We just raised a $30M Series A: Read our story

LastPass Business OverviewUNIXBusinessApplication

LastPass Business is the #7 ranked solution in our list of top Enterprise Password Managers. It is most often compared to Microsoft Azure Key Vault: LastPass Business vs Microsoft Azure Key Vault

What is LastPass Business?

LastPass Business is a best-in-class password manager. With LastPass, you can protect your business from cyber-threats, without compromising ease of use. LastPass empowers employees to generate, secure, and share credentials seamlessly, while providing valuable insight and control to Admins and ensuring protection through LastPass’ zero-knowledge security infrastructure. Gain additional access and authentication features, such as single sign-on (SSO) for simplified access to cloud applications and multi-factor authentication (MFA) that secures the LastPass vault and single sign-on applications.

LastPass Business is also known as LastPass Enterprise.

Buyer's Guide

Download the Single Sign-On (SSO) Buyer's Guide including reviews and more. Updated: September 2021

LastPass Business Customers

Deakin University, Duke University, Code.org, Influitive, PeopleKeys, SMA Technologies, Skynamo

LastPass Business Video

Archived LastPass Business Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
NB
Assistant Director of Technology Support at a university with 1,001-5,000 employees
Real User
Enables us to secure, store and easily retrieve passwords

Pros and Cons

  • "It's improved security; we don't have to worry about people storing password loosely and secure them."

    What is our primary use case?

    Our primary use case is for password security.

    How has it helped my organization?

    It's improved security; we don't have to worry about people storing password loosely and securing them.

    What is most valuable?

    The most valuable feature is the ability to secure, store and easily retrieve passwords.

    What needs improvement?

    I'm pretty happy with it, and it just needs to keep up with the current security threats. I think it does that reasonably well.

    What do I think about the stability of the solution?

    It's very stable; we've had no issues. We had other products before that were very unstable, and we lost some password information.

    How are customer service and technical support?

    Tech support is excellent. 

    Which solution did I use previously and why did I switch?

    We have password security throughout the organization. A small group of people used infected apps. Everyone was using it differently. Some people weren't using anything to store and secure their data, which is very vulnerable. We used a variety of things, Symantec was one of the big ones that people use as far as a single use application on iPhones to better store passwords.

    How was the initial setup?

    The initial setup was straightforward. It was pretty much "plug and play," easy to pick up. I think we only had one or two training sessions for our staff.

    What's my experience with pricing, setup cost, and licensing?

    Licensing costs are annual.

    Which other solutions did I evaluate?

    We were looking at Symantec. We are a Symantec client, that's why we are looking at them, but we felt LastPass offered more significant value for the money.  

    What other advice do I have?

    On a scale of one to ten, I would rate LastPass either an eight or a nine because it's beneficial for us and it checked all the security audit boxes.

    We are talking about substantial organizations here. If you're tiny, then you can get away with a more straightforward setup.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    BD
    Engineering at a comms service provider with 10,001+ employees
    Real User
    Keeps our enterprise more private and secure, but lacks customization in the console

    Pros and Cons

    • "The most valuable feature is the liberty of keeping encrypted passwords and elevated information in a sealed vault."
    • "I would like to be able to reduce the log out time of the session."

    What is our primary use case?

    Our primary use case for this solution is to store the encrypted credentials, passwords, and login information for our administrative accounts. We have a lot of elevated accounts in our organization, and we needed a way to consolidate all of our user's passwords, encryption keys, etc.

    How has it helped my organization?

    It's kept our enterprise, specifically our internal organization, more private and secure. It keeps everything encrypted, including our user's passwords.

    What is most valuable?

    The most valuable feature is the liberty of keeping encrypted passwords and elevated information in a sealed vault.

    What needs improvement?

    The customization features lack in the console, such as giving the users a little bit more customization as far as what kind of Multi-Factor Authentication (MFA) they want to set up.

    I would like to be able to reduce the log out time of the session. Maybe a way to customize when the user session logs them out automatically, so it can be set to thirty or ninety seconds before it logs out.

    What do I think about the stability of the solution?

    When you log in to access the credentials, the environment in LastPass seems to be stable enough for us to retrieve those passwords and for others to do their work on a daily basis.

    What do I think about the scalability of the solution?

    As our users grow in the company, we have the ability to scale with LastPass.

    How are customer service and technical support?

    We have not used their technical support.

    How was the initial setup?

    The initial setup was very straightforward, and there were no complaints. It was easy to use right out of the box.

    What about the implementation team?

    We used a consultant for the deployment.

    What's my experience with pricing, setup cost, and licensing?

    The subscription model is rated at a fair price.

    What other advice do I have?

    I would recommend this product to a colleague or a coworker, either within the company or at a different company. This is based on how easy it is to use, and that the subscription is a fair price.

    I would rate this solution a seven out of ten.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Find out what your peers are saying about LogMeIn, Keeper, OneLogin and others in Single Sign-On (SSO). Updated: September 2021.
    540,984 professionals have used our research since 2012.
    DL
    Founder & CEO: Cybersecurity legal Practice at a legal firm with 1-10 employees
    Real User
    YubiKey ensures that if my LastPass password is compromised, nobody has access to my password vault

    Pros and Cons

    • "The initial setup for this process is straightforward and extremely easy. It just works."
    • "Right now we have two products; there is the password manager and there is the authenticator app. Ideally, these should be fully integrated and support better handling of two-factor authentication or any other authenticator data."

    What is our primary use case?

    My primary use case is related to the sharing of passwords with other members of the team. This includes the secure notes feature for very sensitive encryption information, as well as passwords for logging in.

    How has it helped my organization?

    This product has given us the ability to share passwords, which allows for redundancy in a secure, trusted environment. By redundancy, I am referring to the ability for different people to securely access sensitive information.

    It is our sole, authorized password manager.

    What is most valuable?

    I found the most valuable feature the support of the YubiKey. The capability of utilizing this hardware key was what led me to choose this product over anything else. This ensures that even if my LastPass password is compromised, nobody has access to my password vault. This gives me peace of mind.

    What needs improvement?

    The current version has problems when it comes to their "security challenge", which is a feature that automatically changes unsafe passwords for you. My advice, for the present, is to do it yourself. Unfortunately, leaving it to the responsibility of the software tends to hang, and even crash on some web sites.

    Specifically, if you already have two-factor authentication enabled on that website then it is a nightmare. Certainly, you should have two-factor authentication, so this needs to be fixed. I would estimate that it works half of the time.

    In terms of additional features, I would like to see an improvement in the LastPass Authenticator. There has to be a more transparent way to retrieve the second-factor authentication key. 

    The first time you do it you get a QR code, and I know that you can recover and reinstall it because LastPass does a backup. However, if you need it install it on another device such as a colleague's phone, then you need to have that device physically with you at the time. Otherwise, you need to cancel the setup and use both phones to actually scan the QR code. There is no other way to retrieve the secret key.

    I believe that there are other solutions that handle this, but I work around it by putting that key into a LastPass secure note. It is a cumbersome way to do it, so I would like to see this improved.

    Visually speaking, I would like to see a better ordering of the passwords. I understand that there is a search function, but there are no tabs to easily classify them. Similarly, you cannot customize the layout to better find what you are looking for. From the user's perspective, when you have a lot of passwords, the search feature works but I would like it to be more customizable.

    For how long have I used the solution?

    One to three years.

    What do I think about the stability of the solution?

    The stability of this product is better than all of the other ones that I have tried.

    What do I think about the scalability of the solution?

    The future scalability for this product is good, but it doesn't feel like a modern, single sign-on as it should. Right now we have two products; there is the password manager and there is the authenticator app. Ideally, these should be fully integrated and support better handling of two-factor authentication or any other authenticator data.

    How are customer service and technical support?

    We have had no need to contact their technical support.

    Which solution did I use previously and why did I switch?

    Prior to LastPass we used the KeePass Password Safe, which came bundled with our antivirus security solution. We switched because of the security key. I wanted that feature more than the two-factor authentication because it is an extremely strong, physical device that is used to lock down LastPass.

    How was the initial setup?

    The initial setup for this process is straightforward and extremely easy. It just works. As an example, the importing of passwords from Google Chrome works very well.

    What about the implementation team?

    We took care of the deployment and installation ourselves. It was done physically at each machine; so, for example, on each person's laptop. We currently have five people using this solution, and a single person can maintain it. We have a second person with master access for the sake of redundancy.

    What's my experience with pricing, setup cost, and licensing?

    In terms of pricing, my feeling is that they are all roughly the same. LastPass is in line with its competitors, plus or minute a dollar or two per month.

    Personally, I was quite insensitive with respect to pricing. I was more concerned with the reputation of the company and the friendliness of the interface, or the way the product has been designed. 

    We have an annual subscription that we access and update directly on their website.

    Which other solutions did I evaluate?

    I have evaluated several password managers including Norton Password Manager, KeePass Password Safe, Dashlane, and OneLogin. The LastPass solution is the best one that I have tried.

    The OneLogin solution comes to mind, as it has been hacked in the past. Because we cannot review or audit their code, we need to trust that they will make changes and update their product accordingly. There is always a worry, however, that something could go wrong. I am most comfortable with LastPass because of the support for the hardware security key.

    Dashlane is a good solution, but I do not like the way it looks.

    What other advice do I have?

    I have known LastPass for so long that it feels natural. That said, I have some advice with respect to using it.

    First, it has to be secured with a security key. Next, ensure that you master the password sharing features. Finally, I suggest disabling the form fields because it tends to over-interpret what it should be doing. I prefer to have more control than that.

    The secure notes feature is very important, so be sure to familiarize yourself with it.

    I would rate this product eight and a half out of ten.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Luis  Enrique
    Network Engineer at a tech services company with 1-10 employees
    Real User
    Dashboard with a security score, along with the Security Challenge, are great features

    Pros and Cons

    • "Until now, I haven't found anything like the dashboard. It gives you a security score. I find that to be really great. The Sharing Center is really great as well. And the Security Challenge is really great too."
    • "One thing I wish LastPass had is an integration with Active Directory, not for synchronizing users but to actually manage, in some way, privileged accounts by replacing the password of LastPass itself."

    What is our primary use case?

    Primary use case is to manage passwords and synchronize passwords for accounts, between the users that have permission to access those accounts.

    How has it helped my organization?

    If you have a password manager, there's improvement for the organization, of course. For the users themselves, they're using more complicated passwords; no more having the same password everywhere. And to access the Vault, you need two-factor identification: a master password and the two-factor. And all of this is encrypted. So security has increased. For those who are using it in the organization, it has improved their security for sure.

    What is most valuable?

    • Until now, I haven't found anything like the dashboard. It gives you a security score. I find that to be really great.
    • The Sharing Center is really great as well.
    • The Security Challenge is really great too. I like that feature.

    What needs improvement?

    From a technical standpoint, it's working great. I don't see many issues. One thing I wish LastPass had is an integration with Active Directory, not for synchronizing users but to actually manage, in some way, privileged accounts by replacing the password of LastPass itself.

    Also, at the moment, for the whole company, we are going to use software called Passportal. The main reason is the synchronization of the automation of password changes. That is really important. I know LastPass can change them for 75-plus websites if they don't have two-factor identification. If they do have two-factor identification, you cannot change them. In case of an emergency, there's no one-click button to change your password.

    For how long have I used the solution?

    Three to five years.

    What do I think about the stability of the solution?

    Until now, I haven't experienced any instability with LastPass. I have used LastPass myself for the last three to five years. For the company, I implemented it about five to six months ago.

    What do I think about the scalability of the solution?

    I don't think there is an issue with scalability. But if your going on an Enterprise Environment where you would like more Advanced option for an Enterprise Password Management solutions Like for example Automatic Password Import(in Remote Desktop, and other in house Applications) so the users don't have a way to copy the password and see it, Automatic Password Replacement ( For Example in case of Emergency Replace all passwords because of Rogue Engineer  or after an Engineer uses a password for an immediate password replacement, User Session Recording for Administrator when there using an administrator password and allot more. 

    How are customer service and technical support?

    My only concern up until now is the communication, especially since this is for work. They do respond but sometimes, if you want to get in contact with somebody, it's really difficult when it comes to LastPass.

    For example, I started LastPass Enterprise and I tried to contact sales or a contact person. For me to actually get in touch with somebody was really difficult. I even tried to give my name and email and they told me they would get back in contact with me. At first, I thought it may be something with my email domain, that maybe something about LastPass was dropping my emails. Then I started using my live domain email. Even so, I didn't receive any contact. So, my experience with LastPass is that it's a great solution, but when it comes to communication and support, it has been tough.

    When it comes to opening a ticket, they do respond within one day. But, for immediate contact, no. It was crazy, especially in the beginning because I was so enthusiastic, I wanted to start right away. I tried for three weeks to a month to contact sales because I had many questions. It got so crazy that for me to actually get in contact with LastPass I even called LogMeIn to see if they could find a way to transfer me to LastPass.

    LastPass is a great solution, but, because of the communication, I didn't actually start it as a solution for our enterprise business. That's why it has been only for four to five users.

    How was the initial setup?

    It was one of the easiest for implementing passwords. You can sync it with Active Directory. There were certain sites that I couldn't sync it with and I needed to input a password manually but it was really straightforward. Their interface is really easy to understand. It's not too difficult.

    It took less than one day to get everybody onboard, the five people using it. It was really easy. The only thing they needed to do was import some passwords that they had and change some passwords.

    What about the implementation team?

    I did it myself.

    What's my experience with pricing, setup cost, and licensing?

    This is the best Pricing you will get a for Password Management solutions.

    Which other solutions did I evaluate?

    I have been involved with many password managers. Passportal, Secret Server, CyberArk, and BeyondTrust. I chose LastPass for our organization because of the pricing. The organization didn't want to implement something really expensive. LastPass, for what it's offering, for the price at which it's offering the service, is unbeatable.

    The licensing for LastPass is straightforward.

    What other advice do I have?

    If you're looking for a password management solution that can hold your passwords and share passwords among employees, one that is cloud-based - and even without the internet you can still access passwords - and if you need a solution that that has the best price for the best product, LastPass is the one. But if you're a person who works in IT who wants to put passwords in privileged accounts and manage them with automation and everything that an enterprise password manager is required to do, LastPass is not the solution for you. You have to search for something else.

    In our organization, the roles of the LastPass users are just below executive level. Their decisions, and what they do, can influence the company. They manage LastPass themselves. In the Sharing Center is the Shared folder. If somebody is going to change a password, they need permission to do so. In our case, they all have permission to change a password. If a password is changed, it's changed. That's it. I don't really see the need for a person to maintain LastPass.

    The two main reasons my company cannot move to LastPass are because of the synchronization issue and the poor communication.

    I rate LastPass at eight out of ten. It offers everything you need for a password management solution. The con that makes it less than a ten is the communication with support and sales. Normally, you just contact sales at a company and you can reach them easily, to start gathering information, to talk with them about your plan and, sometimes, to get a demo, based on your plan. I didn't have that with LastPass.

    Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    MW
    ICT Manager at Onefortyone
    Real User
    Enables us to secure our passwords and to share them internally with contractors

    Pros and Cons

    • "It's always hard to put a value on return on investment. You avoid one breach and it's paid for a million times over. We got a penetration test company internally, just to see how secure our network is, and there happened to be one bit of software that had been overlooked by an external company that managed it. It hadn't been upgraded so that managed to get them into the network. They would've been able to access through the test thing a file that we had previously. If that was a real-life scenario they would have been able to get into our network and get full access to our organization's passwords. If they did get in, they would have gotten access to the cloud. The ROI we see is that we are completely secured compared to what we had previously where there was a vulnerability."
    • "I also don't like the add-in for Internet Explorer and Google Chrome, because when you do the add-in, you can actually save that to your credentials in your IE, and the problem is, if I left my screen open, or any of the IT people leave their screen open someone could come up and access all their credentials in LastPass without having to put a password in within your own network. I don't like that functionality. We've banned that from any of our staff adding that as an add-in because we see that as a security risk."

    What is our primary use case?

    Our primary use case is to share passwords internally to contractors. It's for the security of our passwords.

    How has it helped my organization?

    Previously, we used to use an Excel spreadsheet internally. It didn't have a password on it. If we did get compromised by a cyber attack, people could actually gain access to all our passwords. Whereas, what LastPass does is, it locks it down. If you go to the spreadsheet, you see every password but if you go into LastPass, you don't actually see the passwords right in front of your eyes, it's quite good from that aspect. It also allows you to share passwords. You set groups up and only give people access to certain stuff, whereas on our Excel sheet, everyone who had access to that sheet, all the IT staff, could see passwords that they really didn't deal with, or didn't need access to. Now, we can split between our database people: to our network engineers, to our application support; they've all got different requirements for different passwords, so we can segregate it quite nicely.

    What is most valuable?

    There are some alerting features in it that are quite good, like multifactor authentication. In general, it's a good product. It's rich in features and it does the job. You can invite contractors in and share it both internally and externally with set groups.

    What needs improvement?

    Anyone that has access to LastPass can change a password and we want the admins to be notified that the password has been changed. The reason we want that functionality is if for some reason someone digs up their credentials and gets into LastPass and they go and change some of our passwords, we want to know straight away that someone's changed these passwords. 

    There are a couple of other things that didn't go very well. When we wanted to do a restore of one folder on one computer, we went to the company and asked for restore and they couldn't do it. The only person who can do the restore is the one that creates the account. If you add an admin later, they couldn't do the restore. We didn't like that. The first time we had to restore and we couldn't do it we obviously weren't that impressed. There are ways around that. We do our manual backup, put it on an encrypted USB drive and put it in a safe once a month. We've got our own backup solution to that and that works quite well. 

    I also don't like the add-in for Internet Explorer and Google Chrome, because when you do the add-in, you can actually save that to your credentials in your IE, and the problem is, if I left my screen open, or any of the IT people leave their screen open someone could come up and access all their credentials in LastPass without having to put a password in within your own network. I don't like that functionality. We've banned that from any of our staff adding that as an add-in because we see that as a security risk.

    What do I think about the stability of the solution?

    We haven't had any problems with it. We did have one little glitch that happened when you had a look at the security, it showed the security multiple times, the same security twice. That might have been an issue with the screen or compatibility in what we're looking at it in, but apart from that, it was fine. It might have just been a compatibility issue with Internet Explorer or whatever we were accessing at the time. 

    How are customer service and technical support?

    Their technical support was very good. They generally respond via email, or they log into their service desk, and they generally post stuff up there that comes in the email to say there's been an update to a certain request. You log in and you see what the update is and you respond. I think they're overseas, so it generally does take a couple of hours to respond, and that's generally in the early hours of the morning. It would be better if they were in Australia and we got a response in the middle of the day. We deal with all different service providers and their response is more than adequate for what our requirements are.

    How was the initial setup?

    The initial setup was quite simple. It meets requirements and it was quite easy to put in. The structure is quite easy to understand and the way the security works. You could do it in a couple of hours if you really wanted to. The majority of our time was really working out how we wanted to do the security and coming to an agreement on that, which made it take longer.

    It doesn't require much maintenance. Once you've got it set up it just pretty much self manages itself.

    What about the implementation team?

    We deployed it ourselves. 

    What was our ROI?

    It's always hard to put a value on return on investment. You avoid one breach and it's paid for a million times over. We got a penetration test company internally, just to see how secure our network is, and there happened to be one bit of software that had been overlooked by an external company that managed it. It hadn't been upgraded so that managed to get them into the network. They would've been able to access through the test thing a file that we had previously. If that was a real-life scenario they would have been able to get into our network and get full access to our organization's passwords. If they did get in, they would have gotten access to the cloud. The ROI we see is that we are completely secured compared to what we had previously where there was a vulnerability.

    What's my experience with pricing, setup cost, and licensing?

    LastPass was cheap as chips. It was very cheap, hence one of the reasons we went with it.  If you're a small organization and you're after something that'll do 90% of your requirements, it's very good.

    Licensing and all that was really cheap and simple to understand.

    Which other solutions did I evaluate?

    I also use KeePass.

    What other advice do I have?

    I would advise someone considering this or a similar solution to look at all of the key functionalities and see what you really need. If you're a small organization looking for a solution that will work but may not have the bells and whistles, LastPass is definitely for you. If you're a bigger organization and you want a lot more functionality and the bells and whistles, if you are willing to pay for it you can get it. It's really what suits you as an organization. You just need to determine what your functionality is and you go with that solution, because if I was a smaller organization we definitely would stick with LastPass. It does the job.

    I would rate LastPass an eight out of ten. It's a good product. There are a few little functionality improvements that could raise it to that next level.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    CP
    Senior Manager, Global Service Desk at a tech vendor with 1,001-5,000 employees
    Real User
    This product helps keep us secure. There is no way to rotate passwords without human intervention.

    Pros and Cons

    • "The stability has been rock solid. A couple of years ago, they were breached. However, if you had two-factor authentication enabled, it didn't affect you. We did, so it has been good."
    • "This product helps keep us secure."
    • "Tech support has been good. We haven't needed it much, because it is not a complex application. There is not that much you have to do with it."
    • "It is not super feature laden. It does not stand out versus the competition."
    • "The biggest thing is there is no good way to have LastPass rotate passwords without human intervention. Right now, we have to go into each folder, then rotate and manually update each password. It can be done it by loading a bunch of passwords into a spreadsheet, but this makes the whole process insecure because then the passwords have been noted into a spreadsheet which have to be upload. We have to go into 40 to 50 applications and manually update passwords, because we don't view their solution of writing a bunch of passwords on a spreadsheet, then uploading them as a secure solution. This should be done internally within LastPass."

    What is our primary use case?

    We use it internally as a password vault for all of our core enterprise admin passwords. It is a storage vault.

    How has it helped my organization?

    It provides us the ability to create different levels of access for different teams. We can create a profile for a service desk person versus an application administrator versus an IT manager, so we can have access to different applications provisioned. Therefore, the password changing process isn't as onerous.

    What needs improvement?

    The biggest thing is there is no good way to have LastPass rotate passwords without human intervention. Right now, we have to go into each folder, then rotate and manually update each password. It can be done it by loading a bunch of passwords into a spreadsheet, but this makes the whole process insecure because then the passwords have been noted into a spreadsheet which have to be upload. We have to go into 40 to 50 applications and manually update passwords, because we don't view their solution of writing a bunch of passwords on a spreadsheet, then uploading them as a secure solution. This should be done internally within LastPass. This would be a huge win, as this is the one place where I don't feel like they are enterprise ready, and we are using a work around for something that they should have.

    It is not super feature laden. It does not stand out versus the competition.

    For how long have I used the solution?

    Three to five years.

    What do I think about the stability of the solution?

    The stability has been rock solid. A couple of years ago, they were breached. However, if you had two-factor authentication enabled, it didn't affect you. We did, so it has been good.

    What do I think about the scalability of the solution?

    Scalability needs work from LastPass. However, there is no plan to scale up or down from our company. It is just on an as needed basis.

    How is customer service and technical support?

    LastPass has been bounced around a bit. They are now owned by LogMeIn, so we have had a little bit of a challenge keeping track of who our account manager has been. We have found this to be confusing sometimes. You pick up the phone not knowing if you are looking for LogMeIn or LastPass. At one point, we had LogMeIn services here, so I was contacting the wrong account rep, and it took about a week to figure out who the right account rep was. So, that's a little wonky. It would be nice if they could consolidate their systems, so their customers have one view of the overarching company.

    Tech support has been good. We haven't needed it much, because it is not a complex application. There is not that much you have to do with it. 

    What was our ROI?

    We have not seen any ROI. Security is funny though. You don't see ROI unless you are breached. This product helps keep us secure.

    What's my experience with pricing, setup cost, and licensing?

    It would be nice to do a quarterly true-up process with them versus having to buy 50 licenses at a time when we realize we're out, then we have to buy more. So far, they have been nice about letting us exceed our allotment and just letting us true-up on our own, but a more robust quarterly true-up process would be good.

    The pricing and licensing are okay. Basically, at the last contract negotiation, they attempted to jack the rate up and we just said, "No." We still did negotiations with them, but they bumped everything up quite a bit. 

    I understand that we are old clients and were paying an older rate, but it was something that we would never do to one of our customers. We would work with a customer to move them up to the new standard rate, but not all in one year. Therefore, we were miffed at how much they wanted to bump up the price right away.

    They came back and were reasonable in the end. However, it was all sort of shocking.

    Which other solutions did I evaluate?

    We evaluated 1Password and LastPass. 

    I don't know the major differences between the two companies. I don't use 1Password, although it looks pretty cool. I know people that swear by 1Password. I know others that say LastPass is better because LastPass has never been breached if you have two-factor authentication. I think that the reason that we use LastPass instead of 1Password is because whoever started the initial setup was familiar with LastPass.

    We keep checking back with LastPass to see if they have the password resets enabled, and they don't. If 1Password, ever does this, go use them.

    What other advice do I have?

    Make sure you have two-factor authentication enabled.

    Not everyone in the company uses LastPass because a license is required. We have half to two-thirds of the company on it. The people on the company primarily using it are either in IT or production operations.

    We are SOC 2 compliant. Thus, we have to be able to demonstrate that we are pretty well locked down.

    We don't need staff to maintain it. The two biggest things with it are ordering more licenses and rotating passwords when someone leaves the organization.

    Most important criteria when selecting a vendor: 

    • SOC 2 compliance 
    • Uptime 
    • SLAs
    • Terms of service 
    • Indemnity
    • Functionality.
    Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    JL
    Co-Founder at a consultancy with 51-200 employees
    Real User
    The ability to autofill/hide passwords is good for security, but cost is a concern

    Pros and Cons

    • "The shared folders is an important feature. It's the primary feature we use. Also, the ability for LastPass to autofill and hide the passwords, so we don't have to keep changing passwords every time a person leaves, is valuable."
    • "Scalability is fine, no issues with that, especially now that they have added different user-level permissions. That has made it a lot easier to delegate out certain features to have other people do."
    • "We have issues from time to time where, for some reason, it just keeps auto logging-out the user and then, the next day, they'll come in and it will work just fine."

    What is our primary use case?

    The primary use for our LastPass solution is that we have a lot of shared accounts that we have our employees use.

    How has it helped my organization?

    It definitely has allowed us to manage the passwords a lot better. From a security standpoint, we don't have to worry about changing passwords every time one person leaves. That is a big improvement in our productivity.

    What is most valuable?

    The shared folders is an important feature. It's the primary feature we use. Also, the ability for LastPass to autofill and hide the passwords, so we don't have to keep changing passwords every time a person leaves, is valuable. 

    For how long have I used the solution?

    Three to five years.

    What do I think about the stability of the solution?

    We have issues from time to time where, for some reason, it just keeps auto logging-out the user and then, the next day, they'll come in and it will work just fine. We have had some weird issues with that.

    What do I think about the scalability of the solution?

    Scalability is fine, no issues with that, especially now that they have added different user-level permissions. That has made it a lot easier to delegate out certain features to have other people do.

    How are customer service and technical support?

    I've rarely contacted their tech support, so I don't really have any feedback on it.

    Which solution did I use previously and why did I switch?

    We did not have a previous solution for our business.

    How was the initial setup?

    It was really straightforward to set up.

    What was our ROI?

    ROI is a hard thing to quantify. It definitely saves us a lot of time. I know for sure that it's worth the value of the license price we are currently paying, but that's why we have to reevaluate it with the price doubling.

    What's my experience with pricing, setup cost, and licensing?

    The previous pricing was of good value. I don't really know, as of now, whether the new pricing is. The Enterprise license is $48 per license per year now. That is a steep increase of $24, which is what it was when we first signed up.

    We have roughly 200 licenses so that double price definitely adds up pretty quickly.

    Which other solutions did I evaluate?

    We pretty much evaluated all of the solutions we needed, and because I'm a personal user of LastPass it was really easy to choose it.

    We evaluated 1Password and things like it. Because we've been using LastPass for a few years now, I don't recall all of the others. But, honestly, we'll probably have to reevaluate options once our contract is up, due to the fact that LastPass did increase its price. It's double what it was two years ago, which is quite a steep increase.

    What other advice do I have?

    The big pro is it was one of the only ones, when I looked two years ago, that had the ability to hide passwords and autofill them, from different users. That's the big feature we've needed. That's why we went with LastPass.

    I would rate it about seven out of 10. It has a lot of good features. But being the most expensive on the market definitely does not make it the best of the best, or the prime. If it had the best features and the best price, or a competitive price, it would be great. But LastPass is now probably the most expensive enterprise password manager on the market, so it's hard to give it a higher rating. But it does have a lot of good features.

    Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    it_user882720
    SOC Manager at a retailer with 5,001-10,000 employees
    Real User
    Reduction in number of sensitive passwords stored insecurely on local systems

    Pros and Cons

    • "Reduction in number of sensitive passwords stored insecurely on local systems."
    • "Increased security around password management for teams and collaborative efforts with external vendors."
    • "The ability to set up an account expiration limit/date would be very useful."
    • "Our biggest issue over the years was around the stability of the LDAP sync to AD."

    What is our primary use case?

    Our primary use case is for enterprise password management.

    How has it helped my organization?

    • It increased security around password management for teams and collaborative efforts with external vendors. 
    • A reduction in the number of sensitive passwords stored insecurely on our local systems.

    What is most valuable?

    For our company:

    • Enterprise admin console
    • Reporting
    • Integration with Active Directory

    What needs improvement?

    • It needs more flexibility/functionality around making enterprise changes. 
    • It needs more granular admin capabilities for a global distributed company. 
    • The ability to set up an account expiration limit/date would be very useful.

    For how long have I used the solution?

    Three to five years.

    What do I think about the stability of the solution?

    We have had some issues, such as our 'security score bug' and various minor issues. Our biggest issue over the years was around the stability of the LDAP sync to AD. This now seems to have been largely resolved.

    What do I think about the scalability of the solution?

    There are some challenges around global administration.

    How are customer service and technical support?

    Technical support is generally pretty good, but they are not easy get on the phone with quickly.

    Which solution did I use previously and why did I switch?

    We did not previously have an enterprise solution. Various groups used ad hoc systems.

    How was the initial setup?

    The initial setup was fairly straightforward.

    What's my experience with pricing, setup cost, and licensing?

    You do not have to purchase licenses for your entire organization. You can scale as adoption grows.

    Which other solutions did I evaluate?

    We did not evaluate other solutions.

    What other advice do I have?

    You should make sure you know what you are doing before you sync with AD, or you could have a mess on your hands to clean up.

    Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    it_user608778
    System Administrator at a tech services company with 51-200 employees
    Consultant
    It consumes tons of client resources, especially as an administrator.

    Pros and Cons

    • "Off-boarding of people is easy without changing shared account passwords."
    • "The management through the plugin is poor. It consumes tons of client resources especially as an administrator."

    What is our primary use case?

    Primary usage is password management and sharing of credentials.

    What is most valuable?

    • Sharing passwords
    • Deactivating users
    • Controlling company logins
    • Import existing credentials from different file formats.

    How has it helped my organization?

    Off-boarding of people is easy without changing shared account passwords.

    Sharing Passwords with new employees for quick onboardings.

    What needs improvement?

    There is no group inheritance.
    The management through the plugin is poor. It consumes tons of client resources especially as an administrator.
    The plugin crashes from time to time.
    URL recognition is difficult especially when adding new credentials, LastPass saves the Account creation url. Also when resetting a password, Lastpass recognizes the password change, great, but it also adds the password reset URL to the site. So when using the plugin and navigating to the saved url, you always end up in the password reset URL of the respective service.
    As well you need to double check the settings. You have 3 options (hide passwords, read only, administrator) but when sharing a folder with a group or user, the check boxes randomly change, so you need to open the share settings again to check the checkboxes.
    All passwords can be read if you are familiar with input fields and their manipulation. This is something LastPass might not be responsible but there must be an implementation if the input field is not "Password" that it does not fill in then password.
    Further more there are several websites with Javascript features in the password field like "show pass" or other fancy features which overlay the Lastpass plugin and deny the Lastpuss button in the input field to be used.
    The search is poor, got better with the recent update for chrome browsers.
    credentials are not sorted by letter.
    You cant share single credentials out of a folder to individuals. So either you extract the single entry into a new folder and share it with former group and single person or you share the whole folder to the user. This makes it a bit messy and having in mind that the plugin is really really slow you rather want to have fixed folders with fixed groups on the folder and add indivduals in the enterprise panel --> groups section. With the limitations mentioned you end up with almost same amount of groups as users in your account.

    For how long have I used the solution?

    We have been using this service for two and a half years now.

    What was my experience with deployment of the solution?

    Updates for browsers are not as regular as security issues arise.

    What do I think about the stability of the solution?

    We have had stability issues several times.

    What do I think about the scalability of the solution?

    The more credentials you have the slower this app is.

    How are customer service and technical support?

    Support answers quickly when enterprise customers call/write. Solutions are sometimes poor and un-reproducible. For example, they ask if you can logoff, login, or restart your computer which have no effect on the error reported. As well there are problems with shared credentials not available to allowed shared users and also available to not allowed users. After filing a ticket, magically it is solved without any feedback from support why this happened. This makes it really dangerous if you trust this software and by accident recognize on a client machine that the user has access to credentials which shouldnt be in the vault of the user.

    Which solution did I use previously and why did I switch?

    We used keepass before.

    Why we switched: Because we believed in feature and usage improvement, as well as more credential control.

    How was the initial setup?

    The installation was not at all straightforward. Naming is hard, URL recognition is painful, and auto-fill is freaking people out. Imagine you have 100 different logins for Google (Adwords, Analytics, personal, merchant), and LastPass always fills out the first match, based on the URL.

    What about the implementation team?

    Inhouse.

    What's my experience with pricing, setup cost, and licensing?

    If you import from sources like XML, keepass, CSV files be sure to clean the import files, this reduces the adjustments in the slow tool itself. So take some extra effort to have clean files when moving to LastPass otherwise you end up manipulating each individual entry.

    Which other solutions did I evaluate?

    We have not evaluated other options, we were more or less early adopters and haven't tried other solutions.

    What other advice do I have?

    Consider picking another solution.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Buyer's Guide
    Download our free Single Sign-On (SSO) Report and find out what your peers are saying about LogMeIn, Keeper, OneLogin, and more!
    Quick Links