Sunday, 17 December 2017 22:05

Review - LastPass Enterprise password management


A secure password manager is a necessity in today’s online world and really ought to be part of each person’s basic “cyber hygiene” routine. This is especially so for business.

The advantages of a secure password management tool are plentiful: you can have a complex password that is unique for every web site and application you use. You minimise the risk any individual one will be breached, and should that happen, your credentials will only work for that one site or application and do not compromise you anywhere else.

For IT departments the problem is compounded. You’re not only worried about your own password and personal security; you’re worried about all your users and their security, you’re worried about the company’s data and reputation in the event of a breach, and you’re worried about how to influence change and positive disciplines in a way that doesn’t cause users to revolt lamenting how IT is a hindrance, writing passwords down on post-its stuck to their monitor, with the company owner complaining how hard you are making life. Oh, the struggle is real … which led me to taking LastPass Enterprise for a try.

LastPass is the combination of apps and browser plug-ins coupled with cloud-hosting using secure encryption. Unlike KeePass, say, which stores your data locally, LastPass has the advantage of making your latest information available across all your devices with no manual synchronisation effort. By using encryption you can be confident your data is not exposed should LastPass itself be breached.

Individual plans begin at $0/month - that is, free, meaning there is no barrier to entry and really no reason why you shouldn’t be using a password manager like LastPass. From here you can move up to premium individual accounts, family, business and enterprise accounts with varying feature enhancements, shared user access, and other items.

Creating an account is easy enough - just click to sign up and enter your email address, though the next steps from here seemed mildly repetitive: I received an email asking me to verify my email address - as I should. Clicking this caused LastPass to ask me to enter a master password - again, as it should. However, the page warned me I would lose all my existing (encrypted) data if I changed my password. Yet, I wasn’t changing my password, I was setting it for the first time. Then, after setting my password, I logged in for the first time - and was then asked to change my password. I couldn’t set it to be the same as my last password, that is, the one I had only just set right then and there. It was a curious, and mildly frustrating, first experience.

Still, that’s a one-off event. Once logged into LastPass its power and functionality becomes evident. This includes a vast range of multi factor authentication options, including biometrics, applications, even a Salesforce connector for the enterprise. You can specify trusted devices, sites you never wish LastPass to offer to save or fill-in password details for, to specify domains which are functionally equivalent and LastPass can apply the same credentials between, and other actions.
You can store your passwords, and generate new passwords, for any website or application - of course, and while there, you can add secure notes relating to any web site or application you use.

For enterprise users, LastPass brings a vast array of features like Azure Active Directory and Okta integration, company-wide policy and password compliance rules, reports, user groups and roles and an API to allow automated user setup and provisioning.

Security is comprehensive, with SOC 2 Type 1 compliance and AES-256 encryption over TLS, and the system operates out of multiple geo-distributed facilities to handle load and redundancy.

Administrators can push sites to user’s LastPass accounts with pre-filled in details, meaning you can set credentials in advance to help users out, even where they do not know the credentials themselves. Of course, they can log in to LastPass and review their credentials, but it does mean administrators can create highly-secure, rather than simple but easily remembered, passwords for new starters from the onset.

LastPass provides an online manual you can read even before signing up and provides an extensive range of browser plugins and apps to cover Windows, OS X, Linux, Android, iOS and Windows Phone.

Rolling out LastPass in your organisation, coupled with desktop, smartphone and browser integration, and with single sign-on whether through Active Directory or other, and with policies, administrator tools and user groups and roles are all tremendous things to set your users on a secure path without the typical hassles of remembering and writing-down passwords; this is the opportunity to make complex password management non-complex in its achievement and execution, letting IT departments sleep at night - and the board also, providing a great deal of risk mitigation around the very vital area of security.

If your company is seeking a password management solution or is experiencing resistance in implementing a password policy, you’d do well to give LastPass’s enterprise features a trial.



As part of our Lead Machine Methodology we will help you get more leads, more customers and more business. Let us help you develop your digital marketing campaign

Digital Marketing is ideal in these tough times and it can replace face to face marketing with person to person marketing via the phone conference calls and webinars

Significant opportunity pipelines can be developed and continually topped up with the help of Digital Marketing so that deals can be made and deals can be closed

- Newsletter adverts in dynamic GIF slideshow formats

- News site adverts from small to large sizes also as dynamic GIF slideshow formats

- Guest Editorial - get your message out there and put your CEO in the spotlight

- Promotional News and Content - displayed on the homepage and all pages

- Leverage our proven event promotion methodology - The Lead Machine gets you leads

Contact Andrew our digital campaign designer on 0412 390 000 or via email



Security requirements such as confidentiality, integrity and authentication have become mandatory in most industries.

Data encryption methods previously used only by military and intelligence services have become common practice in all data transfer networks across all platforms, in all industries where information is sensitive and vital (financial and government institutions, critical infrastructure, data centres, and service providers).

Get the full details on Layer-1 encryption solutions straight from PacketLight’s optical networks experts.

This white paper titled, “When 1% of the Light Equals 100% of the Information” is a must read for anyone within the fiber optics, cybersecurity or related industry sectors.

To access click Download here.


David M Williams

David has been computing since 1984 where he instantly gravitated to the family Commodore 64. He completed a Bachelor of Computer Science degree from 1990 to 1992, commencing full-time employment as a systems analyst at the end of that year. David subsequently worked as a UNIX Systems Manager, Asia-Pacific technical specialist for an international software company, Business Analyst, IT Manager, and other roles. David has been the Chief Information Officer for national public companies since 2007, delivering IT knowledge and business acumen, seeking to transform the industries within which he works. David is also involved in the user group community, the Australian Computer Society technical advisory boards, and education.



Recent Comments