Please share with the community what you think needs improvement with LastPass Enterprise.
What are its weaknesses? What would you like to see changed in a future version?
LastPass has a problem syncing the passwords to all of the users. This is our biggest problem and we are currently looking for another solution because of this. When you make changes, and you want the user to immediately have these changes, that is not the case with LastPass. The changes are not immediate. Technical support should be quicker and more helpful. With the next release of this solution, I would like to see reports. As an example, It would be helpful to know how many users have access to which applications. At this time, I cannot evaluate if an account has been used or not, or what accounts have been used in the last month or within the last year.
I'm pretty happy with it, and it just needs to keep up with the current security threats. I think it does that reasonably well.
The customization features lack in the console, such as giving the users a little bit more customization as far as what kind of Multi-Factor Authentication (MFA) they want to set up. I would like to be able to reduce the log out time of the session. Maybe a way to customize when the user session logs them out automatically, so it can be set to thirty or ninety seconds before it logs out.
The current version has problems when it comes to their "security challenge", which is a feature that automatically changes unsafe passwords for you. My advice, for the present, is to do it yourself. Unfortunately, leaving it to the responsibility of the software tends to hang, and even crash on some web sites. Specifically, if you already have two-factor authentication enabled on that website then it is a nightmare. Certainly, you should have two-factor authentication, so this needs to be fixed. I would estimate that it works half of the time. In terms of additional features, I would like to see an improvement in the LastPass Authenticator. There has to be a more transparent way to retrieve the second-factor authentication key. The first time you do it you get a QR code, and I know that you can recover and reinstall it because LastPass does a backup. However, if you need it install it on another device such as a colleague's phone, then you need to have that device physically with you at the time. Otherwise, you need to cancel the setup and use both phones to actually scan the QR code. There is no other way to retrieve the secret key. I believe that there are other solutions that handle this, but I work around it by putting that key into a LastPass secure note. It is a cumbersome way to do it, so I would like to see this improved. Visually speaking, I would like to see a better ordering of the passwords. I understand that there is a search function, but there are no tabs to easily classify them. Similarly, you cannot customize the layout to better find what you are looking for. From the user's perspective, when you have a lot of passwords, the search feature works but I would like it to be more customizable.
Anyone that has access to LastPass can change a password and we want the admins to be notified that the password has been changed. The reason we want that functionality is if for some reason someone digs up their credentials and gets into LastPass and they go and change some of our passwords, we want to know straight away that someone's changed these passwords. There are a couple of other things that didn't go very well. When we wanted to do a restore of one folder on one computer, we went to the company and asked for restore and they couldn't do it. The only person who can do the restore is the one that creates the account. If you add an admin later, they couldn't do the restore. We didn't like that. The first time we had to restore and we couldn't do it we obviously weren't that impressed. There are ways around that. We do our manual backup, put it on an encrypted USB drive and put it in a safe once a month. We've got our own backup solution to that and that works quite well. I also don't like the add-in for Internet Explorer and Google Chrome, because when you do the add-in, you can actually save that to your credentials in your IE, and the problem is, if I left my screen open, or any of the IT people leave their screen open someone could come up and access all their credentials in LastPass without having to put a password in within your own network. I don't like that functionality. We've banned that from any of our staff adding that as an add-in because we see that as a security risk.
The biggest thing is there is no good way to have LastPass rotate passwords without human intervention. Right now, we have to go into each folder, then rotate and manually update each password. It can be done it by loading a bunch of passwords into a spreadsheet, but this makes the whole process insecure because then the passwords have been noted into a spreadsheet which have to be upload. We have to go into 40 to 50 applications and manually update passwords, because we don't view their solution of writing a bunch of passwords on a spreadsheet, then uploading them as a secure solution. This should be done internally within LastPass. This would be a huge win, as this is the one place where I don't feel like they are enterprise ready, and we are using a work around for something that they should have. It is not super feature laden. It does not stand out versus the competition.
From a technical standpoint, it's working great. I don't see many issues. One thing I wish LastPass had is an integration with Active Directory, not for synchronizing users but to actually manage, in some way, privileged accounts by replacing the password of LastPass itself. Also, at the moment, for the whole company, we are going to use software called Passportal. The main reason is the synchronization of the automation of password changes. That is really important. I know LastPass can change them for 75-plus websites if they don't have two-factor identification. If they do have two-factor identification, you cannot change them. In case of an emergency, there's no one-click button to change your password.
* It needs more flexibility/functionality around making enterprise changes. * It needs more granular admin capabilities for a global distributed company. * The ability to set up an account expiration limit/date would be very useful.