LastPass Insider: Seamless Security Starts Here

Welcome back to LastPass Insider, our quarterly features update, where you’ll get an inside look at what’s new with LastPass – across both Business and Consumer product offerings – and what’s coming soon to the world of password management.    2022 keeps going from strength to strength, and this past quarter, LastPass has been hyper focused on improving ease of use for all customers.  So, whether you secure your business with LastPass or use it to keep your personal or family’s credentials safe, read on to learn more about what you can explore today, and what’s just around the corner.  

In case you missed it

Didn’t get a chance to read the last Insider? Curious about all the new features launched in the first half of the year? Check out the last post here. Need the rundown right now? Read on for some particularly bright spots from a busy start to 2022: 

• Lower your cyberinsurance premiums 

Cyber insurance policies provide financial coverage for a cyberattack and help companies understand and implement industry best practices. Learn how to lower your cyberinsurance premiums here. 

• Integrate with Ping Identity

LastPass now offers two new identity provider integrations, PingOne for Workforce and Ping Federate, providing users a seamless login experience. Learn more here. 

What’s new and available now

If you use LastPass for your business:

• Passwordless login to the LastPass vault 

Your employees can now login to their LastPass account without a password, through the LastPass Authenticator. Admins can control this feature through the new “allow passwordless login” policy. LastPass is actively building FIDO2 compliant components and will support additional authentication mechanisms soon. Passwordless is possible!  Read more about passwordless login to the vault or speak with a LastPass representative to understand if passwordless fits into your cybersecurity strategy. Pro tip: This simplified login experience decreases password-related friction for employees, providing a seamless login experience, driving adoption and improving overall password hygiene at your business. 

• Dark Web monitoring reporting 

Adding to the latest Dark Web policy for Admins that was released late last year, you now have greater insights into your end users’ Dark Web Monitoring alerts. Admins can view which users have Dark Web alerts, ensuring accountability when it comes to breaches of sensitive company data.

• Exclude passwords from security score

With the release of a new end user feature that allows users to exclude passwords from their security score, Admins can enable or disable this feature for their organization. The new policy provides Admins greater control over an employee's ability to exclude individual passwords from their security score within the vault and, consequently, alter their security score calculation.  The policy also allows Admins to exclude passwords with a specific domain. If an Admin enables a domain restriction in the policy settings, any end user items with that domain in the URL field will be automatically excluded from the security score calculation. End users will not be able to include these items, however, they will be able to exclude/include other passwords outside of the domain restriction. 

• Workstation MFA for macOS and Windows

With the new Workstation MFA updates, admins can now enjoy MFA protection on privilege escalations for Windows and prompt users for MFA when connecting remotely to a desktop on macOS.  If you use LastPass to secure your personal credentials:

• Passwordless login to the LastPass vault 

You can now login to your LastPass account without entering a master password on trusted devices, using the LastPass Authenticator. LastPass is actively building FIDO2 compliant components and will support additional authentication mechanisms soon. Go passwordless today!

• New and improved save & autofill (iOS Safari Extension on Mobile)

LastPass’s new infield save and autofill for iOS Safari Extension experience enables you to create and save credentials directly within a site’s form field on an iPhone or iPad. It directly saves to or fills from your LastPass vault without ever opening your mobile vault. Simplicity achieved! Turn on autofill today! Pro tip: Admins should note this simplified experience will drastically improve the ease of use for employees on mobile devices (specifically iPhone and iPad). 

• Password strength alerts in vault

While you’ll always have access to your Security Dashboard, your LastPass vault now includes a badge highlighting any vault item that has a weak, reused, or breached password associated with it. This provides you with increased visibility of your account security, so you can address issues more quickly and consistently.

• Exclude passwords from security score 

You can now take more control over your Security Score by excluding individual passwords in your vault from the calculation. This action can be done within your Security Dashboard for items that are flagged by LastPass but should not adversely affect your score.  Pro tip: Don’t use this feature to simply increase your score, but strategically exclude passwords that may be duplicative based on an account setting.

• Updated Import flows for passwords

This feature allows for quicker and easier setup of LastPass by prompting you to import passwords from another password manager, then guiding you through the process with a refactored import flow.

Keep an eye out for what’s coming soon

If you use LastPass for your business:

• Expanded and new SIEM integrations

SIEM integrations ensure full visibility into your network so that you’ll be able to respond to threats in real time, including improved native reporting and coverage of events. They will expand upon the existing Splunk integration while adding an Azure Sentinel integration. 

• OneLogin Federation integration

LastPass integrates with all identity providers, including OneLogin, and your employees will soon be able to federate with OneLogin too. This means employees will be able to sign in to LastPass using their OneLogin credentials, no separate master password required.

• Secondary Onboarding for business end-users 

LastPass web and extension vaults will guide your employees through critical steps to help set up their LastPass account. These steps include adding their first password, sharing a password, trying autofill, and more. This will be automatically displayed for any new users (<30 days). Admins can choose to turn this policy off (or on again), depending on onboarding goals. 

• Passwordless Option to your Workstation

LastPass is continuing the passwordless journey and removing the password for Workstation login. Simply log in to your Workstation with the LastPass Authentication app – no need to enter your password!  If you use LastPass to secure your personal credentials:

• Save & autofill (Chrome & Firefox Expansion)

LastPass will deploy the latest iOS infield save and fill experience detailed above across more devices and web browsers – and Chrome and Firefox are up next! Look forward to this updated experience soon. Like this Insider look into LastPass? Be sure to check out our on-demand webinar, featuring our very own LastPass experts.  As for us, we’ve got lots of new features to work on for next time. See you then!