LastPass and Proton Pass both show up on every "best password manager for teams" list, and they sit in genuinely different parts of the market. LastPass is mature product with full enterprise breadth but real trust damage from the late-2022 vault-backup breach. Proton Pass, by contrast, is proton AG's password manager — Swiss-jurisdiction, open-source clients, full enterprise identity at a low per-seat price, with the rest of the Proton suite available as a bundle.
This comparison is written for the people actually making the call: founders, IT leads and ops folk at startups, agencies and small teams. No affiliate rankings, no "best of" filler — just the trade-offs that matter once more than one person touches the vault.
Quick verdict
Pick LastPass if teams already on lastpass who've accepted the post-breach model. Competent product, real brand damage from the 2022 breach.
Pick Proton Pass if privacy-conscious teams or anyone already on the proton ecosystem. Open-source clients, Swiss jurisdiction, SSO + SCIM at $4.49/user. Server stays closed.
Both are zero-knowledge and both have a defensible recent security story. The choice is almost never about cryptography — it's about collaboration model, governance, and how much per seat per month you want to spend.
Team pricing at a glance
| Feature | LastPass | Proton Pass |
|---|---|---|
| Smallest team planAll prices USD, billed annually unless noted. Verify on vendor sites before buying. | Teams: from ~$4/user/mo | Pass Essentials: $1.99/user/mo (min 3 users) |
| Next tier for growing teams | Business: from ~$7/user/mo | Pass Professional: $4.49/user/mo · Workspace Standard $12.99/user/mo (full Proton suite) |
| Free tier available | Yes (1 device type only) | |
| SSO (SAML / OIDC) | Business / add-on | Pass Professional (SAML) |
| SCIM provisioning | Business and above | Pass Professional (Okta, Entra ID) |
Collaboration model
| Feature | LastPass | Proton Pass |
|---|---|---|
| Shared vaults / collections | ||
| Per-item permissions | Vault-level roles; per-item sharing | |
| External / one-time secure share | Limited | Yes — secure links (paid) |
| Group-based sharing | Pass Professional and above | |
| Activity / audit log | Pass Professional and above |
Security & transparency
| Feature | LastPass | Proton Pass |
|---|---|---|
| Zero-knowledge end-to-end encryption | ||
| Cipher | AES-256-CBC | AES-256-GCM (per-item keys) |
| Key derivation | PBKDF2-SHA256 (iterations raised post-2022) | bcrypt + SRP (Argon2 for local cache) |
| Open-source clients | Clients only (GPL-3.0) | |
| Self-hosting option | ||
| Published independent audit | Cure53 (2023), Recurity Labs (2026) | |
| Publicly disclosed vault breach | Yes — Aug & Nov 2022 (encrypted vault backups exfiltrated) | No customer vault breach |
Pricing for teams: where the real difference is
LastPass sits in the ~$4/user/mo Teams range and ~$7/user/mo Business range, with SSO bundled on Business or sold as an add-on. Plan structure has shifted more than once — confirm before buying.
Pass Essentials is $1.99/user/month (min 3 users), Professional adds SSO/SCIM/audit logs at $4.49/user. Workspace Standard at $12.99/user bundles Mail, Drive, Calendar, VPN and Pass Professional — competitive if you'd buy any of those anyway.
For a fast-growing team, the slope matters as much as the starting price. Model it at the size you actually expect to be in 12 months — not the size you are today.
How teams actually share credentials
LastPass. Shared folders with per-user/per-item permissions, RBAC and policy controls — solid feature breadth, plainer one-time external sharing than 1Password or Bitwarden.
Proton Pass. Vault sharing (with any Proton account), per-item sharing via individual item keys, secure links and group sharing on Professional. No anonymous external sharing — recipients must have a Proton account.
The everyday question is: when a contractor joins on Monday and leaves on Friday, how much work is it to give them access to exactly the credentials they need, watch what they touched, and revoke cleanly? That's where the daylight between these two shows up.
Security architecture
LastPass. LastPass uses AES-256-CBC with PBKDF2-SHA256; default iteration counts were raised after the 2022 incident in which encrypted vault backups were exfiltrated. The cipher held, but a vault leaving the vendor's environment remains the headline trust concern.
Proton Pass. All client code is open source under GPL-3.0 with per-item AES-256-GCM keys and bcrypt + SRP for user authentication. Two published audits (Cure53 2023, Recurity Labs 2026) and Swiss-jurisdiction hosting underpin the trust story; the server stays closed source.
If you're forced to choose on cryptography alone, modern AEAD ciphers (AES-GCM, XChaCha20-Poly1305) paired with a memory-hard KDF (Argon2id) are the bar. Both vendors are inside that range; the harder differences are open-source posture, audit history, and whether you can self-host.
Admin & governance for teams
Both products support some flavour of role-based access, forgotten-password recovery, and audit logging on the right tier. Where they diverge is on the boring-but-critical stuff: SSO, SCIM provisioning, and whether group policies can keep up with how your team actually grows.
SSO tier: LastPass — Business / add-on; Proton Pass — Pass Professional (SAML). SCIM tier: LastPass — Business and above; Proton Pass — Pass Professional (Okta, Entra ID).
If Okta, Entra ID or Google Workspace SSO is non-negotiable from day one, factor the tier price into the per-seat number — it's often the thing that flips the cheaper-on-paper option into the more expensive real-world bill.
LastPass
Pros
- Mature browser extension and form-fill
- Established enterprise feature set (SSO, directory sync, policies)
- Familiar to many users already
- Improved security posture post-2022 (raised KDF iterations, infra changes)
Cons
- 2022 breach exfiltrated encrypted customer vault backups — trust cost is real
- Free tier limited to one device type
- Closed source — auditability depends on third-party reports
- No self-hosting option
Proton Pass
Pros
- All client code open source under GPL-3.0
- Encrypts metadata (URLs, usernames, notes) — not just passwords
- SSO + SCIM at $4.49/user, well below Bitwarden Enterprise
- Swiss jurisdiction and strong privacy posture; bundled with Mail/VPN on Workspace plans
Cons
- Server is closed source — no self-hosting
- Vault-level permission model is less granular than 1Password
- External sharing requires recipient to have a Proton account
- Newer product (launched 2023) — smaller enterprise case-study base
A third option worth considering
Both LastPass and Proton Pass carry baggage when the conversation turns to trust — one because of the 2022 vault-backup incident, the other because of how much of its security story you're asked to take on faith. Pwdly took the opposite path: a documented zero-knowledge architecture, modern ciphers, and an honest list of what we don't do.
- Per-project vaults. Most teams don't share "everything with everyone" — they share by client, repo or product. Pwdly makes that the primary unit, not an afterthought folder.
- $2/user/month, flat. No seat-count cliff, no SSO upsell on the cheapest paid plan. See the full pricing.
- XChaCha20-Poly1305 + Argon2id under the hood. The cipher explainer walks through why those defaults matter.
- Trade-offs we own. No breach monitoring (we literally can't read your data), no self-hosting yet, no browser extension on day one. The security page has the honest list.
If the lesson you took from the last few years is "read the architecture, not the marketing", Pwdly is built to be read that way.
Frequently asked questions
Is LastPass or Proton Pass better for a small team?
LastPass fits best when teams already on lastpass who've accepted the post-breach model, while Proton Pass is the stronger choice when privacy-conscious teams or anyone already on the proton ecosystem. Model both at the seat count you expect in 12 months — the cheaper option at 5 seats isn't always the cheaper option at 25.
Which has stronger encryption — LastPass or Proton Pass?
LastPass uses AES-256-CBC with PBKDF2-SHA256 (iterations raised post-2022). Proton Pass uses AES-256-GCM (per-item keys) with bcrypt + SRP (Argon2 for local cache). Both are zero-knowledge. In practice the cipher choice is rarely the differentiator — KDF (Argon2id vs PBKDF2), open-source clients, and audit history matter more.
Does either support SSO and SCIM on the cheapest team plan?
LastPass: SSO Business / add-on, SCIM Business and above. Proton Pass: SSO Pass Professional (SAML), SCIM Pass Professional (Okta, Entra ID). If SSO is non-negotiable, price it on the tier that includes it, not the entry tier.
Has either vendor had a vault breach?
LastPass: Yes — Aug & Nov 2022 (encrypted vault backups exfiltrated). Proton Pass: No customer vault breach. A clean record isn't a guarantee, but a known prior incident materially raises the cost of trust.
Keep comparing
- 1Password vs BitwardenTeam-focused, vendor-neutral breakdown.
- LastPass vs BitwardenTeam-focused, vendor-neutral breakdown.
- 1Password vs DashlaneTeam-focused, vendor-neutral breakdown.
- 1Password vs LastPassTeam-focused, vendor-neutral breakdown.
- Bitwarden vs DashlaneTeam-focused, vendor-neutral breakdown.
- Dashlane vs LastPassTeam-focused, vendor-neutral breakdown.
Also worth a read: The XChaCha20-Poly1305 explainer, our security model, and the free password generator.
Sources & further reading
- LastPass — Pricing
- LastPass — Incident disclosures (Aug & Nov 2022)
- LastPass — PBKDF2 iteration update
- Proton Pass — Business pricing
- Proton Pass — Security model
- Proton Pass — Cure53 audit (2023, PDF)
- Proton Pass — Recurity Labs audit (2026)
- Proton Pass — GitHub
Worth fact-checking
- Vendor pricing for both LastPass and Proton Pass has changed more than once in the past 24 months — verify on the official site before purchasing.
- SSO / SCIM tier inclusion can change between plans; confirm with vendor sales for your exact seat count.
Last updated May 2026. Vendor pricing and features change frequently — always confirm on the official site before purchasing. Pwdly is not affiliated with 1Password, Bitwarden, LastPass, or Dashlane.