As a LastPass admin you have over 100 policies at your fingertips to tailor LastPass to your needs. These policies allow you to customize your password security standards and set requirements for your employees. Do you want to require two-factor authentication? There’s a policy for that. What about setting password strength requirements? You can do that, too.
Any admin can review and set policies. Simply go to the admin dashboard underneath the “Settings” tab. From there you can add and edit policies.
With over 100 policies, where should you begin? Let’s start with three that you should make sure to turn on today.
Name of policy: “Prohibit Sharing Except for Shared Folders”
One great feature of LastPass is the ability to share login credentials. If a particular team or department has a set of accounts they need to share access to, it’s easy to set up a folder with those accounts and share access to that folder.
We recommend you restrict password sharing to shared folders. By doing this, admins can see what employees are sharing. With this policy in place, employees can still create a shared folder, put in the relevant sites, and share it with their team. But now that the “Prohibit Sharing Except for Shared Folders” policy is turned on, admins can see that this share occurred.
Linking personal accounts
Name of policy: “Recommend of Require Linked Personal Account”
LastPass allows users to link their personal account to their enterprise account. When accounts are linked, the user views all their login credentials in one vault making it easy and convenient to access all passwords in a single view. Additionally, if the user were to leave the organization their access to their enterprise account would be removed and they would only have access to their personal account.
This is a great way to build adoption and usage of LastPass. The more they use it, the better! By using it for their email, social media and shopping accounts, it gets them in the habit of using LastPass and helps them see and understand the value more quickly.
If you select “Recommend Linked Personal Account” the user will be asked if they want to link their accounts when they sign up. If you select “Require Linked Personal Account” it will require them to do so.
Name of policy: “Require Multi-Factor Authentication”
Requiring your employees to use multi-factor authentication (MFA) adds an additional layer of security – requiring employees to validate their identity with an additional piece of information beyond their username and password. And with all the recent breaches, it’s more important now than ever. We encourage admins to enforce MFA wherever possible in the workplace, such as with single sign-on, user directory, and any other sites that allow for it. And LastPass is no different.
LastPass integrates with many different types of MFA services, including smart-phone based apps, software-based services and hardware tokens.
To set this up, see full instructions here.
These three policies are a great place to start to increasing your company security while also making LastPass easy to use for your employees!