Password management applications are great tools when used properly. It is a best practice to not use the same password for business applications and personal applications. There are some systems that might require changing a password sooner than others, so it’s hard to remember multiple passwords. Instead of writing down passwords, or keeping a document on your computer, password manager applications are the answer.
Setting up a profile in an application like LastPass is a great way to keep all your passwords in one place. You only have to remember one very strong password – the one securing your password profile. For help picking a strong password – watch this two minute video from Sophos security: https://youtu.be/pMPhBEoVulQ
Some best practices for using a password manager application would be:
• Set up two-factor authentication if the password manager supports it
• The master password should be strong – at least 10 characters long, using uppercase letters, lowercase letters, numbers, and a special character
• Never use the master password for any other account
• Change the master password periodically if there is concern of a risk (such as the LastPass master password breach incident: https://krebsonsecurity.com/2015/06/password-manager-lastpass-warns-of-breach/)
• Keep the passwords being managed up to date
• Keep the password manager application up to date
Do not respond to an email with your password. (To stay informed of phishing scams, subscribe to the phishing listserv: http://its.unl.edu/security/phishingunl)
If you have questions, contact the ITS security team at security@unl.edu.