• Post-acquisition, LastPass rolls out new version with more user interface bling

    January 13, 2016

    Business
     

    When LogMeIn acquired password management tool LastPass last year, many people were worried about what the deal would mean for users. I use LastPass myself to manage my hundreds of different passwords and I was a little worried that…

  • LastPass gives its mobile password manager away for free

    August 11, 2015

    Business
     

    LastPass and its competitor 1Password are all about ensuring that users have safe and secure passwords across all of their services. At the moment, those without fantastic memories have a couple of options when it comes to passwords. Firstly,…

  • LastPass Password Manager Hacked, The Perils Of Having All Eggs In One Basket?

    June 15, 2015

    Business
    , , , , , , , , ,
     

    As modern internet users, one pain point that hasn’t yet been resolved is that of passwords. With all of us using a myriad of different websites and applications, using and remembering many secure passwords is difficult. Many people revert…

  • LastPass Demonstrates Impeccable Crisis Handling

    May 12, 2011

    Business
    , , ,
     

    By now it’s old news – password service LastPass (possibly my favorite app of all time) noticed some unusual activity from their logs and went into the highest levels of DEFCON, contacting all its users (myself included) and forcing…

  • LastPass – So Good I’ll Dismiss Any Concerns

    February 16, 2010

    security
     

    I spend a significant amount of time online – and do so using a myriad of online services – from accounting to banking, from email to my various blogs, from e-commerce sites to airline services – I live in a world of usernames and passwords. Like others I tend to have a few variations on a theme with passwords, an exceptionally risky, yet pragmatic response to login hell. So when I find a solution that takes care of all my password woes, remembers them for me, suggests tem for me and does a bunch of other stuff, even between different computers, I start getting pretty interested.

    So it was that I recently stumbled across LastPass, a SaaS solution that promises to be “the last password you’ll ever remember”. LastPass combines a really well-designed web service with browser add-ons for the majority of browsers and also throws in support for most mobile handsets as well. Across all devices and browsers, LastPass remembers your password, give advanced features such as automatic form filling and password generation, and keeps everything secure and tidy.

    If I step back and think for a minute, I could get concerned about one web service (and a free one at that) holding all the passwords to my digital life, but LassPass is just so good I’ll take some faith from their security and technology disclosure page and keep on using it. After all it’s better than using the name of my first born child for every single web site and service I use!

    There’s the odd thing I’d like them to deal with, so in that spirit here is my wish list:

    • Integration with chrome for automatic password generation and form-filling
    • Native integration with the windows mobile web browser
    • Support for multiple passwords for sites (I have three internet banking log ins)
    • Support for two factor authentication devices (and preferably the ability to use one TFA device for all sites – which would require by in from third parties but still..)
    • Charge a little for all versions – people feel more secure when they pay for a service!
    CloudAve is exclusively sponsored by

  • Joinesty wants to keep your email secure, no matter how many dodgy services you sign up for

    November 2, 2017

    Business
     

    We’ve all done it, right? Gone to an interesting looking website and signed up for a free account for some exciting (or so it seemed) new service. Five minutes later, we decide the service isn’t quite so exciting and…

  • Yubico-making 2FA even easier

    October 6, 2017

    Business
     

    Security – we know we need it, but sometimes it’s just too hard. In the ever-escalating war between technology vendors and bad actors, the playing field is skewed because the most secure approaches are often the most difficult to…

  • Easing Password Hell – Key To Living Online Life Safely

    January 3, 2013

    Business
    , , , , , , ,
     

    As we all use more and more different services and applications in our personal and work lives, password management becomes ever more of an issue. It’s staggering the number of times I’ve had to gently make people aware of…

  • On Single Sign-On – On Prem vs Cloud

    September 30, 2010

    Business
    , ,
     

    I’ve often posted about a company saying that they’re in a space that is hot right now. It seems that in all directions competition is hotting up and things are getting busier. Single sign-on is one of these areas…

  • OneLogin – Single Sign On for the Enterprise

    April 6, 2010

    enterprise, Product reviews
     

    After my recent post about LastPass,  Thomas Pedersen, a Zendesk alumnus and founder of SaaS password management tool OneLogin flicked me an email with an invitation to try out their product. OneLogin works via a browser extension which effectively pastes the credentials into your application and logs you in. OneLogin supports all major browsers – IE, Chrome, Firefox and Safari.onelogin

    Using OneLogin is simple – you click on the extension, and you’re presented with a dashboard displaying all the applications you have access to. From there you simply click on the particular app you want and it logs you straight in. For even higher level protection, you can use two factor authentication with a yubikey. And, unsurprisingly considering it’s enterprise focus, OneLogin supports Active Directory and LDAP

    apps OneLogin supports a huge number of apps – and more are being added all the time based on customer demand.

    For organizations that use a number of SaaS apps, OneLogin gives administrators the ability to centrally manage application access for their users.

    Of course OneLogin can only be used (out of the box) with the applications it’s currently integrated with, I put this to Pedersen, suggesting that tools like LastPass would lessen the broad appeal of OneLogin. His response:

    LastPass (saw your post by the way) is definitely consumer and doesn’t address many of the issues we do. The big difference is that OneLogin deals with apps as structured entities that have logical properties (such does this app support SAML? Does this app support OpenID? Do we require an extra auth step for this app?), while LastPass is still just a form-filler.

    I went on to suggest that the recently announced Google Apps Marketplace, with it’s out of the box SSO offering, would also eat into OneLogin’s addressable market. Again Pedersen countered with an argument saying:

    I think it’s natural to conclude as you did, but I don’t think SSO is really Google‘s focus. It’s just something that makes their marketplace work better… there are many apps that will never be on Google’s marketplace and we provide functionality that they don’t. Many of our customers use 15-25 different apps, most of which will never be there.

    Pedersen went on to name a slew of use-cases that Google’s Marketplace approach would not work for:

    • Multiple logins to the same app (we have customers with multiple different logins per app)
    • Shared logins (for FedEx, GoToMeeting, Twitter etc)
    • Active Directory integration
    • Integration with in-house, behind-the-firewall apps
    • Two-factor authentication
    • SAML

    Anyway – as a service OneLogin works fine. For my own use LastPass suits me fine but remember that I’m not an enterprise user – those working with large numbers of users that need lots of apps provisioned at once, and attracted to a central application dashboard would do well to give OneLogin a look over – the fact that it can be used with on-premise applications really plays into the hands of it becoming a powerful complete application management offering.

     Update – Scott McMullan from Google contact me to clarify that:

    Marketplace apps that SSO to Google Apps using OpenID DO work in the following scenarios:
    1) company is using LDAP/Active Directory (this is because Google Apps supports SAML integration in to these dirs, which the Marketplace apps then “pick up for free”)

    2) SAML (see above) 

     

     

     

    CloudAve is exclusively sponsored by