Everyone knows you should use strong passwords and not reuse them, but with so many accounts how do you keep track? Security professionals recommend using a password manager to create, store, and manage strong, unique passwords for all your accounts. For faculty and staff, Princeton provides LastPass Enterprise (for University business) and LastPass Premium (for personal use). For students, Princeton provides LastPass Premium. These accounts are free of charge.
With LastPass, you use one strong “master” password to protect the passwords of all your other accounts. Use LastPass' password generator to create long, complex passwords for your accounts. You don’t have to remember them all, just remember your master password, and let LastPass remember the rest.
You can access LastPass from the University, from home, or through the app.
LastPass uses strong encryption to make sure that the only way to access your passwords is to use the master password. No one, including Princeton or LastPass can access your passwords.
Install the LastPass browser plugin (available for most major web browsers) and then when you are logging into a website, entering a username and password, LastPass will prompt you to save that account to your LastPass vault. Use the LastPass app on your mobile device and you can access your vault from anywhere.
LastPass can generate long, randomized passwords that protect against hacking.
If you are logged into the LastPass browser extension and you have stored a password in LastPass, it will often automatically fill in your username and password when you open a webpage. If it doesn’t, your passwords are still only a few clicks away in your password vault.
Your vault can be accessed from your browser plug-in or mobile app. Once signed in to your vault, you can see all your accounts, generate new passwords, share accounts with other LastPass users, or configure your LastPass settings.
LastPass uses the same encryption algorithm that the U.S. Government uses for top-secret data. Your encrypted data is unreadable to LastPass and to everyone else without the Master Password.
For more information on LastPass' architecture, check out this security overview document.
Your encryption keys are created from your Master Password. The Master Password is never sent to LastPass. All encryption/decryption occurs locally on your devices, not on LastPass' servers. This means that your sensitive data does not travel over the internet and never touches LastPass' servers, only the encrypted data does. For additional security, your Enterprise account is configured to use Duo multi-factor authentication (MFA). MFA can also be configured on personal Premium accounts and is required on personal Premium accounts that are linked to an Enterprise account.
Stop reusing the same password, writing down passwords, or resetting passwords because you can’t remember them. Let LastPass create and manage your passwords.
Storing passwords in your browser may be convenient but it can pose security risks. Instead access your passwords quickly and safely using LastPass.
Do not use to store passwords used to conduct University business.
Faculty and staff should use this product to store passwords used to conduct University business.
Students should use this product to store both University passwords and personal passwords.
Faculty and staff should use this product to store personal passwords. Please note that your personal Premium account and Enterprise accounts can be easily linked. This allows you to keep your vault entries all in one place, while both accounts remain separate. Your personal and University Enterprise accounts are private (your system administrator cannot view your account data), and if you ever leave the University, your personal account remains active and accessible to you.
For details about the differences in functionality of each product, please visit LastPass' website.
Check out the LastPass "Security Challenge" to get your personal security score. This score is based on many factors, such as if you reuse passwords or if any of your accounts have been involved in a breach. Use this feature to learn how to improve your password security and improve your score.
Store notes and pictures with the same security it uses for passwords. Use LastPass to store important travel documents or itineraries, emergency contact information, or financial information.
Store all of your credit cards and autofill that information for an easy and quick online shopping experience.
When you're logged into LastPass and you visit a website, LastPass will autofill passwords. But what if the link and page look real, but It's actually fake? LastPass won't be fooled, and it's an excellent way for you to spot fake websites.
Contact the OIT Support and Operations Center at 8-HELP or firstname.lastname@example.org
Check out the training resources at the bottom of this page!
Follow the instructions in the LastPass KB article to create an Enterprise account. You are also eligible for a personal Premium account, which can be linked to your Enterprise account.
Follow the instructions in the LastPass KB article to create a personal Premium account.