Cloak vs LastPass

SSL pinning protects against some forms of man-in-the-middle attacks that even SSL encrypted traffic is vulnerable to. Not long ago, iOS did not allow for pinning but that may have changed more recently.

The developer of Cloak is extremely responsive to feedback and quick to answer questions or support requests.

Cloak can be set to not use the VPN on whitelisted WiFI SSIDs (like home/work).

Unlimited devices and data per account, so you can connect up the whole family or office on one account if you so choose.

LastPass keeps an encrypted copy of all passwords locally as well as an encrypted copy on their servers. That way, passwords can be accessed locally while offline, or through their server while online from any machine.

All common browsers, including Opera, have plugins that allow automatically filling in forms and generating passwords. All form fill information syncs across all platforms, devices and browsers. Password generator can be adjusted to use or exclude certain characters and patterns.

LastPass offers multiple multifactor authentication options, including Google Authenticator, Grid Multifactor Authentication, Microsoft Authenticator App, Toopher Authentication, Duo Security Authentication, Transakt Authentication, Sesame Multifactor Authentication, Smart Card Authentication and Yubikey Multifactor Authentication.

All the encryption and decryption is done by the client (JS/App) so even LastPass doesn't have access to passwords.

LastPass offers a free tier. The paid tier ($1/mo) adds unlimited use of LastPass mobile apps, more multifactor authentication options, ad-free and priority assistance and tools for locked-down computers.

LastPass alongside KeePassX are the only cloud-syncing password managers that work on Linux.

Firefox 2+ on Windows, Mac & Linux as well as Chrome 4+ on Windows and Linux support a portable version of LastPass. Great for securely accessing LastPass Vault from public or untrusted computers.

LastPass will check for re-used and unsafe passwords.

Since version 3.0 the LastPass interface is clean and easy to navigate on all platforms.

While many password managers require a standalone app to be installed on the system, LastPass does not and can function via browser plugins.

Some fingerprint readers, like TouchID on iOS devices or on Samsung devices, can be set up to be used to access LastPass instead of a master password.

LastPass allows sharing login data for a site with another user of LastPass without exposing the password. Great for allowing friends, family or coworkers access a site.

LastPass can dump the whole database as a .csv file or an encrypted file that can then be decrypted using LastPass Pocket as well as separately export Wi-Fi passwords and autofill information. Additional export options are available on a per-browser basis.

LastPass allows creating passwords for accessing the LastPass Vault that can only be used once. Great for accessing the Vault in public or untrusted places.

LastPass offers multifactor authentication via Yubikey.

LastPass is able to change your password automagically.

LastPass Pocket is a standalone personal database decrypter. It's a portable executable, meaning it does not need to be installed, that is used to decrypt a local encrypted copy of the password database.

Steve Gibson is a well established security researcher best know for his work with Apple and Atari systems as well as founding Gibson Research Corporation. He was given access to LastPass' source code and confirmed that it's safe to trust its security.

Lastpass has 256-bit AES encryption implemented in C++ and JavaScript with one-way salted hashes.

Via a clever use of bookmarklets, LastPass works on browsers that don't inherently support bookmarklets, like Opera or Safari on iOS.

LastPass can be set to notify if a user's credit report suddenly changes.

Can record the steps and use it to login to native Windows apps.