LastPass vs CyberArk - What are the differences?
You can eliminate the stress of creating and trying to remember dozens of passwords by using a password manager. UW–Madison offers two solutions—LastPass Enterprise and CyberArk—that can help you stay safe online with your personal and IT admin accounts.
LastPass Password Manager - LastPass Enterprise (Source: it.wisc.edu) is a DoIT-supported enterprise password manager. offers basic vaulting functionality, storing secrets and permitting some basic sharing. It’s primary value add is the ability to use a different password for every system or website where someone uses different logon credentials. UW-Madison has an enterprise license and all faculty, staff, and students are eligible for the service. It provides a secure, convenient, easy to use platform to store your:
- Personal and work-related login credentials for the websites and apps you use
- Important documents, such as your passport, driver’s license, etc.
- Payment information for online shopping and bill paying
LastPass works across multiple platforms and devices, including Windows, Mac, Linux, Android and iOS.
CyberArk Privileged Access Manager - CyberArk (Source: it.wisc.edu) is geared toward IT administrators and provides Privilege Access Management (PAM) functionality and controls for users, accounts, processes and systems at UW–Madison. It provides automated management capabilities to help eliminate manual, time-consuming processes, allowing IT administrators to work more efficiently. CyberArk offers advanced account management functionality, including check-in/check-out or request/approval workflows, detailed auditing of secrets access, session recording, and the ability to manage passwords (i.e. rotating a credential in Active Directory on a set cadence or when it is checked back in). It is currently integrated with campus Active Directory and supports integration with a wide variety of systems. Our CyberArk instance is hosted on-premise in DoIT datacenters. CyberArk requires each user to have their own license to access the tool. Licenses are roughly $800 per user up front plus an annual 20% maintenance fee.
The Office of Cybersecurity provides onboarding and training to help vault credentials and validate integrations to effectively use the tool.
| Feature / Tool | CyberArk | LastPass |
|---|---|---|
| Target users | IT Administrators; Users with highly privileged access | Everyone |
| How do I login? | NetID | NetID or Master Password |
| How do I connect to the service? | Requires user to be on campus network or WiscVPN | Requires internet connection |
| Where is the tool hosted? | DoIT Data Centers | LastPass Data Centers |
| Is there logging? | Detailed | None or limited |
| Advanced Features | Detailed sharing capabilities, request workflows, privilege session management, credential check out | Some sharing capabilities |
| Existing UW-Madison integrations | Campus Active Directory | None |
| Cost | ~$800 per user initially, 20% | Centrally funded by DoIT |
| Supported by | Cybersecurity and DoIT | Cybersecurity and DoIT |
Because of these difference in features and price, they each serve different needs. CyberArk is perfect for highly privileged accounts that need extra layers of security, such as detailed logging for external audits or where you want to significantly reduce exposure and thus the risk of compromise in a highly privileged environment. LastPass is good for individual users who store logins for lower risk systems or sites, such as social media.