Password Management Tools: LastPass Enterprise at UCI

Safe

LastPass Enterprise is available for UCI faculty, staff, and students to use. LastPass is a password management tool created to securely store usernames, passwords, and other data as well.

LastPass allows you to store your information in one secure location without needing to remember login information for a large number of accounts. The tool also offers the option to generate random passwords and to share them with others if needed.

For more information about LastPass and on how to sign-up, please visit the OIT LastPass Enterprise Informational Page.



What is a Password Manager?

Password Managers are software applications that store and protect all of your passwords in one secure place. They act as a virtual safe. They generate complex, distinct passwords for each of your accounts, and enters the passwords for you. The only password you have to remember is the one for your password manager.

Benefits of Using a Password Manager

Using a password manager removes the temptation to re-use passwords for multiple accounts, which is risky, or to use a really simple password like "12345," which is even riskier. It also means you no longer need to remember a lot of different passwords, although you do need to be sure you don't forget the master password.

How to Select a Good Password Manager

If you choose to use a different password manager other than LastPass, there are other ones available. However, UC Irvine does not endorse any of these other products. KeePass and 1Password are other products on the market offering free accounts. It is strongly recommended to only use well-known and trusted solutions. Be wary of solutions with a short history, or that have little or no community feedback. The SANS Institute OUCH! Newsletter says a good password manager will:

  • Be actively updated and patched (always use the latest version).
  • Be simple to use.
  • Encrypt your passwords using industry standard, strong, encryption. Be wary of any product that advertises a proprietary or unknown encryption method.
  • Run on all the computers you use. Advanced versions also work on mobile devices.
  • Provide tools for generating arbitrary passwords, and help manage password expiration dates.
  • Help you identify the relative strength of the passwords you've chosen.
  • A good password manager also has the option of protecting its master password with multi-factor authentication (i.e. Google, Duo, or YubiKey two-factor authentication)

Also, if your password manager provides a means for synchronizing the service across the different devices you use, then it should encrypt locally before sending information to the central system.

It’s part of the solution, not the entire solution

There's never a total, perfect solution in information security, and that's true with password managers, too. Using one does not mean you can skip other basic good habits of cybersecurity, such as keeping all your software updated, and using secure wireless networks. You can read more about information security throughout this site. You can also always reach out to OIT security at security@uci.edu if you have any questions.

Please Note: Thanks to UC Davis for allowing us to re-use some of their excellent content pertaining to the description of password managers.