LastPass Enterprise Review

YubiKey ensures that if my LastPass password is compromised, nobody has access to my password vault


What is our primary use case?

My primary use case is related to the sharing of passwords with other members of the team. This includes the secure notes feature for very sensitive encryption information, as well as passwords for logging in.

How has it helped my organization?

This product has given us the ability to share passwords, which allows for redundancy in a secure, trusted environment. By redundancy, I am referring to the ability for different people to securely access sensitive information.

It is our sole, authorized password manager.

What is most valuable?

I found the most valuable feature the support of the YubiKey. The capability of utilizing this hardware key was what led me to choose this product over anything else. This ensures that even if my LastPass password is compromised, nobody has access to my password vault. This gives me peace of mind.

What needs improvement?

The current version has problems when it comes to their "security challenge", which is a feature that automatically changes unsafe passwords for you. My advice, for the present, is to do it yourself. Unfortunately, leaving it to the responsibility of the software tends to hang, and even crash on some web sites.

Specifically, if you already have two-factor authentication enabled on that website then it is a nightmare. Certainly, you should have two-factor authentication, so this needs to be fixed. I would estimate that it works half of the time.

In terms of additional features, I would like to see an improvement in the LastPass Authenticator. There has to be a more transparent way to retrieve the second-factor authentication key. 

The first time you do it you get a QR code, and I know that you can recover and reinstall it because LastPass does a backup. However, if you need it install it on another device such as a colleague's phone, then you need to have that device physically with you at the time. Otherwise, you need to cancel the setup and use both phones to actually scan the QR code. There is no other way to retrieve the secret key.

I believe that there are other solutions that handle this, but I work around it by putting that key into a LastPass secure note. It is a cumbersome way to do it, so I would like to see this improved.

Visually speaking, I would like to see a better ordering of the passwords. I understand that there is a search function, but there are no tabs to easily classify them. Similarly, you cannot customize the layout to better find what you are looking for. From the user's perspective, when you have a lot of passwords, the search feature works but I would like it to be more customizable.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

The stability of this product is better than all of the other ones that I have tried.

What do I think about the scalability of the solution?

The future scalability for this product is good, but it doesn't feel like a modern, single sign-on as it should. Right now we have two products; there is the password manager and there is the authenticator app. Ideally, these should be fully integrated and support better handling of two-factor authentication or any other authenticator data.

How are customer service and technical support?

We have had no need to contact their technical support.

If you previously used a different solution, which one did you use and why did you switch?

Prior to LastPass we used the KeePass Password Safe, which came bundled with our antivirus security solution. We switched because of the security key. I wanted that feature more than the two-factor authentication because it is an extremely strong, physical device that is used to lock down LastPass.

How was the initial setup?

The initial setup for this process is straightforward and extremely easy. It just works. As an example, the importing of passwords from Google Chrome works very well.

What about the implementation team?

We took care of the deployment and installation ourselves. It was done physically at each machine; so, for example, on each person's laptop. We currently have five people using this solution, and a single person can maintain it. We have a second person with master access for the sake of redundancy.

What's my experience with pricing, setup cost, and licensing?

In terms of pricing, my feeling is that they are all roughly the same. LastPass is in line with its competitors, plus or minute a dollar or two per month.

Personally, I was quite insensitive with respect to pricing. I was more concerned with the reputation of the company and the friendliness of the interface, or the way the product has been designed. 

We have an annual subscription that we access and update directly on their website.

Which other solutions did I evaluate?

I have evaluated several password managers including Norton Password Manager, KeePass Password Safe, Dashlane, and OneLogin. The LastPass solution is the best one that I have tried.

The OneLogin solution comes to mind, as it has been hacked in the past. Because we cannot review or audit their code, we need to trust that they will make changes and update their product accordingly. There is always a worry, however, that something could go wrong. I am most comfortable with LastPass because of the support for the hardware security key.

Dashlane is a good solution, but I do not like the way it looks.

What other advice do I have?

I have known LastPass for so long that it feels natural. That said, I have some advice with respect to using it.

First, it has to be secured with a security key. Next, ensure that you master the password sharing features. Finally, I suggest disabling the form fields because it tends to over-interpret what it should be doing. I prefer to have more control than that.

The secure notes feature is very important, so be sure to familiarize yourself with it.

I would rate this product eight and a half out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
See it in Action

Start a Free 14 Day Trial

Add a Comment
Guest
Sign Up with Email