- Review your passwords to make sure they are strong and unique.
- Upgrade a free LastPass account to a premium account (free through Duke)
- LastPass for Android
- LastPass for iOS
Duke offers the premium version of the LastPass password manager service free to all faculty, staff and students. To get started with LastPass:
- Duke encourages you to create a Free LastPass account using a personal email account.
- Set up a master password that is at least 15 to 20 characters long. (See guidelines for choosing a strong password.) If you think you might forget it, print it out and store that printout in a locked, secure location such as a safety deposit box.
- If you have saved passwords in your browser, allow LastPass to import those.
- Configure LastPass settings to automatically log out after 15 minutes when all browsers are closed or after 60 minutes when idle.
- Enable Mobile Recovery for your LastPass account.
- Stop password reuse. Run LastPass' Security Challenge to identify which websites and passwords should be changed. The Security Challenge will list all websites with known compromised passwords and reused passwords.
- If you need to use LastPass from a public computer, consider using One-Time Passwords.
- Autofill from LastPass to mobile apps is available for Android and iOS.
For more information, visit the LastPass Getting Started guide.
Getting started with a password manager
Many users have more than 100 accounts and passwords for the various websites and cloud services they access, so getting started with a password manager like LastPass can seem daunting. Here are some tips for prioritizing your passwords:
- Use LastPass' Security Challenge to review those sites where you have duplicate or weak passwords. Those should be the ones you change first.
- Work through the list a few passwords at a time until you have removed all the duplicate passwords and changed your weak passwords to unique, random ones for each site. You can re-run the security check at any time to watch your score increase!
- When changing passwords, aim for passwords with 20 characters, with a mix of upper- and lowercase characters, numbers and symbols. Some sites limit the number of characters you can use and will warn you when to decrease the number of characters.
If your department needs to share Duke-related account information, LastPass Enterprise is available for that purpose. To find out more about setting up LastPass Enterprise, email firstname.lastname@example.org.