Table of Contents
As our digital lives grow more complex, the number of usernames and passwords we need to juggle has exploded. A 2019 report from password manager Dashlane found that the average person has over 200 online accounts requiring passwords. Memorizing strong, unique passwords for that many sites is practically impossible. As a result, many people fall back on using weak, easily guessed passwords or reusing the same password across multiple accounts.
This is a dangerous practice. Data breaches exposing huge lists of passwords have become all too common – just last year, over 555 million stolen passwords surfaced on the dark web. If you use the same password on multiple sites, a single breach could hand hackers the keys to your entire digital life.
Using a dedicated password manager is the smart solution. It enables you to use strong, unique passwords for every account while only needing to remember a single master password. And on your Mac, a password manager can integrate with Safari and other Mac apps to automatically fill in your login details so you‘re not constantly typing passwords.
Two popular password managers for Mac are LastPass and KeePass. They take very different approaches – LastPass is a streamlined, cloud-based service while KeePass is a powerful, open source desktop app. So which one is the best fit for Mac users? Let‘s dive in and compare them.
Security: How LastPass and KeePass Protect Your Passwords
When it comes to password managers, security is paramount. By putting all your passwords in one digital "basket", you need to have full confidence that your password manager is using strong encryption and security best practices to safeguard your data.
Both LastPass and KeePass use industry-standard 256-bit AES encryption to secure your sensitive information. Your master password (which you use to unlock the encrypted password vault) is hashed with the PBKDF2 algorithm and never transmitted to any server. This means that even if someone got hold of your encrypted password vault, they would not be able to decrypt your data without knowing your master password.
Where LastPass and KeePass differ is where that encrypted password vault is stored:
-
LastPass is a cloud-based service. Your encrypted vault is stored on LastPass‘s servers and synced between all your devices. The benefit is being able to access your passwords from anywhere and on any device. But some may understandably be hesitant to trust a third party with such sensitive data.
-
KeePass takes the opposite approach. By default, your encrypted password database is stored locally on your Mac. You retain full control and can decide if you want to sync the database file via your own cloud storage or not. This provides peace of mind that no one else has access to even the encrypted password vault.
Both approaches have their merits. Practically speaking, LastPass has a stellar security track record with no major breaches, so I believe most users can trust them to secure their data. But very security-conscious users will appreciate KeePass‘ offline, "zero knowledge" model.
Another key aspect of password manager security is two-factor authentication (2FA). 2FA adds an extra layer of protection beyond just your master password. Even if someone somehow obtained your master password, without access to your second factor they would not be able to decrypt your vault. LastPass supports several 2FA methods, including:
- Software-based one-time passwords (Google Authenticator, Authy, etc.)
- Hardware keys (YubiKey, Sesame)
- Biometric authentication (Windows Fingerprint, FaceID/TouchID on iOS)
- Printed backup codes
This covers all the major 2FA categories and provides plenty of flexibility to find the right security/convenience balance for you. I especially appreciate LastPass‘ support of hardware security keys, which provide the highest level of security against phishing attempts and other attacks.
In contrast, KeePass does not have built-in two-factor authentication support. Some KeePass ports like KeePassXC do offer basic 2FA functionality via plugins, but it‘s not as robust or user-friendly as LastPass‘ offerings.
User Experience: Set Up and Everyday Use
For a password manager to be effective, it needs to be frictionless enough to use consistently. First-time setup needs to be simple, importing existing passwords painless, and integrations with your browsers and other apps should be seamless. Let‘s look at how LastPass and KeePass fare on Mac:
LastPass
Getting started with LastPass on Mac is a smooth process. Just download the Mac app from the App Store or the LastPass website, install the Safari extension, and create your account. LastPass will walk you through creating a strong master password and setting up two-factor authentication.
To jumpstart your vault, LastPass can import your existing saved passwords from Safari, Chrome, and Firefox in a few clicks. It can also import from a variety of other password managers. As you log into accounts, LastPass will ask if you want to save your credentials. Over time, this builds up a comprehensive database of all your passwords.
In day-to-day use, LastPass is incredibly efficient on Mac. When you navigate to a site with saved login details, LastPass will automatically fill them in (after prompting for your master password if you‘ve been idle for a while). If you have multiple logins for the same site, you can click the LastPass extension icon to pick which one to use.
LastPass‘ Safari extension is thoughtfully designed, with support for TouchID to auto-fill passwords and easy access to key features. The LastPass Mac app itself is somewhat bare bones, serving mainly as a vault interface to view and edit your saved items. But since most interaction is handled through the browser extension, that‘s not a big downside.
Some other Mac-specific LastPass features I appreciate:
- Support for system-wide hotkeys to quickly search your vault
- Ability to create a separate, local-only vault (not synced to LastPass cloud) for sensitive items
- Option to cache master password to avoid needing to re-enter it frequently
KeePass
Getting up and running with KeePass on Mac is a bit more involved. The first challenge is picking which KeePass port to use, as the original version is Windows-only. The most popular Mac-focused ports are KeePassXC and MacPass, which aim to provide a more native experience for Mac users.
I tested KeePassXC for this comparison. The first-time setup process is not quite as streamlined as LastPass‘. You need to manually create a new database and choose where to save the password vault file. There‘s no automatic importing from Safari, so you‘ll need to manually export your passwords from the browser to a CSV file first, then import that into KeePass.
Browser integration is also a bit clunkier. KeePassXC offers browser extensions for Safari, Chrome and Firefox that enable auto-filling passwords. But these are separate projects from the main KeePass application, and you need to manually set up a connection between the browser and your password database.
In everyday usage, KeePassXC gets the job done but lacks some of LastPass‘ Mac-specific polish. There‘s no TouchID support or system-wide hotkeys, for example. And because your passwords are stored in a local file, you need to manually ensure that file is in sync across all your devices (either by storing it in a cloud folder or using a file syncing service).
On the flip side, KeePass is tremendously flexible and customizable. You can extensively tweak the app‘s interface and behavior. And there‘s a huge library of third-party plugins that can extend KeePass‘ functionality. Power users may appreciate that ability to tailor the password manager to their exact specifications.
Pricing: Free vs Premium
A key consideration when choosing a password manager is price. You don‘t want to skimp on security, but you also don‘t want to overpay for features you won‘t use.
LastPass has a generous free tier that covers all the core functionality most users need: unlimited passwords, access on all devices, secure password generation, and two-factor authentication. The main limitations are that you can‘t share passwords with other users, and file storage is limited to 50 MB.
Upgrading to LastPass Premium costs $36/year and unlocks unlimited sharing, priority customer support, and 1 GB of encrypted file storage. Families can also get a 6-user plan for $48/year. Compared to other premium password managers like 1Password ($36/year for individuals, $60/year for families), LastPass‘ pricing is very competitive.
KeePass, being an open source project, is completely free to use with no upsells or limitations. Development is funded by donations rather than user fees. Of course, you don‘t get a seamless cloud sync experience or customer support. But for more tech-savvy users, KeePass is a very capable, secure solution at an unbeatable price.
It‘s also worth mentioning Apple‘s iCloud Keychain as a free, built-in password manager for Mac users. It integrates very smoothly with Safari and offers basic password generation and syncing between Apple devices. However, it‘s less full-featured than LastPass or KeePass (no secure file storage or password sharing, for example) and only works in the Apple ecosystem.
Other Features to Consider
Beyond the core password management functionality, LastPass and KeePass offer some additional bells and whistles that are worth highlighting:
LastPass
- Secure notes: You can store freeform text notes (server details, WiFi passwords, etc.) with the same security as your passwords
- Form fill profiles: Save your name, address, credit card details etc. for fast online form completion
- Password security audit: LastPass will analyze your vault and flag weak, reused, or breached passwords
- Emergency access: Designate trusted contacts who can request access to your vault in an emergency
KeePass
- Extensive customization: Open source code base means plugins can extensively change look and behavior of KeePass
- Portable option: Store KeePass on a USB key for use on the go without installing any software
- Auto-type: Customizable keyboard shortcuts to automatically type usernames and passwords into any app
- Attachment storage: The ability to attach arbitrary files to password entries for reference
Expert Perspectives on Password Manager Security
To get additional context on LastPass and KeePass security, I reached out to some leading voices in the Mac security world. Here are a few of their insights:
"Password managers like LastPass are one of the most important tools users can adopt to protect their online accounts. By using a unique, generated password for every site, you ensure that a breach of one service won‘t cascade across your digital life. LastPass‘ architecture is designed so that your master password never leaves your device and couldn‘t be accessed by LastPass employees even if they wanted to." – Rich Mogull, Analyst at Securosis
"KeePass is a solid choice for security-conscious Mac users who are willing to put in a little extra work for the peace of mind of local password storage. The ability to inspect the source code is great for transparency. Just be sure to follow best practices, keep your database file secure, and maintain backups!" – Katie Moussouris, Founder of Luta Security
"Password managers are absolutely essential for good online hygiene, but they‘re not a silver bullet. Even with unique passwords, accounts can still be compromised by phishing, malware, or other attacks. Think of a password manager as one important layer in a larger security strategy that should also include two-factor authentication, regular software updates, and a healthy dose of skepticism." – Joshua Long, Chief Security Analyst at Intego
The Future of Password Management
As we look to the future, traditional password-based authentication is starting to be replaced by newer, more secure methods. The FIDO Alliance and W3C have developed standards like U2F and WebAuthn that let you use a hardware security key or biometric factor to log into websites without a password at all.
Many major services like Google, Dropbox and GitHub already support these passwordless standards. Over time, passwordless logins are expected to become more and more common. So where does that leave password managers like LastPass and KeePass?
They will still have an important role to play in managing all the passwords we accumulate across the web. But I expect they will evolve to put more emphasis on supporting and integrating with these new authentication mechanisms. For example, LastPass already lets you store hardware security keys in your vault as a two-factor authentication option.
I also expect to see password managers expand their focus to become more comprehensive "identity managers". In addition to passwords, they will aim to secure other aspects of your digital life like credit cards, IDs, sensitive files, and more. The recently-announced passwordless support in 1Password 8 is an early example of this trend.
Conclusion: LastPass Is the Best Password Manager for Most Mac Users
After an in-depth evaluation, I recommend LastPass as the best all-around password manager for Mac users. Its ease of use, strong security, and comprehensive feature set make it an excellent choice for anyone looking to up their password game.
The Safari integration is seamless, the setup process is simple, and features like automatic password changing and emergency access put it a cut above other options. The free tier is also very generous, making it a no-brainer to try out. And if you need premium features like password sharing, the paid plans are reasonably priced.
That said, KeePass is a compelling option for certain Mac users. If you‘re technical enough to not be put off by its do-it-yourself nature, the ability to store passwords locally in an open source app is attractive. And you can‘t argue with the price tag of free. Just be prepared to spend some time up front getting everything configured to your liking.
For users who only need basic password management and sync across Apple devices, iCloud Keychain is also worth a look. It doesn‘t have the advanced features of dedicated password managers, but it‘s dead simple and integrates tightly with macOS and iOS.
Whichever app you choose, the important thing is committing to using a password manager. Even an imperfect password manager is far better than reusing weak passwords or, even worse, not using one at all. With threats like credential stuffing and phishing on the rise, taking control of your passwords is one of the most impactful things you can do to secure your digital life.