If you’re running IT for a UK business and trying to decide between LastPass and 1Password for your team, you’re weighing up two of the most established names in enterprise password management — but they’ve taken very different paths over the last few years. This comparison cuts through the marketing and looks at what actually matters for business deployments: admin control, security architecture, compliance readiness, and value for money. Both tools are widely used by UK SMBs and mid-market companies, but they’re not interchangeable. The right choice depends on your team’s size, your compliance obligations, and — frankly — how much the 2022 LastPass breach concerns you.
Quick Overview
LastPass has been in the enterprise password management space since 2008. It built its reputation on a powerful admin console, granular policy controls, and deep integrations with identity providers. For many IT admins, it was the default choice for years. 1Password launched around the same time but took a slower, more deliberate approach to enterprise features. It now offers a genuinely competitive business product with a clean modern interface and a security architecture that differs meaningfully from LastPass.
Before diving into the category-by-category breakdown, here’s a full feature comparison at a glance.
Feature Comparison Table
| Feature | LastPass Business | 1Password Business |
|---|---|---|
| Admin Console | Comprehensive, legacy-style UI with deep controls | Clean modern UI, slightly fewer legacy options |
| SSO / SAML | Yes (SAML 2.0, via MFA or standalone) | Yes (SAML 2.0 via Unlock with SSO) |
| SCIM Provisioning | Yes (Azure AD, Okta, OneLogin, Google) | Yes (Azure AD, Okta, OneLogin, Google, JumpCloud) |
| Audit Log | Yes — detailed event log with export | Yes — detailed event log with export |
| MFA Options | Extensive: TOTP, hardware keys, biometrics, grid | Strong: TOTP, hardware keys (YubiKey), biometrics |
| Emergency Access | Yes (user-to-user with time delay) | No native emergency access feature |
| Offline Access | Yes (encrypted local cache) | Yes (encrypted local cache) |
| Breach History | 2022 major breach (encrypted vaults stolen) | No significant breaches to date |
| UK Data Residency | No EU/UK-specific residency option on standard plans | No dedicated UK residency; EU hosting available on Enterprise |
| Price (per user/month, GBP approx.) | ~£4.00 (Teams), ~£5.50 (Business) | ~£6.00 (Teams), ~£7.50 (Business) |
Prices are approximate GBP equivalents based on published USD pricing at current exchange rates. Both tools bill annually. Confirm current pricing directly with each vendor.
Admin Console and Management Experience
For IT admins, the management console is where you’ll spend real time — provisioning users, enforcing policies, reviewing activity, and handling offboarding. This is an area where the two tools feel noticeably different.
LastPass has one of the most feature-rich admin consoles in the category. You get granular policy enforcement across folders, groups, and individual users. Shared folder permissions, password inheritance rules, country-level access restrictions, and detailed reporting have all been available for years. If you’re used to enterprise IT tooling, LastPass feels familiar and powerful — if occasionally cluttered.
1Password’s admin console has improved significantly. It’s cleaner, faster to navigate, and easier for less technical managers to use. Vaults replace folders as the primary organisation unit, and permissions work at the vault level. It’s logical and modern, but admins migrating from LastPass may find some legacy controls missing or handled differently. That said, for teams deploying fresh, 1Password’s admin experience is genuinely pleasant to use.
Category winner: LastPass — for depth of admin controls and feature maturity. 1Password wins on usability, but LastPass wins on breadth.
SSO, SCIM, and Identity Provider Integration
For any business using an identity provider — Azure Active Directory, Okta, Google Workspace — provisioning and single sign-on are non-negotiable requirements. Both tools handle this, but with different approaches.
LastPass supports SAML 2.0 SSO and can be configured so that users log in via their IdP without needing a separate LastPass master password. SCIM provisioning is available for all major providers. The implementation is mature and well-documented, though configuration can require careful attention to get right.
1Password’s approach uses a feature called Unlock with SSO, which allows users to authenticate with their IdP to unlock 1Password. The security model here is worth understanding: 1Password uses a Secret Key in addition to the master password, which adds a layer of security but means the SSO flow is slightly different to a pure SAML implementation. SCIM provisioning works well and supports a broader list of IdPs including JumpCloud, which is increasingly popular with UK SMBs that have moved away from on-premise Active Directory.
Category winner: Draw — both tools deliver solid SSO and SCIM. 1Password’s broader IdP support is a slight edge; LastPass’s more familiar SAML flow is easier to explain to stakeholders.
MFA and Authentication Options
Multi-factor authentication for the password manager itself is a layer of defence that often gets overlooked. Both tools support the main MFA methods you’d expect.
LastPass has historically offered one of the widest ranges of MFA options: authenticator apps (TOTP), hardware security keys (FIDO2/WebAuthn), biometric unlock, and even SMS (not recommended, but available). LastPass Authenticator is a standalone app that can handle MFA for both LastPass and other services, which some teams find convenient.
1Password’s MFA options are strong and security-focused: TOTP via any authenticator app, YubiKey and other FIDO2 hardware keys, and biometric unlock on mobile and desktop. 1Password doesn’t offer SMS as an MFA option — which is arguably a feature, not a limitation, given that SMS is the weakest form of second factor.
Category winner: 1Password — not because it offers more options, but because it defaults to stronger options and doesn’t offer security theatre like SMS MFA.
Audit Logging and Compliance Readiness
UK businesses operating under ISO 27001, Cyber Essentials Plus, or GDPR data handling obligations need to be able to demonstrate access controls and audit trails. Both tools provide event logging, but there are differences worth noting.
LastPass provides a detailed event log covering logins, policy changes, shared folder access, admin actions, and more. Logs can be exported and, on Business plans, sent to a SIEM via syslog or API. This makes it feasible to include LastPass events in a centralised security monitoring setup.
1Password also provides detailed audit logs with similar coverage. Its Events API allows log export to SIEMs. The log format and the Events API are both well-documented, and 1Password has published compliance documentation for SOC 2 Type II and is increasingly used in environments with formal information security management requirements.
For a deeper look at how password managers stack up against ISO 27001 controls, see our guide: Password Managers and ISO 27001 Compliance.
Category winner: Draw — both tools provide what you need for audit and compliance purposes. LastPass’s syslog integration is marginally better for legacy SIEM environments; 1Password’s Events API is cleaner for modern tooling.
The Breach Question: LastPass 2022
This section won’t be comfortable reading for LastPass advocates, and as someone who uses LastPass myself, I’m not going to pretend it didn’t happen. In 2022, LastPass confirmed that threat actors had exfiltrated encrypted vault data along with metadata including website URLs, usernames, and billing information. The encrypted vault contents — if using a strong, unique master password — remain protected by AES-256 encryption. However, the metadata exposure (which sites you use) is a genuine intelligence leak, and the handling of the disclosure was widely criticised for being slow and incomplete.
LastPass has since made architectural changes and published a detailed security roadmap. The platform is not inherently broken, and millions of businesses continue to use it. But the breach established something important: the centralised knowledge-based authentication model — where the master password alone protects your vault — carries risk if the backend infrastructure is compromised.
1Password’s architecture differs in one key respect: the Secret Key. Every 1Password account requires both a master password and a 128-bit Secret Key to decrypt the vault. The Secret Key is never transmitted to 1Password’s servers — it exists only on your enrolled devices. This means that even if 1Password’s servers were breached in the same way, stolen vault data would be computationally useless without the Secret Key. 1Password has not had a comparable breach.
This isn’t marketing spin — it’s a meaningful architectural difference that enterprises evaluating these tools should factor into their risk assessments. If you’re making a fresh choice today, the security architecture argument favours 1Password. If you’re already using LastPass and have changed your master password since the breach, the practical risk is likely low — but the architectural difference remains.
Category winner: 1Password — the Secret Key model provides materially stronger protection against server-side compromise.
Pricing: GBP Comparison
Both tools use per-user, per-month pricing billed annually, which makes budget forecasting straightforward. Pricing below is approximate GBP equivalent based on published USD rates.
- LastPass Teams (up to 50 users): approximately £4.00 per user/month
- LastPass Business (unlimited users, full admin features): approximately £5.50 per user/month
- 1Password Teams (up to 10 users): approximately £6.00 per user/month
- 1Password Business (unlimited users, full admin features): approximately £7.50 per user/month
LastPass is meaningfully cheaper — roughly 25–30% less expensive per user on comparable plans. For a 50-person team, that’s a difference of around £900–£1,200 per year. That’s not trivial for an SMB, and it’s a legitimate reason to choose LastPass if budget is a constraint and you’re comfortable with the security trade-offs.
1Password offers a 14-day free trial and LastPass has a 14-day trial for Business. Both tools offer volume discounts for larger deployments — worth negotiating if you’re above 100 users.
Category winner: LastPass — materially lower price point with no meaningful reduction in day-to-day functionality.
Emergency Access and Account Recovery
What happens when an employee leaves suddenly, loses access to their device, or is incapacitated? This is an area where LastPass has a clear advantage that often goes unmentioned in comparisons.
LastPass includes an Emergency Access feature that allows a designated individual to request access to another user’s vault. The account holder can set a waiting period (during which they can deny the request), after which access is granted. This is particularly useful for small businesses where a single person may hold critical credentials.
1Password does not have a native emergency access feature. Access recovery in 1Password relies on admin-level vault access (you can recover company vaults) and the Secret Key recovery process for personal vaults. For shared business vaults this is manageable, but personal vault contents that a departing employee stored privately are effectively inaccessible without their cooperation.
Category winner: LastPass — the emergency access feature is a genuine operational advantage for small teams.
End User Experience
Password managers only work if employees actually use them. Both tools have solid browser extensions and mobile apps, but the end user experience differs in feel.
LastPass’s browser extension is functional and widely familiar. The autofill is reliable, the vault UI is well-established, and most users can self-onboard without IT intervention. Some users find the interface dated compared to newer tools.
1Password’s apps and extensions are generally regarded as among the best-designed in the category. The interface is clean, the autofill is quick, and the native desktop apps on Mac and Windows are well-maintained. User satisfaction scores for 1Password tend to be higher, which matters for adoption.
Category winner: 1Password — better-designed apps lead to higher adoption rates, which is ultimately what a password manager deployment is trying to achieve.
UK Data Residency
Data residency is increasingly relevant for UK businesses post-Brexit, particularly those under sector-specific regulations or with clients who ask about data location.
Neither tool offers a UK-specific data residency option on standard plans. LastPass stores data in the US. 1Password offers EU data hosting on Enterprise plans, which covers GDPR adequacy purposes but is not UK-specific. For most UK SMBs, this will not be a deciding factor — both vendors are covered under standard international data transfer mechanisms — but it’s worth noting if you have specific contractual data location requirements.
Category winner: Draw — neither tool provides a UK data residency option; 1Password’s EU option on Enterprise is a slight advantage for compliance documentation purposes.
Verdict: Which Should Your Team Choose?
Both LastPass and 1Password are credible enterprise password managers with real businesses relying on them daily. But they’re not the same product, and the right choice depends on your specific situation.
For a broader view of where these tools sit in the market, see our roundup of the best password managers for UK businesses in 2026. For deeper dives, read our full LastPass Business review and 1Password Business review.
Choose LastPass Business if:
- Budget is a genuine constraint and you need to keep per-user costs down
- You need the emergency access feature for small teams or key-person risk scenarios
- You’re replacing an existing LastPass deployment and re-migration costs outweigh security architecture concerns
- Your IT admin is experienced with LastPass and the admin console’s depth is genuinely used
- You’ve assessed the 2022 breach, changed master passwords, and made a considered risk decision to remain
Choose 1Password Business if:
- You’re deploying a password manager for the first time and have no migration burden
- Security architecture is a priority and the Secret Key model provides meaningful reassurance to your board or clients
- End user adoption is a concern — better-designed apps drive better uptake
- You use JumpCloud or want a broader SCIM provider selection
- You’re building toward ISO 27001 certification or have formal infosec requirements where a clean breach history matters
As someone who uses LastPass personally, I’ll be direct: if I were deploying a password manager for a new business team today, I would choose 1Password. The security architecture is stronger, the apps are better, and the breach-free track record matters. The price difference is real but not prohibitive for most businesses. LastPass remains a solid tool and a reasonable choice if you’re already embedded in it, but for a clean-start deployment, 1Password is the more defensible decision.
