Information Security

Common Questions

Common questions and answers around LastPass and Password Managers

Why did the University choose LastPass?

With the rise in credential stuffing attacks across academia and elsewhere, it was identified that the University needed a tool to allow users to have robust, unique passwords.

On the back of the work that was undertaken to look at Password Managers and create the guidance at:

Infosec - How to Protect - Lock your devices - Passwords

Based on market engagement the Chief Information Security Officer selected Lastpass on the basis of having robust security controls, cost and availability across operating systems.

Is using a Password Manager a good idea?

The short answer is: “Yes.”

The more detailed answer is: “Yes, but not for everything.”

Password managers make it easy to maintain the account details that you use every day. However, there are some accounts that should be memorised as they are so important:
  • Banking Passwords
  • Main email account

Why your main email account? That’s where all your reset requests and the like will go should your accounts be compromised or you need to change your details.

Other than these few restrictions, you are good to go!

 

If you are unsure about this topic, a good source of information is the National Cyber Security Centre

What does the NCSC think about Password Managers?

 

What services can I use LastPass for?

LastPass can be used for all passwords and logins, with a few key exceptions:

  • Lab and staff computers - When logging into your device, LastPass will not be active yet, so you need to remember your University Login for lab computers and  staff computers.
  • Bank logins - while most banks will now use 2 factor authentication, the current guidance from the National Cyber Security Centre is that the level of exposure makes it less desirable. Some banks also have guidelines around whether they recommend the use of Password Managers, so check first!
  • LastPass master password - you will need this to log into LastPass and will have to memorise it.
  • The password for the email address you would use to reset your LastPass master password

So that means that yes, you can keep your university login within LastPass.

 

Who do I go to for help with LastPass?

Staff:

Put your query through to the IS Helpline:

Contact IS Helpline

If your query cannot be dealt with locally it will be passed to LastPass for resolution.

 

Students:

As your service is provided to us directly by LastPass, if you need help or want more information you should go to their support pages at:

https://support.logmeininc.com/lastpass

LastPass manages student accounts and as such all student support requests should go to them.

 

Do I have to use LastPass? Can I use my current password manager?

Use of LastPass is not mandated in policy from Information Security. If you already have a secure, successful service or process that you use for managing Passwords then please keep doing so!