Showing results for 
Search instead for 
Did you mean: 

Enterprises helping Enterprises - Community Curated Action Plan List after Breach

Hello Follow Community members in Enterprise.


Considering we are absent a LastPass official generated action plan on what to take with our Enterprise/Business accounts, perhaps we take a moment to curate a Community built list of what we feel are the most important elements to capture in order to protect our customer accounts?


I'll get us started (I'm listing my actions below I have completed as a SuperAdmin):

  1. Pull a list of your users from your Admin console to find out their account creation date, current password iterations, lasspassid (which is one of only two places you can see it listed), account status
    1. OLD CONSOLE: You can find the last time they changed master password by going to Admin portal, Users, and to top right of "Add User" choose to export the user list you care to get information on.  
    2. NEW CONSOLE: You can find under Reporting the section "Security Reports", and a new report you will find there will be called User iteration Counts.  This is good as it is one of the only places you can see the original creation date of the user's account, the older accounts are more likely to have the smaller iteration counts than the newer ones.
  2. *OPTIONAL* OLD CONSOLE: Consider turning on Log Full URL in reporting so you can identify those sites which user may have put something non-URL related in there, or find sites with similar domains which should have a password reset completed on them by the end user.
  3. *OPTIONAL* Pull list of all Sites in user vault to identify elements most likely to be targeted to phish or breach and have them changed, whether or not they are protected by a 2FA/MFA challenge.
  4. Make sure geofencing has been turned on for your Enterprise (if applicable) or blocking of countries to which your users should never be seen logging in from.

Please feel free to suggest your own additions to this Community Curated Action Plan List.





Re: Enterprises helping Enterprises - Community Curated Action Plan List after Breach

Force users to change their MasterPassword if they have used it as a password for an entry in their vault.