LastPass review: Great to administrate, a little clunky to use

LastPass has the most comprehensive admin portal around but it’s excessively browser-focused

Screenshot of LastPass password vault
£61 per user, per year (LastPass Enterprise)
  • Comprehensive management dashboard
  • Sophisticated identity & access management options
  • Outstanding policy control
  • More expensive than some rivals
  • No desktop clients
  • No password generation for manual creation

LastPass might have raised the ire of consumers with changes that force free users of its password management service to choose between using it on either desktop or mobile devices, but its business services are as strong as ever.

LastPass’s business offerings start with Teams, priced at £40.80 per user, per year, and intended for SMEs or workgroups with up to 50 users, although this is a recommendation rather than a hard limit. This provides each user with an industry-standard password storage vault with optional two-factor authentication, shared folders for your team, and a dashboard to administrate everything.

The next tier up, Enterprise, has no recommended ceiling on user numbers, and adds Single Sign-On support, personal customer support, API and app integrations and customisable security policies. 

These are extremely flexible, and include settings such as requiring users to link a personal vault to keep them from using their business account to store their own day-to-day passwords, access restriction based on IP address, automatic logout windows, and highly specific control of the kind of secure data and passwords that can be stored or shared.

A more expensive Identity tier adds extra authentication options, taken from LastPass’s subscription-based multi-factor authentication toolset.

Unlike rivals including Keeper and Bitwarden, users within a Teams, Enterprise or Identity subscription don’t get a free LastPass Personal subscription to go with it.

LastPass review: Client interface

LastPass’s web browser plugin and mobile clients are still among the most widely-used by general consumers, so there’s likely to be less of a knowledge gap when it comes to adoption. 

On the desktop, LastPass is only available as a browser plugin. It supports the most popular browsers on Windows, macOS and Linux, so compatibility won’t be a problem for anyone. The LastPass vault is well designed, and, assuming the admin allows it, web passwords will be automatically captured and entered. 

However, if you need to use or store passwords from elsewhere, such as servers you regularly access via FTP or SSH, you’ll have to manually create an entry using a web vault, and the password generator isn’t available when you do this.

Users can also store payment and address data and secure notes, including encrypted attachments. Like many other password management services, LastPass allows users to link their personal accounts. These are loaded as a new sub-folder in their enterprise vault, allowing them to access their personal passwords. Enterprise policies are applied to this folder when accessed via the user’s work account.

A command line application is also available for management and automation, and is particularly handy for creating and giving access to shared company folders.

LastPass was recently found to be using a number of trackers on its Android app, including some behavioural analytics and profiling tools, alongside more expected crash and error trackers. LastPass tells us that “aggregate data provided by trackers help to identify and troubleshoot issues within the product and prioritize areas to improve and optimize the end user experience.” However, these can be disabled in your LastPass vault, accessible from a desktop browser

LastPass review: Management interface

LastPass has a particularly nice dashboard to help you manage your users. Heads-up displays show total, active, registered and blocked users, figures on the number of policies you have in place and how many users are geofenced, and a chart showing successful and failed authentications – useful for spotting efforts to penetrate your users’ accounts.

LastPass Business and Identity users can be added via a wide range of Single Sign-On portals, but admins for Teams will have to invite everyone by email. Once added, users can be assigned to groups and roles to give them access to different shared vaults and features. Admins can view each user’s saved sides, shared folders, and registered devices.

Policies can be applied to groups and individuals, and range from standard security policies to specific password and multifactor authentication requirements, blocking access from specific countries or devices, and a wealth of other settings. Our only complaint is that the policy list is a little cramped, as they’re shoved into a skinny bar at the right of the interface.

Identity tier subscribers can also roll-out LastPass’s passwordless access systems, allowing users to access their vaults more easily when connected from a specific IP address, geographic location, and enabling device authentication and biometric login models.

LastPass review: Verdict

LastPass is still an industry leader, and has one of the best management interfaces around, although the lack of a desktop client for users feels like an omission in a business environment. It’s not cheap, either: Many rivals provide equivalents to the features of LastPass’s Enterprise tier, priced at £61.44 per user, per year, for less. A flat-fee site license is also available for larger businesses.

The adaptive multifactor authentication options of the top Identity tier, designed to provide users with secure and passwordless access to both their vaults and other business identity challenges, are unique, although some rivals such as Keeper are developing similar tools in parallel. LastPass Identity is certainly costly, at £81.60 per user, per year, and its comprehensive identity verification functions – also available without password management –  are beyond the scope of this review.

The lack of a desktop client is an irrelevance to web-oriented personal users, but if you have staff members who’ll be accessing desktop applications and remote servers without going via a web browser, flipping to a browser plug-in just to copy out passwords can slow the workflow.

LastPass’s online vault is still great to use, and its top tiers are lavish when it comes to providing features, but for price and convenience, Bitwarden and Dashlane provide a better business password management solution right now.

Featured Resources

The ultimate law enforcement agency guide to going mobile

Best practices for implementing a mobile device program

Free download

The business value of Red Hat OpenShift

Platform cost savings, ROI, and the challenges and opportunities of Red Hat OpenShift

Free download

Managing security and risk across the IT supply chain: A practical approach

Best practices for IT supply chain security

Free download

Digital remote monitoring and dispatch services’ impact on edge computing and data centres

Seven trends redefining remote monitoring and field service dispatch service requirements

Free download


Telegram bots are out to steal your one-time passwords

Telegram bots are out to steal your one-time passwords

30 Sep 2021
What makes a password secure?

What makes a password secure?

28 Sep 2021
Robust password policies cut cyber attacks by 60%
cyber security

Robust password policies cut cyber attacks by 60%

13 Sep 2021
1Password Business review: First choice for business travel and guest accounts

1Password Business review: First choice for business travel and guest accounts

16 Jul 2021

Most Popular

Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
HPE wins networking contract with Birmingham 2022 Commonwealth Games
Network & Internet

HPE wins networking contract with Birmingham 2022 Commonwealth Games

15 Oct 2021
Veritas Backup Exec 21.3 review: Covers every angle
backup software

Veritas Backup Exec 21.3 review: Covers every angle

14 Oct 2021