ISO Position Paper

Position Title: LastPass Password Manager Adoption

Position Audience: Princeton University Community

Contact Information Security Office: [email protected]

Position Release Date: August 1, 2019

Problem Statement

One of the weakest links in password security is often how they are stored. It is not uncommon
for people to have more than 50 passwords across all of the different services they utilize today.
Good password hygiene dictates that all 50+ should be long, strong, and unique. As such,
many resort to storing these passwords in spreadsheets, writing them on sticky notes, or saving
them in their browser. All of these methods are insecure and put those passwords, and the
information they protect, at risk.

ISO Position

All members of the University community should use a quality password manager such as
LastPass. The University has partnered with LastPass to offer its LastPass Enterprise and
Personal Premium products at no charge to the individual. The ISO recommends that LastPass
be adopted in order to increase security and lower risk for the University.
In the near future, there will be areas of the University where LastPass will be mandatory on a
risk-based approach.

Additional Information

LastPass for Princeton webpage

LastPass Knowledge Base article
 

Data classification: Public