Why Lastpass Is Not For Large Organizations
It takes less than 90 seconds to download, but really putting Lastpass to good use takes much longer and is more cumbersome than I expected. Which is only one of the reasons why I cannot recommend it for an enterprise use.
It was free to install Lastpass on my Mac, but it was not altogether easy, not even for an experienced computer user like me. When I first downloaded it, I was confused that literally nothing changed at all, except that my computer slowed down and seemed to crash. No window opened, nothing was stored in the downloads folder. Then I realized, that I had to activate a certain area in my browser, Safari, to find LastPass on my computer again. It might seem like a minor hiccup, but in my old organization this would have thrown a majority of people off. Or it would have lead to dozens of scared calls to the IT hotline: “What have I done wrong?”
In addition, it seems like the service needs a new installation with every web browser. But most companies of a size larger than several hundred employees in my experience use applications that run on one web browser but not on another. Or they do not allow certain web browsers for security reasons. Would LastPass need to be newly installed on all of these browsers? Is the installation process similar for all of the browsers? Again, I can see the IT hotline glowing. And while all this might seem like a practical challenge that can be overcome by pre-installing the program on all computers, or by installing it department by department, I am confident that my old organization’s already overworked IT department could not have put up with this on top of all their other duties.
Is it really safe?
Once installed, one can add any website with a password to LastPass and it stores all passwords in a vault. All you need is a master password, then click on the website in your vault and you do not need to sign in anymore with a separate password. This is meant to add security and make it easier to deal with many different passwords. But I have found that when you sign in, LastPass gives you the option to save the master password in your browser so that it automatically appears when you click to sign in. Since in large organizations, people often change and share computers, this is a security hazard. I have personally found people’s log-ins in my old company. But with Lastpass, you do not only have one password — you have them all!
What about group log-ins?
At my organization, like in many others, teamwork is an essential part of the day. We also had many applications that we used as a team, and as a team we often shared a common password for them. While it is great that with LastPass nobody can ever again forget the team password and or change it without telling anyone and then forget about it, it is also a potential hazard. Yes, it is pretty straightforward to change a password once a team member no longer works for the organization, but in practice people are often not as careful. Especially, when it is so convenient to log in via LastPass and not bother about any passwords. An easy gateway to data and applications for access for former employees.
LastPass seems to make it easier to use a variety of different passwords, which is supposed to make the use of websites with a log-in safer. And individuals may find that useful. But for a large organization, the logistics of LastPass and some of its features may just be too hard to overcome.