LastPass

LastPass is solid for password management but alternatives exist 1Password has cleaner UX, Bitwarden is open-source and cheaper. LastPass Business starts around €6/user/month. The free version works for individuals but teams need paid plans for sharing and policies. Compared to password spreadsheets (don't), LastPass is essential. Compared to 1Password, LastPass has broader features but some find 1Password's interface friendlier. If you're currently sharing passwords insecurely, any password manager is an improvement. LastPass works reliably, integrates broadly, and handles enterprise needs. The platform had a security incident in 2022 (disclosed responsibly) which made some teams switch to alternatives. Solid choice if security and team sharing matter.

LastPass remains a practical choice for B2B marketing teams that need to share passwords safely and efficiently. It excels in core functionality: storing credentials securely, auto-filling them across sites, and making it easy to manage access for multiple users. For busy teams juggling dozens of tools from AdWords to analytics dashboards LastPass can significantly cut down the time spent recovering or resetting passwords. It encourages good security habits as well, since team members can generate unique, strong passwords without having to remember them. In daily operations, this means fewer login hassles and less likelihood of dangerous shortcuts like reusing passwords.

There are clear strengths that make LastPass a compelling tool for growth-focused teams. Collaboration is safer and more streamlined; you can share a login with a colleague or external consultant in seconds and decide whether they can see the password or just use it. This is especially useful when working with freelancers or agencies on campaigns you maintain control over your accounts. The platform is also broadly compatible, with browser extensions for Chrome, Firefox, Edge and others, plus mobile support, so everyone on the team can use it on their preferred devices. In practice, once set up, LastPass runs in the background and integrates into your workflow with minimal disruption. It also offers helpful extras like secure notes and form-fill profiles, which some teams use to store Wi-Fi passwords, credit card details or other sensitive info needed for marketing operations.

However, no review would be honest without addressing LastPass’s limitations and recent security issues. The 2022 breach was a serious blow to its reputation hackers obtained encrypted vault data, and by late 2024 attackers had reportedly stolen over $12 million in cryptocurrency from LastPass users as a result. While the vaults were encrypted, this incident highlighted that if a user’s master password is weak or reused elsewhere, even encrypted data can be compromised. LastPass has since increased security measures and communication, but the breach serves as a reminder that a password manager is not a set-and-forget solution. Teams using LastPass should enforce strong master passwords and enable multi-factor authentication on their accounts to mitigate such risks. The company’s breach response and transparency were also criticised by some, which might concern organisations that prioritise security above all else.

In comparison to other password managers, LastPass sits somewhere in the middle of the pack. It offers a very full feature set and a convenient free tier for personal use, but its Premium and Business plans come at a moderate cost. Some competitors like Bitwarden have gained popularity for being open-source and having a cleaner security record, and 1Password is often praised for its user interface and robust family/team sharing experience. If your team highly values open-source credibility or a sleek UX, those alternatives might be worth a look. That said, LastPass still gets the job done for countless businesses, and many teams stick with it for its balance of usability and features. It is best suited for organisations that need an easy-to-implement, widely supported password manager to improve their security immediately especially if they are moving up from insecure practices like shared spreadsheets. In scenarios where top-notch security assurance is crucial (e.g. managing ultra-sensitive data), leadership might lean toward other solutions, but for everyday marketing operations LastPass strikes a practical balance.

Bottom line: LastPass can be a valuable addition to a growth team’s toolkit, providing an immediate upgrade in security and convenience. Just go in with eyes open about its recent history, enforce good security practices internally, and it will significantly reduce your password management headaches.

Onboard your team to LastPass

Start by selecting a LastPass business plan (Teams or Enterprise) that fits your organisation’s size. Create your company LastPass account and use the admin console to invite each team member using their work email. Make onboarding simple: explain to your marketing team why the tool is being adopted and how it will protect client and company accounts. Encourage everyone to install the LastPass browser extension and mobile app so they can access the vault wherever they work.

Organise shared vaults by project or role

Structure your LastPass vault in a way that mirrors your team’s needs. Set up shared folders for different functions or client projects for example, one folder for social media logins, another for SEO tools, and so on. Add the appropriate passwords to each folder and assign team members to them based on their role. This ensures each person only sees the credentials relevant to their work, reducing clutter and exposure. It also makes it easier to review and update credentials in one place when something changes.

Enforce strong security policies

As an admin, establish clear security requirements from day one. Every user should create a long, unique master password for their LastPass account (a passphrase they don’t reuse elsewhere). Require all team members to enable multi-factor authentication on LastPass for an extra layer of protection this significantly reduces the risk of an account takeover. In the admin settings, you can also set policies like timeout periods (so vaults log out after inactivity) and minimum password length/complexity for stored credentials. Periodically use the LastPass Security Dashboard to audit for weak or reused passwords and prompt your team to update them. Building these habits and policies will fortify your password management against threats.

Enable MFA and monitor password hygiene

Make two-factor authentication mandatory for your team’s LastPass logins, using an app like LastPass Authenticator or Google Authenticator. This means even if someone’s master password is stolen, attackers cannot get in without the second factor. Regularly check the Security Dashboard or equivalent report for any red flags (such as duplicate passwords or accounts involved in known breaches). By keeping an eye on these and coaching team members to fix issues, you maintain a strong security posture over time.

Collaborate confidently with external partners

When working with freelancers, agencies, or clients, leverage LastPass to share access securely instead of sending passwords over email. If an external partner needs to log into a system, add their email as a LastPass user (you can use a free account for them) and share the specific password or folder they require. Crucially, use LastPass’s option to not allow viewing of the password, so the contractor can use the login without ever seeing the actual credentials. This keeps your account details confidential. You can also set an expiration or reminder to revoke that share when the collaboration ends.

Share passwords and revoke access when needed

Use the Sharing Centre in LastPass to manage what you’ve shared externally. For each contractor or partner, grant access only to the credentials they need, and remove access as soon as their work is done. LastPass makes this easy with a click you can update a shared item or immediately stop sharing it, which automatically blocks the other party’s future access. This way, you retain full control. Always update critical passwords after a project if they were shared out, as an extra precaution. By routinely revoking and updating, you ensure that outsiders never retain long-term access to your accounts beyond their necessity.