Harvard University has partnered with the popular password manager LastPass to help organize all the passwords for your personal and professional accounts...for free.
What's the problem?
Password are everywhere
From HavardKey to Facebook to Online Bank Accounts, passwords are the most ubiquitous form of authentication on the internet today.
In an ideal world
You've probably heard that you should have a strong, unique password for every online account you have. It should look something like this:
How do you come up with a unique one of those for every single online account let alone remember them all?
Why is this bad?
You use one password for all of your accounts
And, for the sake of argument, let's just say that this password is very secure. All it takes is one of your online accounts to get compromised to open up all of your other accounts to compromise. Password compromises are becoming quite common these days and one weak link in the chain makes all the other links vulnerable. If an attacker gets access to your password through an insecure, innocuous website, they can then use it to pivot to more sensitive ones, like your bank, tax, or online health care accounts.
You use many insecure passwords or a variation of one password that are easy to remember
In this day and age, It is very easy for a malicious actor to break those insecure passwords using a wide range of widely available and free hacker tools. Even if that password is stored securely by the website, which is not always the case, a weak password can sometimes be cracked in a matter of minutes or even seconds.
You write all the passwords down and store them in a notebook that you keep near you or in a document stored on your workstation
If someone were to get access to that notebook or file, they effectively have the keys to your kingdom... and the treasures stored within.
Password Managers are the solution
One Password; One Location
Password managers stores your existing passwords in a central location and helps you generate new, stronger passwords that you never have to know or remember. All you need to remember is one, "master" password to access your password manager. It's essentially the last password to rule them all.
Access From Anywhere
With Harvard LastPass premium, you can access your accounts on all your workstation and mobile devices. All your accounts will sync among all your devices so you never have to worry about remembering another password. It also autofills your login credentials to make browsing easier.
Safe and Secure
Check out the "what makes it safer?" tab for an in-depth analysis of all the security features that Harvard LastPass offers.
And Harvard is giving you one for free!
How It Works
One Tool; All your Devices
Lastpass works by installing a browser plugin on any major web browser that you use. From there, it knows that you are logging into a website with a username and password and prompts you to save that account in your Lastpass vault.
LastPass also offers mobile applications for iOS, Android, and Windows 10 for when you're browsing on your mobile devices or on the road without your workstations. All your accounts are available to you when you want, from wherever you want.
Generate Stronger Passwords
Lastpass knows when you are creating a new account and offers to generate a strong password for you and store it in your vault.
Make Browsing Easier
Once you've stored an account in LastPass, the next time you try to login to that account, LastPass will remember and autofill your credentials to make browsing easier. For those especially sensitive accounts, like your bank accounts, you can add the option to prompt you for your Master Password before LastPass autofill that account.
Similar to storing money at a bank, Harvard Lastpass stores all your accounts and passwords in your "vault" that sync automatically and is accessible on all of your devices. Because only you have the key, no one else can access the accounts in your vault.
What makes it safer?
Locally encrypted sensitive data
All encryption/decryption occurs locally on your devices, not on LastPass' servers. This means that your sensitive data does not travel over the Internet and never touches LastPass' servers, only the encrypted data does.
LastPass uses the same encryption algorithm that the U.S. Government uses for top-secret data. Your encrypted data is meaningless to LastPass and to everyone else without the decryption key (your emails and Master Password combinations).
Only you know the key to decrypt your data
Your encryption keys are created from your email address and Master Password. The Master Password is never sent to LastPass – only a one-way hash of your password when authenticating – which means that the components that make up your keys remain local to your users. LastPass also offers multifactor authentication to add extra security by requiring a second login step when signing into your account.
Generate unique, strong passwords
No more using the same password for all sites. No more writing down passwords on little pieces of paper. No more emailing yourself when you forget your password. With the LastPass password generator you can create strong passwords for each site and automatically save them to your individual vault. With LastPass, your data will be safer online than ever before without the hassle of remembering unique passwords.
No more using your browser’s insecure password manager
Any malicious application can easily retrieve saved passwords from your browsers. With LastPass, you’re protecting yourself from these attacks!
Protect yourself from Phishing attacks
Because LastPass not only remembers the username and password for all of your accounts, but also the correct web address, it can protect you from Phishing attacks that take you to malicious sites which look legitimate.
For more information on LastPass' architecture, check out this security white paper.
Keep it Personal
Take It With You
If you ever leave Harvard, your personal LastPass account goes with you. As long as you've tied it to your personal email address, your account is yours to keep and is even free until the yearly renewal period kicks in. At that point, you can either choose to downgrade to a free personal account, which only works on one device and doesn't sync among all of them, or you can pay the $12/year for the premium version.
For Harvard departments or groups that are interested in joining the Harvard LastPass Enterprise environment, contact firstname.lastname@example.org for more information.
But Wait, There's More!
LastPass also offers you a section where you can store your sensitive documents and notes. Tax information, medical health documents, or anything that you want to protect can be stored in LastPass using the same level of top-secret government encryption and can be accessed anywhere and anytime.
LastPass can store all of your credit cards and autofill that information for an easy and quick online shopping experience. By default it will prompt you to re-enter your Master Password to make sure that it's really you buying that item, and perhaps to make sure you really want to buy that item.