Cynch Security

View Original

Getting started with LastPass Teams

One of the first things we suggest new Cyber Fitness members look at is a password manager. LastPass is a popular password manager used by many, but getting LastPass Teams setup can be a bit confusing. Let’s go through the process starting with signing up for a LastPass trial all the way through to getting your team setup.

Is LastPass Teams any good?

Before we start loading all your critical business passwords into LastPass vaults, we should probably figure out if its a secure place to keep them all. While LastPass isn’t perfect, they have invested significantly in the security of their platform (as you would hope!) and approached in the right way it can safely play a key role in protecting your business.

The biggest concern we hear from those new to password managers is “is it safe to store all my passwords in the same place”?

Are password managers safe?

For a password to be considered secure it needs 3 things:

  1. Length: 8 characters or more

  2. Complexity: The random the letters, numbers and special characters the better

  3. Uniqueness: Something new that can’t be learned from elsewhere

While the combining all these elements will give you something strong, good luck remembering more than a handful of them. Without a password manager most people will reuse passwords across multiple sites or store them somewhere insecure (e.g. in a spreadsheet or document). Compared to the alternative Password Managers are a much safer option, protecting the bulk of your accounts with a single super strong password.

In a small business this problem is made worse by the need at times to share passwords and make sure everyone is doing the right things.

Is LastPass Teams secure enough?

LastPass offer businesses a couple of ways to manage passwords amongst their teams. If you’re just after a secure place to store passwords and share them safely amongst yourself LastPass Teams is a great place to start.

LastPass Enterprise could be a better fit for businesses that:

  • Need or want to have more control over how passwords are used

  • Are larger, typically with 50 or more in their team, or

  • Already manage accounts in something like Active Directory

Setting up LastPass Teams

Setting up LastPass Teams in for your business will give you access to a few key features beyond simply encouraging everyone to install LastPass for themselves:

  • Visibility of who in your team is using LastPass

  • A place to store and track shared passwords

  • Control over some security features

  • Activity and security reports across your team


Starting a LastPass Teams trial

Before you commit all your passwords and your team to LastPass, its a good idea to give it a try first to make sure you’re comfortable with how it works. LastPass give you 14-days to try LastPass Teams for free. When you’re ready you can kick it off on their website using the button below.

Signing up is pretty straight-forward:

  1. Enter your email address and indicate how many in your team.

  2. Check your inbox for an email with the subject “Welcome to LastPass Teams” and click the Activate Your Account button.

  3. Copy the Activation code from your email into the form and then set a Master Password.

You Master Password will be used to protect your personal LastPass account including giving you access to LastPass Teams. Since this account will have access to a lot of sensitive data (e.g. the passwords used across your business) take some time to make sure its as strong as possible (long, complex and unique).

Configuring LastPass Teams Policies

Check your LastPass Teams Policy Settings

Your first look at the LastPass Teams dashboard will be pretty uninspiring since you haven’t setup any sites or invited any users. Before going too much further we suggest checking over the Policy Settings for your team.

  1. Expand “Settings” in the menu on the left

  2. Click on Policies

Some of the policy settings we recommend reviewing are:

  • Remember Master Password

  • Account logoff on browser close

  • Restrict sharing to shared folders

  • Prohibit export

  • Multifactor Authentication

  • Require any MFA option after grace period

  • Notify admins upon account recovery

You’ll be able to come back and change these policies later, but it’s always a bit easier to have them setup the way you want from day 1.

Get more tips on configuring LastPass Teams policies in our Cyber Fitness Platform

There isn’t much else to look at in the LastPass Teams dashboard at this point beyond inviting your team. If you’re keen, taking a look at the Reports area to see how User activity is tracked and what the Security report thinks about your account could be worthwhile.

Rolling our LastPass Teams

Activating your LastPass Teams account and setting up policies is an important first step, but to get the most out of the trial you’ll need to start using it yourself and encourage your team to kick the tyres on it too.

You can learn more about how to start using LastPass Teams securely across your small business inside our Cyber Fitness Platform.

Get step by step help deploying and managing LastPass Teams