LastPass Security Issue

[DanielPatrick]

We are using LastPass to save all our passwords. However, it seems that when you log into LastPass and try to enter a website, it will ask if whether you want to save the password in the web browser. It also gives you the option to save the password on the cloud if you're using Mac OS which doesn't make sense because we should be protecting the passwords and not keeping them cached (saved) in the browser. If for example, someone leaves the company, we would need to change each and every credential that particular user had access to.

Therefore, what do your company use to save passwords? Is there something we can do in order to eliminate it because it makes LastPass vulnerable?

 

[beers]

Why don't you use AD integrated authentication? Someone leaves the company, you deactivate their account and it disables them from logging into everything.

 

[Agent Smith]

I personally use Keepass. It's not cloud-based which is just asinine. Have your employees backup the keepass database to CD or thumbdrive periodically.

Once you have Keepass, you can use this integration, but you don't have to. https://github.com/pfn/passifox

 

[Agent Smith]

Why don't you use AD integrated authentication? Someone leaves the company, you deactivate their account and it disables them from logging into everything.

Not even gonna bother pointing out what's wrong with Azure and the cloud other than what I said.

 

[beers]

Not even gonna bother pointing out what's wrong with Azure and the cloud other than what I said.

Eh? I figured you would emphasize low hanging fruit like 'nobody in a business environment should use shared logins'.

I too would avoid placing all of your credentials in a cloud environment. LDAP/SAML/SSO integration removes the entire reason to share things like LastPass between users when you have federated services.