Key Actions 
LastPass and tips for password management

Duke offers the premium version of LastPass password manager service free to all faculty, staff and students. To get started with LastPass:

  1. Set up a master password that is at least 15 to 20 characters long. (See guidelines for choosing a strong password.) If you think you might forget it, print it out and store that printout in a locked, secure location such as a safety deposit box.
  2. If you have saved passwords in your browser, allow LastPass to pull those in.
  3. Configure LastPass settings to automatically log out after 15 minutes when all browsers are closed or after 60 minutes when idle.
  4. Set up TouchID for LastPass on your phone.
  5. Add your mobile number for SMS recovery.
  6. Run LastPass' Security Challenge to identify which websites and passwords should be changed. The Security Challenge will list all websites with known compromised passwords and reused passwords.

For more information, visit the LastPass Getting Started guide.

Getting started with a password manager

Many users have more than 100 accounts and passwords for the various websites and cloud services they access, so getting started with a password manager like LastPass can seem daunting. Because of this, we offer these tips for prioritizing your passwords:

  • Use LastPass' Security Challenge to review those sites where you have duplicate or weak passwords. Those should be the ones you change first.
  • Work through the list a few passwords at a time until you have removed all the duplicate passwords and changed your weak passwords to unique, random ones for each site. You can re-run the security check at any time to watch your score increase!
  • When changing passwords, aim for passwords with 20 characters, with a mix of upper- and lowercase characters, numbers and symbols. Some sites limit the number of characters you can use and will warn you when to decrease the number of characters.