LastPass Enterprise Room for Improvement

Mark Wight
ICT Manager at Onefortyone
Anyone that has access to LastPass can change a password and we want the admins to be notified that the password has been changed. The reason we want that functionality is if for some reason someone digs up their credentials and gets into LastPass and they go and change some of our passwords, we want to know straight away that someone's changed these passwords. There are a couple of other things that didn't go very well. When we wanted to do a restore of one folder on one computer, we went to the company and asked for restore and they couldn't do it. The only person who can do the restore is the one that creates the account. If you add an admin later, they couldn't do the restore. We didn't like that. The first time we had to restore and we couldn't do it we obviously weren't that impressed. There are ways around that. We do our manual backup, put it on an encrypted USB drive and put it in a safe once a month. We've got our own backup solution to that and that works quite well. I also don't like the add-in for Internet Explorer and Google Chrome, because when you do the add-in, you can actually save that to your credentials in your IE, and the problem is, if I left my screen open, or any of the IT people leave their screen open someone could come up and access all their credentials in LastPass without having to put a password in within your own network. I don't like that functionality. We've banned that from any of our staff adding that as an add-in because we see that as a security risk. View full review »
Luis Enrique
Network Engineer at a tech services company with 1-10 employees
From a technical standpoint, it's working great. I don't see many issues. One thing I wish LastPass had is an integration with Active Directory, not for synchronizing users but to actually manage, in some way, privileged accounts by replacing the password of LastPass itself. Also, at the moment, for the whole company, we are going to use software called Passportal. The main reason is the synchronization of the automation of password changes. That is really important. I know LastPass can change them for 75-plus websites if they don't have two-factor identification. If they do have two-factor identification, you cannot change them. In case of an emergency, there's no one-click button to change your password. View full review »
Privacy9786
Privacy-by design blockchain based legal and IT practices: Founder with self employed
The current version has problems when it comes to their "security challenge", which is a feature that automatically changes unsafe passwords for you. My advice, for the present, is to do it yourself. Unfortunately, leaving it to the responsibility of the software tends to hang, and even crash on some web sites. Specifically, if you already have two-factor authentication enabled on that website then it is a nightmare. Certainly, you should have two-factor authentication, so this needs to be fixed. I would estimate that it works half of the time. In terms of additional features, I would like to see an improvement in the LastPass Authenticator. There has to be a more transparent way to retrieve the second-factor authentication key. The first time you do it you get a QR code, and I know that you can recover and reinstall it because LastPass does a backup. However, if you need it install it on another device such as a colleague's phone, then you need to have that device physically with you at the time. Otherwise, you need to cancel the setup and use both phones to actually scan the QR code. There is no other way to retrieve the secret key. I believe that there are other solutions that handle this, but I work around it by putting that key into a LastPass secure note. It is a cumbersome way to do it, so I would like to see this improved. Visually speaking, I would like to see a better ordering of the passwords. I understand that there is a search function, but there are no tabs to easily classify them. Similarly, you cannot customize the layout to better find what you are looking for. From the user's perspective, when you have a lot of passwords, the search feature works but I would like it to be more customizable. View full review »
SrMgrGlo768f
Senior Manager, Global Service Desk at a tech vendor with 1,001-5,000 employees
The biggest thing is there is no good way to have LastPass rotate passwords without human intervention. Right now, we have to go into each folder, then rotate and manually update each password. It can be done it by loading a bunch of passwords into a spreadsheet, but this makes the whole process insecure because then the passwords have been noted into a spreadsheet which have to be upload. We have to go into 40 to 50 applications and manually update passwords, because we don't view their solution of writing a bunch of passwords on a spreadsheet, then uploading them as a secure solution. This should be done internally within LastPass. This would be a huge win, as this is the one place where I don't feel like they are enterprise ready, and we are using a work around for something that they should have. It is not super feature laden. It does not stand out versus the competition. View full review »
SystemAdcfd8
System Administrator at a tech services company with 51-200 employees
There is no group inheritance. The management through the plugin is poor. It consumes tons of client resources especially as an administrator. The plugin crashes from time to time. URL recognition is difficult especially when adding new credentials, LastPass saves the Account creation url. Also when resetting a password, Lastpass recognizes the password change, great, but it also adds the password reset URL to the site. So when using the plugin and navigating to the saved url, you always end up in the password reset URL of the respective service. As well you need to double check the settings. You have 3 options (hide passwords, read only, administrator) but when sharing a folder with a group or user, the check boxes randomly change, so you need to open the share settings again to check the checkboxes. All passwords can be read if you are familiar with input fields and their manipulation. This is something LastPass might not be responsible but there must be an implementation if the input field is not "Password" that it does not fill in then password. Further more there are several websites with Javascript features in the password field like "show pass" or other fancy features which overlay the Lastpass plugin and deny the Lastpuss button in the input field to be used. The search is poor, got better with the recent update for chrome browsers. credentials are not sorted by letter. You cant share single credentials out of a folder to individuals. So either you extract the single entry into a new folder and share it with former group and single person or you share the whole folder to the user. This makes it a bit messy and having in mind that the plugin is really really slow you rather want to have fixed folders with fixed groups on the folder and add indivduals in the enterprise panel --> groups section. With the limitations mentioned you end up with almost same amount of groups as users in your account. View full review »
Engineere89a
Engineering at a comms service provider with 10,001+ employees
The customization features lack in the console, such as giving the users a little bit more customization as far as what kind of Multi-Factor Authentication (MFA) they want to set up. I would like to be able to reduce the log out time of the session. Maybe a way to customize when the user session logs them out automatically, so it can be set to thirty or ninety seconds before it logs out. View full review »
Assistanea19
Assistant Director of Technology Support at a university with 1,001-5,000 employees
I'm pretty happy with it, and it just needs to keep up with the current security threats. I think it does that reasonably well. View full review »
SocManageff5
SOC Manager at a retailer with 5,001-10,000 employees
* It needs more flexibility/functionality around making enterprise changes. * It needs more granular admin capabilities for a global distributed company. * The ability to set up an account expiration limit/date would be very useful. View full review »

Sign Up with Email