IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more
Reviews

LastPass review: Great to administrate, a little clunky to use

LastPass has the most comprehensive admin portal around but it’s excessively browser-focused

Screenshot of LastPass password vault
Price
£61 per user, per year (LastPass Enterprise)
  • Comprehensive management dashboard
  • Sophisticated identity & access management options
  • Outstanding policy control
  • More expensive than some rivals
  • No desktop clients
  • No password generation for manual creation

LastPass is one of the most recognisable brands in the password management space, although the company has not always been seen in glowing terms by the wider community.

It recently raised the ire of consumers with changes that force free users of its password management service to choose between using it on either desktop or mobile devices, something which caused a spike in the number of people looking for alternatives to the service. 

That said, its business services are as strong as ever, and you could be doing yourself and your company a disservice by passing over LastPass. In fact, we've ranked the software as one of the best password managers on the market, as well as one of the best business password managers.

LastPass review: Client interface

LastPass’s web browser plugin and mobile clients are still among the most widely-used by general consumers, so there’s likely to be less of a knowledge gap when it comes to adoption. 

On the desktop, LastPass is only available as a browser plugin. It supports the most popular browsers on Windows, macOS and Linux, so compatibility won’t be a problem for anyone. The LastPass vault is well designed, and, assuming the admin allows it, web passwords will be automatically captured and entered. 

However, if you need to use or store passwords from elsewhere, such as servers you regularly access via FTP or SSH, you’ll have to manually create an entry using a web vault, and the password generator isn’t available when you do this.

Users can also store payment and address data and secure notes, including encrypted attachments. Like many other password management services, LastPass allows users to link their personal accounts. These are loaded as a new sub-folder in their enterprise vault, allowing them to access their personal passwords. Enterprise policies are applied to this folder when accessed via the user’s work account.

A command line application is also available for management and automation, and is particularly handy for creating and giving access to shared company folders.

LastPass was recently found to be using a number of trackers on its Android app, including some behavioural analytics and profiling tools, alongside more expected crash and error trackers. LastPass tells us that “aggregate data provided by trackers help to identify and troubleshoot issues within the product and prioritize areas to improve and optimize the end user experience.” However, these can be disabled in your LastPass vault, accessible from a desktop browser

LastPass review: Management interface

LastPass has a particularly nice dashboard to help you manage your users. Heads-up displays show total, active, registered and blocked users, figures on the number of policies you have in place and how many users are geofenced, and a chart showing successful and failed authentications – useful for spotting efforts to penetrate your users’ accounts.

LastPass Business and Identity users can be added via a wide range of Single Sign-On portals, but admins for Teams will have to invite everyone by email. Once added, users can be assigned to groups and roles to give them access to different shared vaults and features. Admins can view each user’s saved sides, shared folders, and registered devices.

Policies can be applied to groups and individuals, and range from standard security policies to specific password and multifactor authentication requirements, blocking access from specific countries or devices, and a wealth of other settings. Our only complaint is that the policy list is a little cramped, as they’re shoved into a skinny bar at the right of the interface.

Identity tier subscribers can also roll-out LastPass’s passwordless access systems, allowing users to access their vaults more easily when connected from a specific IP address, geographic location, and enabling device authentication and biometric login models.

LastPass review: Pricing

LastPass’s business offerings start with Teams, priced at £40.80 per user, per year, and intended for SMBs or workgroups with up to 50 users, although this is a recommendation rather than a hard limit. This provides each user with an industry-standard password storage vault with optional two-factor authentication, shared folders for your team, and a dashboard to administrate everything.

The next tier up, Enterprise, has no recommended ceiling on user numbers, and adds Single Sign-On support, personal customer support, API and app integrations, and customisable security policies.

These are extremely flexible, and include settings such as requiring users to link a personal vault to keep them from using their business account to store their own day-to-day passwords, access restriction based on IP address, automatic logout windows, and highly specific control of the kind of secure data and passwords that can be stored or shared.

A more expensive Identity tier adds extra authentication options, taken from LastPass’s subscription-based multi-factor authentication toolset.

Unlike rivals including Keeper and Bitwarden, users within a Teams, Enterprise, or Identity subscription don’t get a free LastPass Personal subscription to go with it.

LastPass review: Verdict

LastPass is still an industry leader, and has one of the best management interfaces around, although the lack of a desktop client for users feels like an omission in a business environment. It’s not cheap, either: Many rivals provide equivalents to the features of LastPass’s Enterprise tier, priced at £61.44 per user, per year, for less. A flat-fee site license is also available for larger businesses.

The adaptive multifactor authentication options of the top Identity tier, designed to provide users with secure and passwordless access to both their vaults and other business identity challenges, are unique, although some rivals such as Keeper are developing similar tools in parallel. LastPass Identity is certainly costly, at £81.60 per user, per year, and its comprehensive identity verification functions – also available without password management –  are beyond the scope of this review.

The lack of a desktop client is an irrelevance to web-oriented personal users, but if you have staff members who’ll be accessing desktop applications and remote servers without going via a web browser, flipping to a browser plug-in just to copy out passwords can slow the workflow.

LastPass’s online vault is still great to use, and its top tiers are lavish when it comes to providing features, but for price and convenience, Bitwarden and Dashlane provide a better business password management solution right now.

Featured Resources

2023 Strategic roadmap for data security platform convergence

Capitalise on your data and share it securely using consolidated platforms

Free Download

The 3D trends report

Presenting one of the most exciting frontiers in visual culture

Free Download

The Total Economic Impact™ of IBM Cloud Pak® for Watson AIOps with Instana

Cost savings and business benefits

Free Download

Leverage automated APM to accelerate CI/CD and boost application performance

Constant change to meet fast-evolving application functionality

Free Download

Recommended

GoTo admits hackers stole customer backups in LastPass breach
hacking

GoTo admits hackers stole customer backups in LastPass breach

25 Jan 2023
LastPass customer password vaults stolen, targeted phishing attacks likely
Security

LastPass customer password vaults stolen, targeted phishing attacks likely

23 Dec 2022
LastPass admits 'elements' of customer data accessed in breach
hacking

LastPass admits 'elements' of customer data accessed in breach

1 Dec 2022
Revealed: The top 200 most common passwords of 2022
cyber security

Revealed: The top 200 most common passwords of 2022

17 Nov 2022

Most Popular

Warning issued over ransomware attacks targeting VMware ESXi servers globally
cyber attacks

Warning issued over ransomware attacks targeting VMware ESXi servers globally

6 Feb 2023
Yandex data breach reveals source code littered with racist language
data breaches

Yandex data breach reveals source code littered with racist language

30 Jan 2023
BT Group extends Kyndryl deal to migrate legacy mainframe apps to the cloud
Business strategy

BT Group extends Kyndryl deal to migrate legacy mainframe apps to the cloud

31 Jan 2023