You don’t use chewing gum and duct tape to lock the warehouse doors that protect your inventory, and you can’t rely on employee passwords like qwerty or iloveyou to secure your enterprise network and confidential data.
Protecting your network is made more complex by the fact that every digital device — laptop, tablet, and smartphone — connected to it is a potential entry point for hackers.
LastPass for business is one of the best identity management software solutions. You’ll pay a hefty price to access all its features, however, so let’s take a deep dive into its pros and cons to see if it’s right for your small business.
Who is LastPass for business for?
Founded in 2008, LastPass originally focused on freemium password management for individuals and their families. LogMeIn bought LastPass in 2015, and its identity and access management (IAM) applications for small and medium-sized businesses (SMBs) are available via the web, browser extensions, and mobile apps.
Businesses using LastPass include the travel site TripLegend and healthcare technology company Flatiron Health.
LastPass has multiple products and plans for individuals and families, but we’ll focus on its business applications: SSO, MFA, and password management.
Single sign-on (SSO)
Chances are your employees access multiple company accounts every day to use applications such as MS Outlook, Zoom, and Salesforce. Each company or personal digital device — laptop, smartphone, or tablet — that they use to log into these accounts is a potential entry point for bad actors.
LastPass SSO lets employees use your company’s applications after logging into a single interface and allows you to set password policies to prevent weak employee-generated passwords. The LastPass portal supports more than 1,200 pre-integrated applications and includes password vaults for each user.
Need to use an app not included in the LastPass catalog? Add it from within the SSO admin console.
Multi-factor authentication (MFA)
If hackers have enough computer power and time, they can discover any password. MFA adds more security to the login process by requiring users to input secondary identification factors. These factors include things that you:
- Know: Answer to a security question
- Have: A one-time password (OTM) or sent to a separate device/account
- Are: Fingerprint or facial recognition
LastPass’s free Authenticator app includes six-digit automatically generated passcodes, texted codes, and automated push notifications.
Adaptive authentication takes MFA further by assessing the risk level of each login attempt based on location, device, and user behavior to apply appropriate security measures.
For example, if I logged into my company LastPass account from my office desktop, LastPass would recognize it and let me in with only my password. But if someone on an unrecognized device tried to log in from outside the U.S., LastPass would use MFA.
LastPass can’t do all the heavy lifting to secure your network, so its reporting features provide the necessary data for actionable insights. This begins with the admin dashboard, which gives you an overview of user activity and password security.
LastPass’s Enterprise plan lets you drill down further with multiple report types:
- User activity: Login events, password or username updates, attempted or completed form fills, and deleted sites.
- Admin activity: Created, deleted, disabled, or reactivated employee accounts, master password resets, added user admin permissions, and removed users.
- Security: Reused master passwords, weak security challenge scores, and duplicated passwords.
LastPass has a shared folders report — you can securely store company data within your account — but I’m not sure how useful this is. Most companies needing IAM software likely already have a dedicated content management system (CMS) or equivalent via help desk or customer service applications.
LastPass’s ease of use
Information technology (IT) departments love LastPass because it significantly reduces ongoing help desk requests for new or reset passwords and automatically applies stringent password policies.
If you use a security operations center (SOC), LastPass reports help flesh out your social network diagram — the interconnected relationships between people, devices, and applications.
Once users have their accounts set up, they appreciate the cross-device functionality and separate password vaults for company and personal logins. The interface can take some time to learn, and password synching across multiple devices and the Password Manager app can be slow at times.
If LastPass has an Achilles heel, it’s the limited support options, which steer users toward email and online help tickets and don’t make phone support easily accessible.
If you have a system-wide issue, your IT department needs quick telephone support to reduce downtime and ensure continued employee access to linked accounts.
Users also report they’d like more onboarding resources because the LastPass portal can be clunky at times and hard to figure out on your own. If you decide to go with LastPass, your best option is designating your own power user(s) to train new employees and serve as their first resource for help.
LastPass business pricing has four options:
- MFA: $36/year, per user — Only provides MFA with support for unlimited users and includes a security dashboard, standard two-factor authentication (2FA), adaptive biometric authentication, contextual authentication policies, workstation login, authentication reporting, self-guided support, and a customer success manager.
- Teams: $48/year, per user (up to 50 users) — Only provides password management and includes an admin console, password vault for each user, password generator, save and auto-fill passwords, standard 2FA, and self-guided support.
- Enterprise: $72/year, per user — Provides password management and SSO for unlimited users, 100+ customizable security policies, 1,200+ integrated SSO applications, contextual access policies, SSO portal for employees, and detailed SSO login reports.
- Identity: $96/year, per user — Supports unlimited users and includes all features in the MFA and Enterprise plans.
If you want both MFA and SSO functionality, you must get the Identity plan. All plans include a 14-day free trial, or you can sign up for a LastPass demo. Quote-based site licenses are also available.
LastPass says it offers telephone support, but no phone number or information about how to access it is provided on its website. Instead, business users are steered toward email or submitting support requests from the admin dashboard within the LastPass interface.
Self-service resources include:
- Knowledge base
- Community forums
- Admin toolkit
Enterprise and Identity admins and users can get live online training for free. The LastPass blog has articles about general industry news, product updates, and tips and tricks.
Benefits of LastPass
Many users are resistant to IAM software because it creates extra hoops to jump through, including secondary authentication factors and restrictive password policies, but LastPass has more features to enhance the SSO and MFA user experience.
LassPass’s password management features streamline the login process while securely storing passwords:
- Autofill: Automatically log into sites and applications.
- Password generator: Instantly create strong passwords.
- Shared passwords: Securely share passwords without using chat or email.
LastPass also includes company and personal password vaults for each user. Every account is backed up and synced across multiple devices such as desktops, laptops, tablets, and smartphones. When employees leave a company, they take their personal passwords with them while leaving company credentials behind.
Going to the LastPass user portal multiple times each day isn’t convenient, so users can install the LastPass browser extension for faster access to connected applications. The extension is available for all major browsers and operating systems.
Each time you create a new account or visit a new site with a login page, the browser extension will ask if you want to save it to your LastPass vault. When you change a site password, the extension also asks if you want to update it in your password vault.
You must disable your browser’s default password manager so it doesn’t interfere with the LastPass extension. Once you do this, you can access your login credentials whenever you need them because LastPass syncs across all your devices.
Password management app
Your employees won’t always be at their desktop computers in the office, so the free LastPass Password Manager app gives them access to their password vaults when they’re using the web on the go.
Password Manager app features include:
- Cross-platform functionality
- Autofill logins
- Multiple device synchronization
- Automatic password creation
- Fingerprint security
I never give the passwords saved in my laptop browser much thought until I need to access an account on my smartphone. If it’s not already saved in my phone’s separate password manager, I usually end up resetting it and must backtrack later to update it across my laptop and other devices.
The LastPass Password Manager app circumvents these headaches.
Your one-stop identity management solution
If you want robust IAM software, LastPass has the functionality you need: SSO, MFA, adaptive authentication, browser extensions, and mobile apps. It doesn’t come cheap, however, and you must commit to at least a year’s subscription.
The LastPass Teams plan is the most cost-effective option if you only need basic password management, but check out the LastPass Enterprise trial to experiment with its SSO features.
View more information: https://www.fool.com/the-blueprint/lastpass-for-business-review/