LastPass Reviews

We use it internally as a password vault for all of our core enterprise admin passwords. It is a storage vault.

It provides us the ability to create different levels of access for different teams. We can create a profile for a service desk person versus an application administrator versus an IT manager, so we can have access to different applications provisioned. Therefore, the password changing process isn't as onerous.

The biggest thing is there is no good way to have LastPass rotate passwords without human intervention. Right now, we have to go into each folder, then rotate and manually update each password. It can be done it by loading a bunch of passwords into a spreadsheet, but this makes the whole process insecure because then the passwords have been noted into a spreadsheet which have to be upload. We have to go into 40 to 50 applications and manually update passwords, because we don't view their solution of writing a bunch of passwords on a spreadsheet, then uploading them as a secure solution. This should be done internally within LastPass. This would be a huge win, as this is the one place where I don't feel like they are enterprise ready, and we are using a work around for something that they should have.

It is not super feature laden. It does not stand out versus the competition.

The stability has been rock solid. A couple of years ago, they were breached. However, if you had two-factor authentication enabled, it didn't affect you. We did, so it has been good.

Scalability needs work from LastPass. However, there is no plan to scale up or down from our company. It is just on an as needed basis.

LastPass has been bounced around a bit. They are now owned by LogMeIn, so we have had a little bit of a challenge keeping track of who our account manager has been. We have found this to be confusing sometimes. You pick up the phone not knowing if you are looking for LogMeIn or LastPass. At one point, we had LogMeIn services here, so I was contacting the wrong account rep, and it took about a week to figure out who the right account rep was. So, that's a little wonky. It would be nice if they could consolidate their systems, so their customers have one view of the overarching company.

Tech support has been good. We haven't needed it much, because it is not a complex application. There is not that much you have to do with it. 

We have not seen any ROI. Security is funny though. You don't see ROI unless you are breached. This product helps keep us secure.

It would be nice to do a quarterly true-up process with them versus having to buy 50 licenses at a time when we realize we're out, then we have to buy more. So far, they have been nice about letting us exceed our allotment and just letting us true-up on our own, but a more robust quarterly true-up process would be good.

The pricing and licensing are okay. Basically, at the last contract negotiation, they attempted to jack the rate up and we just said, "No." We still did negotiations with them, but they bumped everything up quite a bit. 

I understand that we are old clients and were paying an older rate, but it was something that we would never do to one of our customers. We would work with a customer to move them up to the new standard rate, but not all in one year. Therefore, we were miffed at how much they wanted to bump up the price right away.

They came back and were reasonable in the end. However, it was all sort of shocking.

We evaluated 1Password and LastPass. 

I don't know the major differences between the two companies. I don't use 1Password, although it looks pretty cool. I know people that swear by 1Password. I know others that say LastPass is better because LastPass has never been breached if you have two-factor authentication. I think that the reason that we use LastPass instead of 1Password is because whoever started the initial setup was familiar with LastPass.

We keep checking back with LastPass to see if they have the password resets enabled, and they don't. If 1Password, ever does this, go use them.

Make sure you have two-factor authentication enabled.

Not everyone in the company uses LastPass because a license is required. We have half to two-thirds of the company on it. The people on the company primarily using it are either in IT or production operations.

We are SOC 2 compliant. Thus, we have to be able to demonstrate that we are pretty well locked down.

We don't need staff to maintain it. The two biggest things with it are ordering more licenses and rotating passwords when someone leaves the organization.

Most important criteria when selecting a vendor: 

• SOC 2 compliance 
• Uptime 
• SLAs
• Terms of service 
• Indemnity
• Functionality.

The primary use for our LastPass solution is that we have a lot of shared accounts that we have our employees use.

It definitely has allowed us to manage the passwords a lot better. From a security standpoint, we don't have to worry about changing passwords every time one person leaves. That is a big improvement in our productivity.

The shared folders is an important feature. It's the primary feature we use. Also, the ability for LastPass to autofill and hide the passwords, so we don't have to keep changing passwords every time a person leaves, is valuable. 

We have issues from time to time where, for some reason, it just keeps auto logging-out the user and then, the next day, they'll come in and it will work just fine. We have had some weird issues with that.

Scalability is fine, no issues with that, especially now that they have added different user-level permissions. That has made it a lot easier to delegate out certain features to have other people do.

I've rarely contacted their tech support, so I don't really have any feedback on it.

We did not have a previous solution for our business.

It was really straightforward to set up.

ROI is a hard thing to quantify. It definitely saves us a lot of time. I know for sure that it's worth the value of the license price we are currently paying, but that's why we have to reevaluate it with the price doubling.

The previous pricing was of good value. I don't really know, as of now, whether the new pricing is. The Enterprise license is $48 per license per year now. That is a steep increase of $24, which is what it was when we first signed up.

We have roughly 200 licenses so that double price definitely adds up pretty quickly.

We pretty much evaluated all of the solutions we needed, and because I'm a personal user of LastPass it was really easy to choose it.

We evaluated 1Password and things like it. Because we've been using LastPass for a few years now, I don't recall all of the others. But, honestly, we'll probably have to reevaluate options once our contract is up, due to the fact that LastPass did increase its price. It's double what it was two years ago, which is quite a steep increase.

The big pro is it was one of the only ones, when I looked two years ago, that had the ability to hide passwords and autofill them, from different users. That's the big feature we've needed. That's why we went with LastPass.

I would rate it about seven out of 10. It has a lot of good features. But being the most expensive on the market definitely does not make it the best of the best, or the prime. If it had the best features and the best price, or a competitive price, it would be great. But LastPass is now probably the most expensive enterprise password manager on the market, so it's hard to give it a higher rating. But it does have a lot of good features.

Our primary use case is for enterprise password management.

• It increased security around password management for teams and collaborative efforts with external vendors. 
• A reduction in the number of sensitive passwords stored insecurely on our local systems.

For our company:

• Enterprise admin console
• Reporting
• Integration with Active Directory

• It needs more flexibility/functionality around making enterprise changes. 
• It needs more granular admin capabilities for a global distributed company. 
• The ability to set up an account expiration limit/date would be very useful.

We have had some issues, such as our 'security score bug' and various minor issues. Our biggest issue over the years was around the stability of the LDAP sync to AD. This now seems to have been largely resolved.

There are some challenges around global administration.

Technical support is generally pretty good, but they are not easy get on the phone with quickly.

We did not previously have an enterprise solution. Various groups used ad hoc systems.

The initial setup was fairly straightforward.

You do not have to purchase licenses for your entire organization. You can scale as adoption grows.

We did not evaluate other solutions.

You should make sure you know what you are doing before you sync with AD, or you could have a mess on your hands to clean up.

Primary usage is password management and sharing of credentials.

• Sharing passwords
• Deactivating users
• Controlling company logins
• Import existing credentials from different file formats.

Off-boarding of people is easy without changing shared account passwords.

Sharing Passwords with new employees for quick onboardings.

There is no group inheritance.
The management through the plugin is poor. It consumes tons of client resources especially as an administrator.
The plugin crashes from time to time.
URL recognition is difficult especially when adding new credentials, LastPass saves the Account creation url. Also when resetting a password, Lastpass recognizes the password change, great, but it also adds the password reset URL to the site. So when using the plugin and navigating to the saved url, you always end up in the password reset URL of the respective service.
As well you need to double check the settings. You have 3 options (hide passwords, read only, administrator) but when sharing a folder with a group or user, the check boxes randomly change, so you need to open the share settings again to check the checkboxes.
All passwords can be read if you are familiar with input fields and their manipulation. This is something LastPass might not be responsible but there must be an implementation if the input field is not "Password" that it does not fill in then password.
Further more there are several websites with Javascript features in the password field like "show pass" or other fancy features which overlay the Lastpass plugin and deny the Lastpuss button in the input field to be used.
The search is poor, got better with the recent update for chrome browsers.
credentials are not sorted by letter.
You cant share single credentials out of a folder to individuals. So either you extract the single entry into a new folder and share it with former group and single person or you share the whole folder to the user. This makes it a bit messy and having in mind that the plugin is really really slow you rather want to have fixed folders with fixed groups on the folder and add indivduals in the enterprise panel --> groups section. With the limitations mentioned you end up with almost same amount of groups as users in your account.

We have been using this service for two and a half years now.

Updates for browsers are not as regular as security issues arise.

We have had stability issues several times.

The more credentials you have the slower this app is.

Support answers quickly when enterprise customers call/write. Solutions are sometimes poor and un-reproducible. For example, they ask if you can logoff, login, or restart your computer which have no effect on the error reported. As well there are problems with shared credentials not available to allowed shared users and also available to not allowed users. After filing a ticket, magically it is solved without any feedback from support why this happened. This makes it really dangerous if you trust this software and by accident recognize on a client machine that the user has access to credentials which shouldnt be in the vault of the user.

We used keepass before.

Why we switched: Because we believed in feature and usage improvement, as well as more credential control.

The installation was not at all straightforward. Naming is hard, URL recognition is painful, and auto-fill is freaking people out. Imagine you have 100 different logins for Google (Adwords, Analytics, personal, merchant), and LastPass always fills out the first match, based on the URL.

Inhouse.

If you import from sources like XML, keepass, CSV files be sure to clean the import files, this reduces the adjustments in the slow tool itself. So take some extra effort to have clean files when moving to LastPass otherwise you end up manipulating each individual entry.

We have not evaluated other options, we were more or less early adopters and haven't tried other solutions.

Consider picking another solution.