LastPass is password management software that’s been popular among business and personal users since it was initially released in 2008. When it was acquired by LogMeIn (now GoTo) in 2015, it became part of a suite of cloud-based collaboration tools. Like other password managers, LastPass provides a secure vault for your login credentials, personal documents, and other sensitive information. Your business can use LastPass to maintain unique passwords for each employee’s online accounts—a critical practice for modern cybersecurity health.
Notable LastPass features: MFA, SSO, and more
Two unique features that LastPass offers are support for multi-factor authentication (MFA) and single sign-on (SSO). Although these two features are restricted to the more expensive LastPass edition, they can play a major role in securing your company’s access points.
With MFA, your IT administrators can configure an extra layer of authentication that combines biometric technology with contextual intelligence. It verifies a user’s identity beyond just the login details they provide; it considers their geographic location, IP address, and biometric data (from a smartphone) to ensure everyone who accesses your business applications is exactly who they say they are.
SSO reduces the number of login details you and your employees need to remember. Instead, you can access all of the applications you need from a single dashboard. This technology uses the SAML protocol to authenticate your identity across all applications and platforms.
Aside from MFA and SSO, LastPass also offers strong features for password sharing, administrative controls, and integrations. LastPass fits in with existing workflows and supports collaboration while preserving your business’s cybersecurity perimeter. Plus, its dark web monitoring features will alert you if any of your access credentials are compromised.
LastPass advantages: flexibility and user interface
Two of the biggest advantages LastPass offers is its flexibility and scalability. The Team plan offers basic features, but it might be a good fit if you have fewer than 50 employees. As your business grows and your needs change, it’s easy to upgrade to the Business plan to get unlimited users, customizable security policies, federated login, and more. It’s also easy to expand your access and authentication capabilities with optional add-ons for advanced MFA and SSO needs.
Additionally, the LastPass user interface is arguably one of the most intuitive password managers on the market today. The look and feel of the LastPass applications is consistent across laptops, tablets, and smartphones, so you’ll be able to find the right information easily without spending a long time searching for it. If you’re looking for a tool that will be accessible for people with limited technical knowledge, this might be an important advantage.
LastPass disadvantages: history of hacking
One of the biggest risks with using LastPass is its track record with preventing hacks. In 2011, LastPass CEO Joe Siegrist announced that the company’s servers may have been breached, as evidenced by anomalies in network traffic. Out of an abundance of caution, the company assumed a worst case scenario and asked all users to change their master passwords.
In 2015, LastPass admins detected another instance of suspicious activity, which led to a more serious security breach. An investigation revealed that email addresses, password reminders, authentication hashes, and other data were compromised. Encrypted user vaults were not jeopardized, but there was still a considerable risk that hackers could gain access using the compromised data if users didn’t change their passwords again.
Reports of less severe vulnerabilities surfaced in 2016, 2017, 2019, and 2021. Although none of these security incidents led to major data breaches, they’re enough to make users skeptical of LastPass’s security controls. Those issues have created an opening for competitors who claim to have an impenetrable security architecture.
LastPass is available in two separate editions:
- Teams: $4/user/month
- Business: $6/user/month
Business accounts have the option to add extra functionality:
- Advanced SSO: $2/user/month
- Advanced MFA: $3/user/month
- Advanced MFA/SSO bundle: $9/user/month
Get the Free Cybersecurity Newsletter
Strengthen your organization’s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices.