LastPass versus 1Password versus KeePass, part 3

4 minute read

Part 3: Comparison of features and traits (continued)

Rather than break sections up the way reviews often are (all about option 1, then all about option 2), I’ll be segmenting this post by feature comparisons. Each comparison section will review one of the considerations I made when evaluating which password solution to use. I will touch on each of the three assessed solutions within each section.

Comparison 3 - Support

I have varying levels of experience with the support offered between the three alternatives being discussed. The most experience I have is with LastPass, and even that is limited.


In general, I will say that the support at LastPass went down in quality over the three years I was a customer. The attention to detail and comprehension of the first-level support reps seems not to be on par with what is once was. This is not surprising, given that LastPass was acquired by LogMeIn, and my guess (based on conjecture) is that they farmed out their first-level helpdesk to a larger call center to handle volume.

On an amusing note, my LastPass Premium subscription lapsed this past week, and I received an automated follow-up requesting input. They use SurveyMonkey for their surveys, which is fine, but something appears to be amiss, because when I click the link to the survey I see: Screen-Shot-2017-11-17-at-9.03.36-AM Top quality job, LastPass. You’ve really got your customer feedback game together.

A couple of anecdotal observations about their support over the years:

  1. Prior to the acquisition, I was able to approach LastPass support requesting technical information on their security operations. They were willing to share this information at the time (~3 years ago). Post-acquisition, the answer from support was that they do not offer this information. Now, it can be argued that this is a sound business decision to make, but as a security-aware user I have some concerns with the black box approach.
  2. The knowledge level of LastPass support has gone downhill. I reported an issue with browser performance in which I detailed specific performance impact and system environment in detail in my first submission. The rote response that came back was clearly script-based and the support rep had not digested the information I provided. After the first exchange, it took support about a day to come back with their official response that Firefox 64-bit was not officially supported at the time. The fact that a 2-year old browser platform was not supported was bad, and the fact that they didn’t pick up on it in the first submission (where I provided my browser details) was a sign of poor support.


When it comes to 1Password, I have less experience with their support. I trialed their product/service for the 30-day window offered, and determined within a couple of days that they were not up to snuff when it came to security methodology, philosophy, or operations. I didn’t have any major problems with the application itself, nor did I open any support tickets (other than to request detailed security operations information, which they denied, similar to the new LastPass approach). I did read through their support forums quite a bit, and I noticed a trend in their communication technique. I’ve roughly described the formula as:

  1. Repeat - re-state the posting user’s concern/idea in their own words
  2. Validate - use positive language to sound engaged in the conversation about this new idea or feature request
  3. Disagree - argue with the user and point out all the reasons that it’s not likely to happen
  4. Ignore - either close with some vague statements like “in a future version,” or else make non-statements as to whether the idea will be followed up on in the future or not.

To see this in action, you have only to visit the AgileBits support form. When users post ideas for new features or changes (my focus was particularly on security features), the 1Password team first acknowledges the input by repeating it, validating that it sounds really cool or would be worthwhile, then pointing out the flaws or issues as they perceive them. This is not necessarily a bad approach to handling support, and I leave it to the reader to decide if their overall support is good or bad. I was not a fan of what I was seeing, though the 1Password team does get props for at least trying to be engaged with their user community. Many services don’t get that far.


This is a bit of apples to oranges, since KeePass does not, itself, offer a cloud-based service for password syncing, and it is a free software solution offered via the time of its contributors for no immediate financial benefit. That said, I wanted to get some kind of input or feedback on how responsive or approachable the development/support team for KeePass is. There is a SourceForge support forum where bugs and features can be submitted. It seems to be pretty responsive and active, though at times the responses are a bit trite and give the attitude of “that’s the way it is, because.” I also reached out to the main creator/developer of KeePass via the contact form on his personal website asking some general questions. I was interested in his answers, but was also interested just to see if he would give me the time of day. As of the date of his post, he has not responded to the inquiry I submitted about a week ago.

That is all for now. More to come in future posts.