LastPass is a password management application to simplify access to enterprise applications for users but also increase centrality and ease of management of access for administrators with task automation, convenient and secure password sharing, and other features.
$0
Yubico YubiKeys
Score 9.5 out of 10
N/A
Yubico YubiKeys make the internet safer with phishing-resistant multi-factor authentication (MFA) by providing simple and secure access to computers, mobile devices, servers, and internet accounts. The Yubico YubiKey stops account takeovers at scale by mitigating phishing and ransomware attacks, and delivers users authentication with a simple touch or tap.
They offer ways to store passwords or MFA support, but most need a root password. In addition, LastPass and 1Password do not have much support for MFA. This results in a lack of MFA support. For Okta, although it offers MFA and SSO, the OTP can be very annoying to have as I do …
For any business that is remote - this is an absolute must. Businesses that are brick and mortar that don't have a lot of passwords or not a lot being used across the board, this may not be something a company like that would have a need for. But anything remote or with many employees using logins to outside websites and apps, this is the way to go.
I think, as I said, it's perfectly suited for second-factor authentication where all you have to do is a security team registers the key and you put it in your laptop and then you use it as a second factor. I think that's the best use case governing all access to making it a mandatory second factor so not relying on your cell phone or authenticator app, you just have this hardware thing which is much more secure and you can carry it with you as well when you are traveling.
Remote access. I'm able to sign documents with the certificates that we have placed on our Yubico YubiKeys, so it's nice to be able to sign a document from anywhere, from any computer with my YubiKey instead of having to look for an adapter for my common access card.
It can be about access control because either right now it's just you have access or you don't have access. I think there can be a use case where you are allowed a particular set of servers and not a particular set of servers. I think maybe it's there or we don't use it, but I haven't seen that. I think I've used Yubico YubiKeys at two companies and I haven't seen that. Maybe that's something that can be added.
LastPass has been a game changer for me. I keep more than 100 passwords for financial sites for my company and many of those sites will automatically log you out if you've been idle for 10 or 15 minutes. Typing and re-typing credentials is not only extremely inefficient, but it also adds the risk that you could type them incorrectly and have your account locked. LastPass fills in all my credentials automatically and helps me to generate secure passwords for new sites. I will always want this software on my machine because it makes my life so much easier.
As for implementing YubiKey its simple so I don't see us using anything else as we have experienced no issues so fare. Adding these to our environment is still new for us currently but in the transition phase I only see us buying YubiKey. It is highly rated and well known and cost is reasonable so no need to find another solution.
I login to LastPass when I turn on my computer in the morning and I use it throughout the day. I cannot express how much easier, quicker, smoother (running out of adjectives) this is than our old Excel spreadsheet. I don't bookmark pages anymore, I put them in last pass as all I have to do is search for the site name, press launch and because I have auto signin for most of the sites, I'm in and doing my business in seconds. Truly a blessing!
I give slightly better than average rating because of the complexity in using a Yubikey. It is not as easy as native push notifications for 2FA products, however, it provides much better strength. Rating this higher or lower would be a disservice to people reading this review. If you are in the market for a hardware 2FA tool, Yubikey will be a great asset in your toolbox.
We have not experienced any issues with availability which is very important when you are dealing with a company that holds the keys to the gate. We have had more issues with availability from our SaaS providers before with authentication but that was on their end. YubiKey has worked every time for us over the course of the last 6 or so months we began testing phase.
We have not seen any lag in loading pages and getting into systems or sites. In comparison to other 2FA and MFA options it is actually faster most of the time to authenticate due to not having to type in. We require users to have long passwords and when there is an option given for password less they jump on it with excitement. As we explore going password less on their PC's the YubiKey is going to make their lives a lot easier to access the resources they need.
LastPass is part of the essential lifeblood of our operations. It's so immensely necessary and useful that I can't imagine doing my job without it. The peace of mind it delivers along with convenience and the constant updates to the latest and greatest features make this product all around amazing. I can't recommend it enough.
Educating users on password management and the basics of the solution is key to then have them successfully start using it themselves. Many have taken it further and now use it for personal passwords as well.
I figured it all out on my own with the excellent product documentation provided by Yubico. I even managed to produce a backup YubiKey in case I lost my frequently used one. This was crucial when I temporarily lost the original.
The has been the first and only password management software that I have used so far, and haven't found a need to change it. I have seen promotions for other software like Roboform and Dashlane but have not had the desire to test how these work because I'm comfortable using Lastpass.
Yubico YubiKeys has been a leader in the security key market, and I think they have a new product we just read about two days back and they can store up to a hundred private keys now. So I think this is what it distinguishes them from the market, apart from this, whatever features we need personally and for our customers. So they provide all those features, but versus the other brands.
It has been really helpful to be able to evolve how we use LastPass as we grow and change departments, add departments, add personnel, and levels of security. Having some flexibility has been great to get us what we need and not have to change platforms, which for a growing company is always a pain.
For us I feel like the ease of deployment has made this product very appealing, overall this will make the scalability very easy for us to push out once we roll out to our users and the management tools that we have looked at will make the admins like me happy as it is clear and easy to use. The rollout process looks to be very straight forward from the demos that we have looked at regarding the enterprise tools.
Mitigating MSP compromising is the biggest thing. We have not had a breach before LastPass for Business, and certainly not since. Many MSPs get compromised due to recycled passwords and having them stored insecurely.
Another positive is that we are a reseller. When we see a client using autofill in a browser, which is insecure, we can offer them this solution, and being users ourselves, helps with the selling points.
When onboarding new employees, being able to add them to LastPass for access already conditions them that this is the only way to manage passwords for our customers. This mitigates, if not fully eliminates, the possibility of security breaches.
I think it's the flexibility in being able to let users pick the type of authentications that they want to use. Some are comfortable with the touch device on the physical Yubico YubiKeys. Others prefer the mobile app. So it provides flexibility for our users to choose how they want to authenticate without running a file of our security requirements.