Password managers have made it safer for small and medium-sized enterprises (SMES) to use passwords for access control by eliminating poor password management practices. That fact has not gone unnoticed by attackers, who have been actively targeting password managers to compromise security.
LastPass has been the subject of intense media scrutiny, which makes the broader dialog about password managers understandable. Evaluating alternatives is due diligence, because passwords are vital for access control and SMEs place significant trust into security solutions. This article outlines the differences between JumpCloud’s Password Manager and LastPass. It also examines how JumpCloud’s holistic approach to access control not only protects passwords, but also extends it to identities and the confidentiality, integrity, and assurance of IT assets.
JumpCloud Manages Access and Identities
LastPass and JumpCloud are fundamentally different solutions. JumpCloud is an open directory platform that unifies identity, access, and device management capabilities, regardless of the underlying authentication method or device ecosystem. JumpCloud authenticates users whether they use biometrics, digital certificates, passwords, or SSH keys.
The platform treats identities as the new perimeter, and password management is one element of that. Secure, frictionless access is fundamental for IT organizations, and is why JumpCloud ensures that every resource has a best way to connect to it. For example:
- Servers use SSH keys, which are more secure than passwords
- Passwordless certificates can secure RADIUS WiFi access
- Web applications use SAML and OIDC for authentication
- Conditional access rules for privileged access management
JumpCloud’s Password Manager is an integrated add-on to the platform that adds additional security and convenience around passwords. The potential for password reuse or weak passwords remains a security risk to any size organization. The architecture of Password Manager is decentralized, which is a departure from other password managers. That is a significant difference.
Why? Because It doesn’t rely on master passwords that are usually considered a weak point of cloud-based password management solutions. Customer vaults are stored locally, and are synced in an end-to-end encrypted manner through JumpCloud’s servers. This approach is different from how cloud-based password management solutions, including LastPass, function.
LastPass Mostly Focuses on Password Management
LastPass is a vault to protect the passwords you use for all of your devices and Web applications. LastPass’s essential function is in generating and saving passwords. LastPass generates passwords that are much stronger than ones that you would otherwise have to remember. The team and business editions of LastPass focus on:
- Eliminating password reuse
- Centralized password management
- Providing a vault to share notes
- Sharing credentials within the organization through groups
LastPass’s Cloud-based Architecture
Cloud-based password managers store login credentials in an online repository, which can be accessed from any device that has an internet connection. Users can access their password manager using a web browser or a dedicated app, and they can use it to store and manage their login credentials for their online accounts. A master password is usually required to administer the password manager account. Users are responsible for creating and managing these master passwords, which can become an area of concern for cyber security.
Weak and reused master passwords can easily be guessed which would compromise the password vault of enterprises. Phishing end-users is another area of concern as it allows hackers to potentially access enterprise vaults even when users are using strong and unique passwords. This is a major concern as phishing attacks continue to trend upwards.
The compromise of the cloud storage infrastructure of password management vendors (as reported in the news) can lead to malicious parties downloading the entire database of encrypted customer vaults, which gives hackers an infinite amount of time to try to access customer vaults by brute-forcing the master passwords of end-users (the design of hybrid architectures, detailed more below, significantly reduces the risk of this type of compromise). It is important to note that in this case, 2FA does not help protect customer vaults.
- Convenient end-user friendly features
- Available on multiple operating systems
- Offers enterprise features such as centralized admin controls and logging
- Password sharing capabilities between users
- Security relies on end-users to create, manage and remember strong master passwords
- Security relies on end-users trying to steer clear phishing attacks which are notoriously difficult to protect against.
- Password management service providers compromise can lead to mass exfiltration of encrypted customer vaults.
- LastPass doesn’t make the ability to manage identities widely available. Integrations with third party directories and LDAP, as well as reporting, are only available with the enterprise edition.
JumpCloud’s Decentralized Architecture
JumpCloud Password Manager’s decentralized storage architecture removes the need for users to create, manage, and remember master passwords. With the JumpCloud Password Manager, passwords are stored locally on user devices and are seamlessly synced in an end-to-end encrypted manner between different devices.
This approach is a hybrid between an offline password management solution and a cloud-based password management solution. It allows organizations to benefit from the same level of convenience that cloud-based solutions provide and offers enterprise features without storing vaults in the cloud. It also does not rely on user-generated master passwords.
- The same convenient, cross-platform features
- Ability to access the local vault using biometrics or a PIN
- No master password
- Local storage of credentials
- Applications available on all major platforms
- Centralized admin controls and vault visibility
- Password sharing between users and teams
- The ability to work standalone or integrate with JumpCloud’s open directory service without having to purchase a premium SKU.
- Potential for data loss in the case user devices are lost and automatically generated backups are not properly maintained.
Selecting a Password Manager
So, now that we’ve determined that password managers are one important critical part of an overall architecture to provide access, how do you pick the right one? This chart outlines important differences between LastPass’s cloud-based architecture and JumpCloud Password Manager’s decentralized solution.
|Feature||LastPass||JumpCloud Password Manager|
|Storage of passwords||The cloud||Local and automatically synced in an end-to-end encrypted manner across multiple devices|
|Encryption method||User managed master passwords||No master passwords|
|Centralized admin controls||Yes||Yes|
|Centralized admin visibility||Yes||Yes|
|Native integration with Cloud Directory, Single Sign-on (SSO) and MFA||No||Yes. The JumpCloud Password Manager is a part of the JumpCloud Open Directory Platform allows IT admins to centrally manage access across different types of authentication methods|
Protect Your Identities with JumpCloud
Password managers play an important role, but they are only solving one part of the problem of securely controlling access. Solutions don’t all work the same way and master passwords can be a security weak point. Point solution password managers generally do not manage access across every authentication method. A directory platform is necessary for “SSO to everything”, but not every directory service will provide unified identity, access, and device management.
The JumpCloud platform is free to use for 10 users and devices with 10 days of premium chat support. JumpCloud for MSPs extends its seamless access to resources to your customers. The Password Manager can be used as a standalone solution or with the full JumpCloud platform, which makes it possible for SMEs to adopt more of JumpCloud when they’re ready.