I am an IT Manager considering the purchase of L.E. for a company of roughly 100 employees. One of the selling points presented in a recent webinar I viewed is that users will save time. LE logons on take roughly 1-2 second (when configured properly) versus 15 seconds per logon manually. When you average this across multiple logons per user per day, the service would soon pay for itself.
However, I am seeing one flaw in that assumption. That is, I do not see how L.E. would assist the user in signing in to their initial terminal session. For example, the L.E. portal is not available to the user until AFTER they login to their terminal session. Therefore, the user may still employ an insecure password, or struggle with multiple logon attempts and waste time, because their is no assistance to the user on their very first interaction with their workstation, the initial logon.
I am also looking to deploy thin clients in a Citrix environment and the same situation would hold true. The user could not use LE in any way to speed up or assist them in the initial logon process. My thought is I would have to utilize some other software and hardware such as bio-metric readers integrated with Windows or Xenapp login. This would securely authenticate the user with ease on their initial login and then they could use LE assuming Windows Login Integration was also enabled, which would automatically log the user into LE using their AD credentials. From that point forward, the user would benefit from LE, in my opinion, whenever they need to access another site or system requiring a logon.
Correct me if I'm wrong here, but I do not see where LE offers any type of support to the user during their initial terminal logon. It would seem that the time savings claim above is a bit skewed. I have personally witnessed users come to work in the morning and struggle for ten minutes trying to logon because they have forgotten their password, left the caps lock on, whatever. So it would seem this is an area LE might want to explore if this isn't already a feature.
I would appreciate any comments from the user community or Lastpass on this topic.