Key Actions 
LastPass and tips for password management

Duke offers the premium version of the LastPass password manager service free to all faculty, staff and students. To get started with LastPass:

  1. Duke encourages you to create a Free LastPass account using a personal email account.
  2. Set up a master password that is at least 15 to 20 characters long. (See guidelines for choosing a strong password.) If you think you might forget it, print it out and store that printout in a locked, secure location such as a safety deposit box.
  3. If you have saved passwords in your browser, allow LastPass to import those.
  4. Configure LastPass settings to automatically log out after 15 minutes when all browsers are closed or after 60 minutes when idle.
  5. Enable Mobile Recovery for your LastPass account.
  6. Stop password reuse. Run LastPass' Security Challenge to identify which websites and passwords should be changed. The Security Challenge will list all websites with known compromised passwords and reused passwords.
  7. If you need to use LastPass from a public computer, consider using One-Time Passwords.
  8. Autofill from LastPass to mobile apps is available for Android and iOS.

For more information, visit the LastPass Getting Started guide.

Getting started with a password manager

Many users have more than 100 accounts and passwords for the various websites and cloud services they access, so getting started with a password manager like LastPass can seem daunting. Here are some tips for prioritizing your passwords:

  • Use LastPass' Security Challenge to review those sites where you have duplicate or weak passwords. Those should be the ones you change first.
  • Work through the list a few passwords at a time until you have removed all the duplicate passwords and changed your weak passwords to unique, random ones for each site. You can re-run the security check at any time to watch your score increase!
  • When changing passwords, aim for passwords with 20 characters, with a mix of upper- and lowercase characters, numbers and symbols. Some sites limit the number of characters you can use and will warn you when to decrease the number of characters.

Emergency access and family sharing

  • Don't wait for an emergency to discover you or a loved one may not have access to important passwords. LastPass Premium allows you to set up emergency access for your account.
  • LastPass Premium also allows sharing passwords with other LastPass users, including those with free accounts. This is a good way to ensure that family members have access to critical financial and health accounts if the need arises, or to simply give a child access to use a password for a service. More information about the Premium features are available from LastPass. (Another option is LastPass Families, which costs $48 and provides 6 premium accounts and a management console.)

LastPass Enterprise

If your department needs to share Duke-related account information, LastPass Enterprise is available for that purpose. To find out more about setting up LastPass Enterprise, email