Password Management Tools: LastPass Enterprise

Please Note: Thanks to UC Davis for allowing us to re-use some of their excellent content.


safe

LastPass Enterprise has arrived at UCI! LastPass Enterprise is a password management tool created to securely store usernames, passwords, and other data as well.

Note: Password Managers in general are software applications that store and protect all of your passwords in one secure place. They act as a virtual safe. They generate complex, distinct passwords for each of your accounts, and enters the passwords for you. The only password you have to remember is the one for your password manager.

Using a password manager removes the temptation to re-use passwords for multiple accounts, which is risky, or to use a really simple password like "12345," which is even riskier. It also means you no longer need to remember a lot of different passwords, although you do need to be sure you don't forget the master password.

LastPass offers a place to store your information in one place without needing to remember login information for a large number of accounts. The tool also offers the option to generate random passwords and to share them as well. Strong passwords deter people with malicious intent from breaking into an account and stealing your information.

For more information about LastPass and on how to sign-up, please visit the LastPass Enterprise Informational Page.

How to find a good one


If you choose to use a different password manager other than LastPass, there are other ones available. However, UC Irvine does not endorse any of these other products. KeePass and 1Password are other products on the market offering free accounts. A good password manager, says a paper from the security organization SANS Institute, will:

  • Use only well-known and trusted solutions. Be wary of solutions with a short history, or that have little or no community feedback.
  • Be actively updated and patched (always use the latest version).
  • Be simple to use.
  • Encrypt your passwords using industry standard, strong, encryption. Be wary of any product that advertises a proprietary or unknown encryption method.
  • Run on all the computers you use. Advanced versions also work on mobile devices.
  • Provide tools for generating arbitrary passwords, and help manage password expiration dates.
  • Help you identify the relative strength of the passwords you've chosen.
  • A good password manager also has the option of protecting its master password with multi-factor authentication (i.e. Google, Duo, or YubiKey two-factor authentication)

Also, if your password manager provides a means for synchronizing the service across the different devices you use, then it should encrypt locally before sending information to the central system.

It's part of the solution, not the entire solution


There's never a total, perfect solution in information security, and that's true with password managers, too. Using one does not mean you can skip other basic good habits of cybersecurity, such as keeping all your software updated, and using secure wireless networks. You can read more about information security throughout this site. You can also learn how to "Level Up Your Passwords" from our own security experts.