How can I tell if my website visitors are using LastPass or other password managers?

Is there any way of identifying whether or not my visitors are using one of these plugins and how best to support it?

By far the best way to support password managers is to use normal <form> tags and a normal form. If you don't do anything clever, then the password manager will do its job.


Users can install LastPass as a browser plugin. Thus you can rely on client side scripting languages to check if LastPass is installed.

For instance, using NavigatorPlugins.plugins allows you to get the a PluginArray object, listing the plugins installed in the application:

function getLastPassVersion() {
  var lastpass = navigator.plugins['LastPass'];
  if (lastpass === undefined) {
    // LastPass is not present
    return undefined;
  return lastpass.version;

Note also that what you are asking for is commonly implemented and used by browser fingerprinting technologies.

Most of these password managers are browser plugin based and work by populating the form fields and triggering a form submission as if the ueer pressed the submit button, to the server it appears as a normal form submission, no way to tell if it coming from a password manager.