We performed a comparison between HashiCorp Vault and LastPass based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, HashiCorp, Amazon Web Services (AWS) and others in Enterprise Password Managers."For me, the most valuable features include that it's easy to manage and maintain the password API for retrieving passwords and other things."
"It's stable. I would rate the stability a nine out of ten."
"It is an added value for our customers to have a Secrets Management workflow available that is PaaS/CaaS/KaaS Platform agnostic."
"It is a good product to consider for companies who are looking to build on-premise or hybrid infrastructure."
"The most valuable feature of HashiCorp Vault is that it's an open source solution. Second, it's cloud agnostic, so it's very easy to maintain and control, which is why we prefer HashiCorp."
"The most valuable feature of HashiCorp Vault is the management of tickets in the pipeline."
"The product is free and easy to use. It is well documented with an easy implementation process."
"We were using it because we have compliance requirements around secret management. Having a secure vault and encrypting data was an additional requirement. When we looked at it first, we were just looking for a vault, like a lockbox. The greatest benefit of HashiCorp is its ability to manage encryption on the fly. It provides encryption of data at rest, in use, in transit, on the fly, and linked with applications, which was really attractive."
"It is easy to use."
"Until now, I haven't found anything like the dashboard. It gives you a security score. I find that to be really great. The Sharing Center is really great as well. And the Security Challenge is really great too."
"Reduction in number of sensitive passwords stored insecurely on local systems."
"It's always hard to put a value on return on investment. You avoid one breach and it's paid for a million times over. We got a penetration test company internally, just to see how secure our network is, and there happened to be one bit of software that had been overlooked by an external company that managed it. It hadn't been upgraded so that managed to get them into the network. They would've been able to access through the test thing a file that we had previously. If that was a real-life scenario they would have been able to get into our network and get full access to our organization's passwords. If they did get in, they would have gotten access to the cloud. The ROI we see is that we are completely secured compared to what we had previously where there was a vulnerability."
"Increased security around password management for teams and collaborative efforts with external vendors."
"The shared folders is an important feature. It's the primary feature we use. Also, the ability for LastPass to autofill and hide the passwords, so we don't have to keep changing passwords every time a person leaves, is valuable."
"Off-boarding of people is easy without changing shared account passwords."
"The most valuable feature is the liberty of keeping encrypted passwords and elevated information in a sealed vault."
"The onboarding is a challenge. It should be more self-service, but it involves reviews and approvals."
"I would rate the stability a six out of ten. There are some bugs and glitches. We are in touch with the vendor to resolve them."
"The documentation is very general; it should have more examples and more use cases."
"The product is complicated to install."
"I don't think there are any major improvements required—so far, so good. However, I think that having more training materials, such as videos, and documentation available would be helpful. I would prefer to have more videos available either on the official site or on YouTube."
"There could be a plugin for the database to change the secret automatically. It would be an efficient feature for password security."
"The solution could be much easier to implement."
"A drawback for some clients who have to be PCI compliant is that they still need to use and subscribe to an HSM (Hardware Security Module) solution."
"I also don't like the add-in for Internet Explorer and Google Chrome, because when you do the add-in, you can actually save that to your credentials in your IE, and the problem is, if I left my screen open, or any of the IT people leave their screen open someone could come up and access all their credentials in LastPass without having to put a password in within your own network. I don't like that functionality. We've banned that from any of our staff adding that as an add-in because we see that as a security risk."
"Its user interface should be better, and there should probably be more information about scalability."
"Right now we have two products; there is the password manager and there is the authenticator app. Ideally, these should be fully integrated and support better handling of two-factor authentication or any other authenticator data."
"The biggest thing is there is no good way to have LastPass rotate passwords without human intervention. Right now, we have to go into each folder, then rotate and manually update each password. It can be done it by loading a bunch of passwords into a spreadsheet, but this makes the whole process insecure because then the passwords have been noted into a spreadsheet which have to be upload. We have to go into 40 to 50 applications and manually update passwords, because we don't view their solution of writing a bunch of passwords on a spreadsheet, then uploading them as a secure solution. This should be done internally within LastPass."
"Our biggest issue over the years was around the stability of the LDAP sync to AD."
"One thing I wish LastPass had is an integration with Active Directory, not for synchronizing users but to actually manage, in some way, privileged accounts by replacing the password of LastPass itself."
"I struggle a little bit with the mobile app. As a browser extension, it works really well, and we are able to get to what we need to. However, on the phone, it's not quite as easy to navigate."
"The ability to set up an account expiration limit/date would be very useful."
Earn 20 points
HashiCorp Vault is ranked 2nd in Enterprise Password Managers with 16 reviews while LastPass is ranked 17th in Enterprise Password Managers. HashiCorp Vault is rated 8.2, while LastPass is rated 7.4. The top reviewer of HashiCorp Vault writes "Useful for machine-to-machine communication and has secret engine feature ". On the other hand, the top reviewer of LastPass writes "Straightforward to set up, good support, intuitive to use, and offers good value for the cost". HashiCorp Vault is most compared with Azure Key Vault, AWS Secrets Manager, CyberArk Enterprise Password Vault, Delinea Secret Server and 1Password, whereas LastPass is most compared with Azure Key Vault, BeyondTrust Password Safe, Keeper, CyberArk Enterprise Password Vault and Delinea Secret Server.
See our list of best Enterprise Password Managers vendors.
We monitor all Enterprise Password Managers reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.