Zero Knowledge for Enterprise?

Customer forum for LastPass Enterprise

Moderators: admin, azitnay, anatoly_LP, chantieLP, JoeSiegrist, robyn

Zero Knowledge for Enterprise?

Postby oliver956 » Fri Nov 13, 2015 11:09 pm

I'm wondering if all the enterprise features are possible with a zero-knowledge encryption scheme. For example, enterprise allows you to get a report of the password strength of all employee passwords. But, if LastPass can't decrypt the passwords how can you know that? Similarly, LastPass can set up accounts and shut down accounts for employees on supported services. Isn't there a password or some kind of authentication token that LastPass then knows for these accounts?

I'd be grateful if someone could tell me exactly what the security model is for some of these features.

thanks,
Oliver
oliver956
 
Posts: 1
Joined: Sun Aug 17, 2014 1:34 pm

Re: Zero Knowledge for Enterprise?

Postby jpenny84 » Sat Nov 14, 2015 1:26 am

LastPass is not the administrator for enterprise accounts. I would encourage you to review the documentation to see how LastPass Enterprise works.

https://enterprise.lastpass.com/
jpenny84
 
Posts: 8632
Joined: Tue Mar 06, 2012 9:10 pm

Re: Zero Knowledge for Enterprise?

Postby AyaLP » Mon Nov 23, 2015 2:53 pm

oliver956 Wrote:I'm wondering if all the enterprise features are possible with a zero-knowledge encryption scheme. For example, enterprise allows you to get a report of the password strength of all employee passwords. But, if LastPass can't decrypt the passwords how can you know that? Similarly, LastPass can set up accounts and shut down accounts for employees on supported services. Isn't there a password or some kind of authentication token that LastPass then knows for these accounts?

I'd be grateful if someone could tell me exactly what the security model is for some of these features.

thanks,
Oliver


The security challenge is ran locally - as LastPass does not have user data to run the challenge on our servers. As you said, since we do not have user's encrypted data, this is not possible.
AyaLP
 
Posts: 125
Joined: Thu Sep 20, 2012 4:31 pm


Return to LastPass Enterprise

Who is online

Users browsing this forum: No registered users and 5 guests