Wednesday, March 2, 2016 - Almanac Vol. 62, No. 25
Most everyone knows the importance of protecting their online passwords. But while best practices to secure these "crown jewels" are plentiful (e.g., have complex passwords, maintain unique passwords for all your accounts, change your passwords regularly, etc.), they can also be hard to keep up with. Many find it difficult to remember multiple, complex passwords. The result: passwords that are relatively easy to guess, and that are reused for multiple accounts—even for accounts that contain sensitive information like banking or credit card data. Fortunately, there is a technical solution that can help: LastPass.
On February 10, the University introduced free use of LastPass Premium password management tool to all members of the Penn community. LastPass is a cloud-based, secure password vault that can be accessed whenever and wherever needed. With LastPass, you no longer have to remember all of your passwords, just the master password that unlocks your LastPass account. The software’s password generator creates complex passwords for you, and can periodically change them for you automatically without affecting daily use. LastPass includes plugins for web browsers that autofill your login information on websites you frequent, and a mobile app for iOS and Android access on-the-go.
When using LastPass, users are strongly encouraged to take advantage of the product’s available security tools to make the storage of their passwords as safe as possible. For example, your LastPass master password should be made long (a "pass phrase") and complex by using various different types of characters, including different cases of letters, numbers and symbols or punctuation. Most importantly, you should never share your password with anyone, IT support included (contact ISC Security at firstname.lastname@example.org if anyone claiming to be a representative of the University asks you to share your password). It is also recommended that a form of multi-factor authentication be used, such as Google Authenticator or Duo Mobile, to add a second layer of security to your LastPass vault. If you are interested in using LastPass Premium, whether you are new to LastPass or already have an account, sign up at http://lastpass.com/upenn