LastPass Features

Authentication Options (6)

Authentication User experience: Process of providing credentials and logging into multiple systems is easy and intuitive for users
Supports Required Authentication systems: Supports required 3rd party Authentication Technologies. Example systems: bioMetric, passwords, key cards, token based systems, etc.
Multi-Factor Authentication: Provides support for Multi-Factor authentication, so users are required to provide multiple factors to authenticate. For example, something they know, Something they have or something they are.
Supports Required Authentication Methods/Protocols: Support SSO via Web agents, proxy agents, agent-less, SAML or oAuth and WS-Federation authentication and authorization Web services depending upon the application and business use case
Federation/SAML support (idp): Can serve as the identity provider to external service providers so that when the user logs into a service, instead of providing credentials to the service provider, the service provider trusts the identity provider to validate the credentials.
Federation/SAML support (sp): Can serve as the Service provider from an external service so that when the user logs in externally they have seamless SSO to internal applications from a service provider.

Access Control Types (4)

Local Access: Controls access to legacy applications, web based applications, network resources and servers while employees are on the companies local area network.
Remote Access: Controls access to legacy applications, web based applications, networks resources while employees are outside the local area network.
Partner Access: Controls access to users that are not company employees that are either within the companies local area network or outside the network
Supports BYOD users: Enables users to use their own device to access company applications.

Administration (12)

Ease of installation on server: Installation process is easy and flexible.
Password Policy Enforcement: Options for resetting and enforcing password policies
Administration Console: Provides Administration tools/console that are easy to use and learn for routine maintenance tasks
Ease of connecting applications: Easily provisions new systems, platforms or applications using configuration and not customization.
Self Service Password Administration: Users can set, change passwords without interaction from IT staff
Encryption: Encrypts all data transfers using end-to-end encryption.
Audit Trails: Provides audit trails to monitor useage to reduce fraud.
Regulatory Compliance: Complies with regulations for strong customer authentication such as KYC, PSD2, and others.
Bi-Directional Identity Synchronization: Keep identity attributes consistent across applications whether the change is made in the provisioning system or the application.
Policy Management: Enables administrators to create access policies and applies policy controls throughout request and provisioning processes.
Cloud Directory: Provides or integrates with a cloud based directory option that contains all user names and attributes.
Application Integrations: Integrates with common applications such as service desk tools.

Platform (7)

Multiple Operating system support: Supports Endpoint access control to multiple operating systems
Multi-Domain Support: Allows user authentication to be honored by all the hosts in two or more domains
Cross Browser support: Support access to browser based applications across required browser types
Fail over protection: Provides required failover mechanisms to ensure if one server, network, etc fails users are still able able to authenticate
Reporting: Contains pre-built and custom reporting tools to required to manage business
Auditing: Provides mechanism for auditing authentication for trouble shooting purposes.
Third Party Web Services support: Can call and pass credentials to third party web services.

Authentication type (8)

SMS-Based: Sends a one-time passcode (OTP) via SMS.
Voice-Based Telephony: Provides a one-time passcode (OTP) via voice-call.
Email-Based: Sends a one-time passcode (OTP) via email.
Hardware Token-Based: Supports hardware tokens, which are often USB-sized, fob-like devices that store codes.
Software Token: Offers software tokens, which are applications installed on a mobile phone, wearable devices, or desktops and generate time-based one-time passcodes (TOTP) that a user can easily copy. Software tokens work both online and offline.
Biometric Factor: Allows biometric factors such as fingerprints, faceprints, voiceprints, or other biometric information to be used as an authentication factor.
Mobile-Push: Offers mobile push authentication, which is a user-friendly method that does not require a user to copy a code, but rather accept or deny an authentication using a mobile application. Mobile push authentication only works when a user is connected to the internet.
Risk-Based Authentication: Analyzes users' IP addresses, devices, behaviors and identities to authenticate a user.

Functionality (14)

Multi-Device Sync: Allows the use of tokens on multiple devices. This feature can also be turned off if the user does not want this.
Backup: Offers encrypted backup recovery stored by the vendor.
FIDO2-compliant: Offers FIDO2-enabled authentication method
Works with hardware security keys: Works with hardware security keys
Multiple authentication methods: Offer users multiple ways to authenticate including, but not limited to: mobile push on trusted devices, FIDO-enabled devices, physical security keys, keycards, smart watches, biometrics, QR codes, desktop app + pin, and others.
Offline or no-phone solution: Offers solutions when users are offline or do not have access to a mobile phone.
Monitoring - Deep Web: Monitors select keywords on the deep web, which are non-indexed parts of the internet not available on the surface web.
Monitoring - Dark Web: Monitors select keywords on the dark areas of the web, which are only accessible via Tor and I2P, such as illicit marketplaces and dark forums.
Analysis: Provides context around identified information, including historical threat data, threat location data from geotags or inferred data, threat actors names, relationships, URLs, and other relevant information to conduct further investigations.
Ticketing: Integrates into ticketing or CRM platforms via API integrations.
Simple Search: Search through real-time and historical data without using technical query language.
Leak Source: Provides additional context and analysis to help identify the source of leaked information.
Centralized Dashboard: Offers a centralized dashboard to monitor, collect, process, alert, analyse and search through data flagged by the software.
Real-Time Alerts: Enables real-time alerts and reporting through push notifications in a mobile app, email, or sms alerts.

Usability & Access (5)

Quick Login: Expedites user logins using methods like a master password or password autofill.
Browser Extension: Integrates the tool with your browser for easy use.
Mobile App Usability: Integrates with your mobile device for use on mobile apps.
Multi-Device Use: Enables user to use the tool across multiple devices.
Admin Management: Allows an employer or administrator to manage employee access.

Security Measures (3)

Password Generator: Generates passwords for each of your logins.
Two-Factor Authentication: Provides extra security by requiring an extra for of verification in addition to a password.
Security Audits: Analyzes and evaluates the quality and variety of your passwords.

Storage (2)

Integration (4)

Uses Open Standards: Connections use open standards such as SAML or RADIS.
Mobile SDK: Offers developers a mobile software development kit to seamlessly add biometric authentication into their applications.
Workforce Authentication: Integrates with identity and access management (IAM) solutions to manage workforce authentication.
Customer Authentication: Integrates with customer identity and access management (ICAM) solutions to manage customer authentication.