A password manager is software that helps you encrypt, store and manage all your passwords. Password managers also help you create secure passwords and automatically log in to websites.
Who Might Use a Password Manager Tool, and Why?
Password managers are increasingly important for helping keep you secure. They help you meet two seemingly contradictory safety recommendations:
- Create longer, complex passwords
- Create a different password for every site
Creating and recalling a single longer passphrase of multiple words is fairly easy. However, creating and remembering additional passphrases begins to tax your memory quickly.
You should employ unique passwords for each website or system to help minimize the impact from the breach of one website or system; however, most individuals cannot remember a separate password for many sites and tend to reuse passwords or write them on a sticky note attached to their computer. Additionally, organizations may have passwords that need to be shared across teams and want a secure method to do so. Password managers allow user and teams to more securely manage many unique passwords and automatically log them in to websites.
The Benefits of Using a Password Manager Tool
Password manager tools enable you to create and securely store unique passwords for websites, applications, and other systems without having to memorize or write them down.
Risks to Consider When Using a Password Manager Tool
Special care should be taken to secure the password tool, as it will grant access to all passwords. The “master” password that grants access to the tool should be very strong and unique, and multifactor authentication should be used if possible. Almost all modern commercial password managers allow users to implement some form of multifactor authentication.
You should also pick a password manager that securely encrypts your passwords in a way even they cannot access. This will prevent rogue employees, or compromises of your password manager provider from compromising your passwords. For instance: In order to ensure the security of your passwords from compromise, one of our top recommendations - LastPass - encrypts your password vault with encryption with only one key - your master password. LastPass doesn't have a copy of this key so they can never access your passwords. This means your passwords are protected even if LastPass is compromised, but it also means if you forget this password LastPass will not be able to help you recover it.
Recommended Password Manager: LastPass
There are a number of reputable password manager tools (see "Additional Password Manager Tools" below).
However, LETU's standard for employee use is LastPass and it's the option we recommend for most personal use as well if you don't have another preference.
Note: Employees should never share their LETU credentials with anyone else - even via a password manager.
Ready to get started? Using a password manager is easier than you think!
Get started using LastPass to manage your passwords
Additional Password Manager Tools
Below is a list of additional password manager tools for consideration for personal use. For LETU organizational purposes, the LastPass option should be used. LastPass is free, but does have a paid upgrade available for teams that wish to share credentials securely. Contact Information Technology for more information on this option.
- Recommended for most users (including any LETU Faculty/Staff needs)
- LastPass
- 1Password
- Bitwarden
- KeePass and KeePassX/KeePassXC (open source)
- Other Alternatives for personal use
- Dashlane
- EnPass
- Keeper
- RoboForm
- Sticky Password
- True Key
- Zoho Vault
Other Considerations When Choosing a Password Manager
- Does it create strong passwords?
- Does it have multifactor authentication?
- Does it help you assess security across multiple accounts?
- Does it offer you a way to securely share passwords on a team?
- Can you use it across devices?
- Where is data stored and how is it encrypted?
Source: This document is A Higher Education Information Security Council (HEISC) Resource, JULY 2019