A password manager is software that helps you encrypt, store and manage all your passwords. Password managers also help you create secure passwords and automatically log in to websites.
Password managers are increasingly important for helping keep you secure. They help you meet two seemingly contradictory safety recommendations:
Creating and recalling a single longer passphrase of multiple words is fairly easy. However, creating and remembering additional passphrases begins to tax your memory quickly.
You should employ unique passwords for each website or system to help minimize the impact from the breach of one website or system; however, most individuals cannot remember a separate password for many sites and tend to reuse passwords or write them on a sticky note attached to their computer. Additionally, organizations may have passwords that need to be shared across teams and want a secure method to do so. Password manager tools allow users and teams to more securely manage many distinct passwords and automatically log them in to websites.
Password manager tools enable you to create and securely store unique passwords for websites, applications, and other systems without having to memorize or write them down.
Special care should be taken to secure the password tool, as it will grant access to all passwords. The “master” password that grants access to the tool should be very strong and unique, and multifactor authentication should be used if possible. Almost all modern commercial password managers allow users to implement some form of multifactor authentication.
You should also pick a password manager that securely encrypts your passwords in a way even they cannot access. This will prevent rogue employees, or compromises of your password manager provider from compromising your passwords. For instance: In order to ensure the security of your passwords from compromise, one of our top recommendations - LastPass - encrypts your password vault with encryption with only one key - your master password. LastPass doesn't have a copy of this key so they can never access your passwords. This means your passwords are protected even if LastPass is compromised, but it also means if you forget this password LastPass will not be able to help you recover it.
Recommended Password Manager: LastPass
There are a number of reputable password manager tools (see "Additional Password Manager Tools" below).
However, LETU's standard for employee use is LastPass and it's the option we recommend for most personal use as well if you don't have another preference
Ready to get started? Using a password manager is easier than you think!
Below is a list of additional password manager tools for consideration for personal use. For LETU organizational purposes, the LastPass option should be used. LastPass is free, but does have a paid upgrade available for teams that wish to share credentials securely. Contact Information Technology for more information on this option.
Source: This document is A Higher Education Information Security Council (HEISC) Resource, JULY 2019