LastPass
ZDNET's key takeaways:
The LastPass plug-in can now prevent access to unapproved SaaS apps.
Feature extends plug-in's monitoring of SaaS access attempts.
Passkey authentication coming by month's end -- not yet supported.
Earlier this year, LastPass announced it was adding the ability for administrators of its password management solution to monitor employee usage of SaaS or web-based applications. Today at the Black Hat security conference in Las Vegas, the company announced it has extended those monitoring capabilities so administrators can set policies that warn or obstruct users during attempts to authenticate with unapproved SaaS applications.
The new SaaS Identity and Access Management (SaaS IAM) capabilities will be available by the end of the month to customers of LastPass's Business Max tier (currently $9 per user per month) at no additional cost. The Business Max tier already includes the monitoring capabilities.
According to LastPass chief product officer Don MacLennan, the new SaaS app access management capability makes it possible for LastPass administrators to allow, warn, or block users from accessing certain SaaS apps. Accurate detections of SaaS app access attempts are based on the presence of the LastPass password management browser plug-in, regardless of which web browser the end user is using.
Also: The best password generators of 2025: Expert tested
Password management plug-ins (from LastPass as well as other password management solution providers) are typically afforded some of the most far-reaching permissions once they're installed in a browser. They can not only inspect the content of any web page that users visit in their browsers; plug-ins can also alter the appearance of web pages and essentially take over the entire user experience.
... continue reading