Cloak vs LastPass

SSL pinning protects against some forms of man-in-the-middle attacks that even SSL encrypted traffic is vulnerable to. Not long ago, iOS did not allow for pinning but that may have changed more recently.

The developer of Cloak is extremely responsive to feedback and quick to answer questions or support requests.

Cloak can be set to not use the VPN on whitelisted WiFI SSIDs (like home/work).

Unlimited devices and data per account, so you can connect up the whole family or office on one account if you so choose.

LastPass keeps an encrypted copy of all passwords locally as well as an encrypted copy on their servers. That way, passwords can be accessed locally while offline, or through their server while online from any machine.

All the encryption and decryption is done by the client (JS/App) so even LastPass doesn't have access to passwords.

All common browsers, including Opera, have plugins that allow automatically filling in forms and generating passwords. All form fill information syncs across all platforms, devices and browsers. Password generator can be adjusted to use or exclude certain characters and patterns.

LastPass will check for re-used and unsafe passwords.

LastPass offers multiple multifactor authentication options, including Google Authenticator, Grid Multifactor Authentication, Microsoft Authenticator App, Toopher Authentication, Duo Security Authentication, Transakt Authentication, Sesame Multifactor Authentication, Smart Card Authentication and Yubikey Multifactor Authentication.

Some fingerprint readers, like TouchID on iOS, Samsung, Sony Xperia, or LG Mobile devices, can be set up to be used to access LastPass instead of a master password.

LastPass allows sharing login data for a site with another user of LastPass without exposing the password. Great for allowing friends, family or coworkers access a site.

Since version 3.0 the LastPass interface is clean and easy to navigate on all platforms.

Firefox 2+ on Windows, Mac & Linux as well as Chrome 4+ on Windows and Linux support a portable version of LastPass. Great for securely accessing LastPass Vault from public or untrusted computers.

LastPass alongside KeePassX are the only cloud-syncing password managers that work on Linux.

While many password managers require a standalone app to be installed on the system, LastPass does not and can function via browser plugins.

Lastpass has 256-bit AES encryption implemented in C++ and JavaScript with one-way salted hashes.

LastPass is able to change your password automagically.

Gives score based on password use and strength. Score is bad on other LastPass users and denotes where you fall in that group.

LastPass can dump the whole database as a .csv file or an encrypted file that can then be decrypted using LastPass Pocket as well as separately export Wi-Fi passwords and autofill information. Additional export options are available on a per-browser basis.

LastPass allows creating passwords for accessing the LastPass Vault that can only be used once. Great for accessing the Vault in public or untrusted places.

LastPass offers multifactor authentication via Yubikey.

Steve Gibson is a well established security researcher best know for his work with Apple and Atari systems as well as founding Gibson Research Corporation. He was given access to LastPass' source code and confirmed that it's safe to trust its security.

LastPass Pocket is a standalone personal database decrypter. It's a portable executable, meaning it does not need to be installed, that is used to decrypt a local encrypted copy of the password database.

Fills in passwords in android apps without loading into LastPass directly.

Via a clever use of bookmarklets, LastPass works on browsers that don't inherently support bookmarklets, like Opera or Safari on iOS.

LastPass can be set to notify if a user's credit report suddenly changes.

A large amount of features for the free version.

Can record the steps and use it to login to native Windows apps.

Along with apple’s own key manager, LastPass is the only password manager on iOS with full, complete, subsystem access.
Fill passwords in any web browser
Full passwords in most apps