Password managers have become an essential security tool in the modern data-driven world, and fortunately, they have evolved over the years. In the not so distant past, password managers only came in the stand-alone variety, making it extremely difficult to share password databases with other devices and keep everything updated and synced.
Luckily, cloud technologies started booming in the last decade, and password managers followed suit and started migrating to the cloud as well. But there are a lot of different services to choose from, and it’s tough knowing whether or not you are getting the best value for your money.
To help you make an informed decision, today we’re going to be comparing two of the most popular password managers in the cloud: LastPass and Dashlane.
Dashlane, which I find to be an odd name for a password manager, was first launched back in October of 2012, making it just over four years old. It is both cross-platform and multi-lingual, and available on iOS, Android, Mac, and PC. LastPass is also multi-lingual and cross-platform (as most cloud services are), though it’s about 4 years older than Dashlane.
LastPass was first launched back in 2008 and has had more time to grow and mature into a reliable and affordable service.
But before we dig into each respective provider’s features, let’s start by looking at their pricing models.
Also, I’d like to point out that LastPass offers a free version of their service, and Dashlane includes a 30-day trial of their service. Plus, Dashlane’s free trial doesn’t require payment card data, so you won’t be automatically billed if you forget to cancel.
The following outlines Dashlane’s pricing model:
- 2-100 users: $2.00 per user per month (For the latest prices and discounts, check here)
- 100-1000 users: $1.50 per user per month (For the latest prices and discounts, check here)
- 1000+ users: $1.25 per user per month (For the latest prices and discounts, check here)
The following outlines LastPass’s pricing model:
- $1.00 per user per month ($12.00 per year) (For the latest prices and discounts, check here)
Essentially, if you’re a single home user looking to buy a premium account, the difference between providers is only $1.00 per month – which isn’t anything crazy. The only real scenario where I can see their price differences mattering too much is if they are multiplied by a large number of users. But at any rate, LastPass is certainly cheaper.
Both Dashlane and LastPass use strong master passwords to secure each user’s password database, and it’s incredibly strong since each user manages their own encryption key. Without the master password, it’s not possible for an employee or hacker to break into the password database. That said, there have been several security breaches.
The following outline LastPass security breaches:
- 2011 XSS Attack – in February of 2011, an XSS vulnerability was discovered on the site and fixed within a few hours. After searching through their log files, they couldn’t find any evidence of any successful attacks.
- 2011 Security Breach – in the following May of 2011, engineers discovered network traffic anomalies that couldn’t be explained. Since they couldn’t explain the unusual traffic patterns, they still advised users to update their master passwords just to be safe, but no log files or security devices lent proof or evidence of a true breach.
- 2015 Security Breach – in June of 2015, LastPass sent advisement via their blog that nefarious activity had been observed on their network. They then reported that email addresses for various accounts, password reminders, server metadata indicating the number of active users, and even authentication hashes’ integrity had been compromised. However, no user passwords were compromised due to strong encryption.
- 2016 Vulnerability Discovery – in July of 2016, a vulnerability was discovered that made it possible for attackers to read plain text passwords when a user visited malicious websites. The crux of the exploit revolved around URL parsing syntax, though they fixed the issue in their browser extension.
Dashlane, on the other hand, doesn’t have such a long laundry list of security breaches. Part of the reason they have fewer data breaches is likely due to the fact that they haven’t been around as long as LastPass, but I’d like to bring up a few key points.
While the list of security breaches for LastPass may look intimidating, understand that the master password did its job.
A few of the anomalies aren’t certain to have been attacked, and a couple were merely vulnerabilities that got patched – with no evidence ofbreak-in in.
In the one incident where some server metadata was compromised, users’ passwords were still safe since the master password isn’t stored on LastPass’s servers.
So all in all, even though they have been the victim of attacks in the past, attackers still weren’t able to get their hands on passwords because of the AES-256 encryption system.
To date, it’s still impossible to break AES-256 encryption. A fair few conspiracy theorists might rant that Russia or the US has secret supercomputer networks that can break AES-256, but that’s a laughable notion at best, and there’s no evidence to support such a claim.
How Does Lastpass Compare to Others?
LastPass and Dashlane provide the same core set of features, which is essentially securing all of your passwords in one central encrypted database, which is secured with encryption and a master password that you manage and control. Nevertheless, they include a lot of extra features to make managing your online accounts and passwords easy and secure.
The following outline LastPass’s main features
- Sticky note system in the web interface – the “sticky note” system was designed to increase security by eliminating the need to stick passwords to your monitor.
- Unlimited passwords – there’s no limit on the number of passwords you can store in your database.
- Online shopping features – LastPass includes secure auto-fill features for online shopping using payment cards, like credit cards, debit cards, and digital payment sources like PayPal.
- Digital record keeping – LastPass has the ability to store other types of sensitive information, such as insurance data, Wi-Fi passwords, notes, and memberships
- Password sharing features – premium users get a shared family folder that provides up to 5 user accounts for simple password sharing.
- Password syncing features – easily sync updated login credentials with all of your devices.
- 1GB of encrypted file storage
- AES-256 encryption and SHA-256 authentication
- Technical support that takes priority over free users
For the sake of comparison, the following outlines Dashlane’s features:
- Unlimited password storage
- Two factor authentication
- AES-256 encryption and SHA-2 authentication
- Secure password sharing features with 5 users with the free version, and unlimited with the premium version
- Advanced emergency access settings
- A digital wallet to help store payment card data for fast, easy, and secure online shopping
- Priority customer support that takes precedence over free users
- The ability to sync passwords across an unlimited number of devices
To be completely honest, in my honest opinion, there isn’t a single big “wow” factor that would sway me one way or the other. I suppose that LastPass offers 1GB of secure cloud storage, which isn’t included with Dashlane.
These providers are extremely similar when it comes to their features, and they both use the same type of encryption (AES-256) to secure your passwords with a master password that only you know.
So, which one is better? I think it was an extremely close competition, but Dashlane won by a hair, and I’ll tell you why. I’m not too price sensitive.
Heck, we’re only talking about a difference of $1.00 per month, so even though LastPass won the price competition, that factor isn’t weighted too heavily for me.
And their features are extremely similar; there’s no one feature that I could do without or a feature that makes one service vastly superior to the other. So if they have similar features and LastPass costs less, why on Earth would I prefer Dashlane? I’ve got one word for you: security.
To be fair, even though LastPass was the victim of multiple security breaches, it’s doubtful that anyone’s master password was hacked because of strong AES-256 encryption. That said, Dashlane hasn’t received anywhere near the amount of negative flak that LastPass has for security breaches.
My line of thinking is, “If it only costs an extra buck a month, why wouldn’t I choose the more secure provider?” You may have different thoughts and are certainly entitled to your own experiences and opinions as well.
For me, however, I think Dashlane wins this competition – though only by a narrow margin.