, and a second breach in 2023 accessed production systems via a compromised employee device. Encryption was technically intact but the incidents represent a fundamental failure of operational security controls.
Sources: LastPass breach disclosure November 2022, January 2023 update
Policy enforcement
4 / 5
Strong password policy enforcement features — before the breach incidents, LastPass had a full enterprise policy engine. The underlying capability remains but trust is significantly impaired.
Sources: LastPass Business documentation, G2 reviews
OPERATIONSStrong
SSO integration
4 / 5
SAML/OIDC, SCIM, Active Directory integration. Good SSO coverage. Scored 4 because the integration suite is mature despite the security incidents.
Sources: LastPass Business documentation
Admin & user UX
4 / 5
Largest G2 review volume (2,022 reviews) — interface is familiar to many users. Scored 4 because despite the breach, the admin UX is well-documented and understood.
Sources: G2 reviews
ANALYTICSAdequate
Usage reporting
3 / 5
Audit logs, security dashboard available. Scored 3 because reporting depth is similar to category average.
Sources: LastPass Business documentation
TRUST & ECOSYSTEMAdequate
Integration coverage
3 / 5
Active Directory, Azure AD, Okta, major IdPs. Scored 3 because enterprise security tooling integrations are narrower than 1Password or Keeper.
Sources: LastPass Business documentation
Strongest: Policy enforcement
Watch out for: Vault security
Strengths & limitations
Strengths
●Largest G2 review volume (2,022)
●Strong enterprise admin controls and Active Directory integration
●Affordable pricing
Watch out for
●CRITICAL: Major breach Nov 2022 — encrypted vaults stolen
●Second breach 2023 — production accessed via compromised employee device
●Significant trust damage; many enterprises migrated away
Best for
Existing customers who have reviewed breach history — new customers strongly recommended to evaluate Bitwarden or 1Password first.
Not suitable for: Orgs where trust and data security are top priorities — 2022/2023 breach history is significant