- Review your passwords to make sure they are strong and unique.
- Download LastPass premium password manager (free through Duke).
Duke offers the premium version of LastPass password manager service free to all faculty, staff and students. To get started with LastPass:
- Set up a master password that is at least 15 to 20 characters long. (See guidelines for choosing a strong password.) If you think you might forget it, print it out and store that printout in a locked, secure location such as a safety deposit box.
- If you have saved passwords in your browser, allow LastPass to pull those in.
- Configure LastPass settings to automatically log out after 15 minutes when all browsers are closed or after 60 minutes when idle.
- Set up TouchID for LastPass on your phone.
- Add your mobile number for SMS recovery.
- Run LastPass' Security Challenge to identify which websites and passwords should be changed. The Security Challenge will list all websites with known compromised passwords and reused passwords.
- If you need to use LastPass from a public computer, consider using One-Time Passwords. This walks you through safely creating and storing your One-Time Passwords.
For more information, visit the LastPass Getting Started guide.
Getting started with a password manager
Many users have more than 100 accounts and passwords for the various websites and cloud services they access, so getting started with a password manager like LastPass can seem daunting. Because of this, we offer these tips for prioritizing your passwords:
- Use LastPass' Security Challenge to review those sites where you have duplicate or weak passwords. Those should be the ones you change first.
- Work through the list a few passwords at a time until you have removed all the duplicate passwords and changed your weak passwords to unique, random ones for each site. You can re-run the security check at any time to watch your score increase!
- When changing passwords, aim for passwords with 20 characters, with a mix of upper- and lowercase characters, numbers and symbols. Some sites limit the number of characters you can use and will warn you when to decrease the number of characters.