The advantages of a secure password management tool are plentiful: you can have a complex password that is unique for every web site and application you use. You minimise the risk any individual one will be breached, and should that happen, your credentials will only work for that one site or application and do not compromise you anywhere else.
For IT departments the problem is compounded. You’re not only worried about your own password and personal security; you’re worried about all your users and their security, you’re worried about the company’s data and reputation in the event of a breach, and you’re worried about how to influence change and positive disciplines in a way that doesn’t cause users to revolt lamenting how IT is a hindrance, writing passwords down on post-its stuck to their monitor, with the company owner complaining how hard you are making life. Oh, the struggle is real … which led me to taking LastPass Enterprise for a try.
LastPass is the combination of apps and browser plug-ins coupled with cloud-hosting using secure encryption. Unlike KeePass, say, which stores your data locally, LastPass has the advantage of making your latest information available across all your devices with no manual synchronisation effort. By using encryption you can be confident your data is not exposed should LastPass itself be breached.
Individual plans begin at $0/month - that is, free, meaning there is no barrier to entry and really no reason why you shouldn’t be using a password manager like LastPass. From here you can move up to premium individual accounts, family, business and enterprise accounts with varying feature enhancements, shared user access, and other items.
Still, that’s a one-off event. Once logged into LastPass its power and functionality becomes evident. This includes a vast range of multi factor authentication options, including biometrics, applications, even a Salesforce connector for the enterprise. You can specify trusted devices, sites you never wish LastPass to offer to save or fill-in password details for, to specify domains which are functionally equivalent and LastPass can apply the same credentials between, and other actions.
You can store your passwords, and generate new passwords, for any website or application - of course, and while there, you can add secure notes relating to any web site or application you use.
For enterprise users, LastPass brings a vast array of features like Azure Active Directory and Okta integration, company-wide policy and password compliance rules, reports, user groups and roles and an API to allow automated user setup and provisioning.
Security is comprehensive, with SOC 2 Type 1 compliance and AES-256 encryption over TLS, and the system operates out of multiple geo-distributed facilities to handle load and redundancy.
Administrators can push sites to user’s LastPass accounts with pre-filled in details, meaning you can set credentials in advance to help users out, even where they do not know the credentials themselves. Of course, they can log in to LastPass and review their credentials, but it does mean administrators can create highly-secure, rather than simple but easily remembered, passwords for new starters from the onset.
LastPass provides an online manual you can read even before signing up and provides an extensive range of browser plugins and apps to cover Windows, OS X, Linux, Android, iOS and Windows Phone.
Rolling out LastPass in your organisation, coupled with desktop, smartphone and browser integration, and with single sign-on whether through Active Directory or other, and with policies, administrator tools and user groups and roles are all tremendous things to set your users on a secure path without the typical hassles of remembering and writing-down passwords; this is the opportunity to make complex password management non-complex in its achievement and execution, letting IT departments sleep at night - and the board also, providing a great deal of risk mitigation around the very vital area of security.
If your company is seeking a password management solution or is experiencing resistance in implementing a password policy, you’d do well to give LastPass’s enterprise features a trial.