LastPass

Harvard University has partnered with the popular password manager LastPass to help organize all the passwords for your personal and professional accounts...for free. 

The Problem

What's the problem?

Password are everywhere

From HavardKey to Facebook to Online Bank Accounts, passwords are the most ubiquitous form of authentication on the internet today.

In an ideal world

You've probably heard that you should have a strong, unique password for every online account you have. It should look something like this:

KQo=3oyB>VXG^-6

The problem

How do you come up with a unique one of those for every single online account let alone remember them all?

Why is this bad?

You use one password for all of your accounts

And, for the sake of argument, let's just say that this password is very secure. All it takes is one of your online accounts to get compromised to open up all of your other accounts to compromise. Password compromises are becoming quite common these days and one weak link in the chain makes all the other links vulnerable. If an attacker gets access to your password through an insecure, innocuous website, they can then use it to pivot to more sensitive ones, like your bank, tax, or online health care accounts. 

You use many insecure passwords or a variation of one password that are easy to remember

In this day and age, It is very easy for a malicious actor to break those insecure passwords using a wide range of widely available and free hacker tools. Even if that password is stored securely by the website, which is not always the case, a weak password can sometimes be cracked in a matter of minutes or even seconds. 

You write all the passwords down and store them in a notebook that you keep near you or in a document stored on your workstation

If someone were to get access to that notebook or file, they effectively have the keys to your kingdom... and the treasures stored within. 

<embed>
Copy and paste this code to your website.

The Solution

Password Managers are the solution

One Password; One Location

Password managers stores your existing passwords in a central location and helps you generate new, stronger passwords that you never have to know or remember. All you need to remember is one, "master" password to access your password manager. It's essentially the last password to rule them all.

Access From Anywhere

With Harvard LastPass premium, you can access your accounts on all your workstation and mobile devices. All your accounts will sync among all your devices so you never have to worry about remembering another password. It also autofills your login credentials to make browsing easier. 

Safe and Secure

Check out the "what makes it safer?" tab for an in-depth analysis of all the security features that Harvard LastPass offers. 

And Harvard is giving you one for free! 

How It Works

One Tool; All your Devices

Lastpass works by installing a browser plugin on any major web browser that you use. From there, it knows that you are logging into a website with a username and password and prompts you to save that account in your Lastpass vault. 

LastPass also offers mobile applications for iOS, Android, and Windows 10 for when you're browsing on your mobile devices or on the road without your workstations. All your accounts are available to you when you want, from wherever you want.

Generate Stronger Passwords

Lastpass knows when you are creating a new account and offers to generate a strong password for you and store it in your vault. 

Make Browsing Easier

Once you've stored an account in LastPass, the next time you try to login to that account, LastPass will remember and autofill your credentials to make browsing easier. For those especially sensitive accounts, like your bank accounts, you can add the option to prompt you for your Master Password before LastPass autofill that account. 

Your "Vault"

Similar to storing money at a bank, Harvard Lastpass stores all your accounts and passwords in your "vault" that sync automatically and is accessible on all of your devices. Because only you have the key, no one else can access the accounts in your vault. 

Visit LastPass' User Manual webpage for more information or watch these short YouTube screencasts for how to get started with LastPass or how to use the tool.

What makes it safer?

Locally encrypted sensitive data

All encryption/decryption occurs locally on your devices, not on LastPass' servers. This means that your sensitive data does not travel over the Internet and never touches LastPass' servers, only the encrypted data does.

Government-level encryption

LastPass uses the same encryption algorithm that the U.S. Government uses for top-secret data. Your encrypted data is meaningless to LastPass and to everyone else without the decryption key (your emails and Master Password combinations).

Only you know the key to decrypt your data

Your encryption keys are created from your email address and Master Password. The Master Password is never sent to LastPass – only a one-way hash of your password when authenticating – which means that the components that make up your keys remain local to your users. LastPass also offers multifactor authentication to add extra security by requiring a second login step when signing into your account.

Generate unique, strong passwords

No more using the same password for all sites. No more writing down passwords on little pieces of paper. No more emailing yourself when you forget your password. With the LastPass password generator you can create strong passwords for each site and automatically save them to your individual vault. With LastPass, your data will be safer online than ever before without the hassle of remembering unique passwords.

No more using your browser’s insecure password manager

Any malicious application can easily retrieve saved passwords from your browsers. With LastPass, you’re protecting yourself from these attacks!

Protect yourself from Phishing attacks

Because LastPass not only remembers the username and password for all of your accounts, but also the correct web address, it can protect you from Phishing attacks that take you to malicious sites which look legitimate. 

For more information on LastPass' architecture, check out this security white paper.

Keep it Personal

Take It With You

If you ever leave Harvard, your personal LastPass account goes with you. As long as you've tied it to your personal email address, your account is yours to keep and is even free until the yearly renewal period kicks in. At that point, you can either choose to downgrade to a free personal account, which only works on one device and doesn't sync among all of them, or you can pay the $12/year for the premium version.

For Harvard departments or groups that are interested in joining the Harvard LastPass Enterprise environment, contact lastpass@harvard.edu for more information.

But Wait, There's More!

Secure Notes

LastPass also offers you a section where you can store your sensitive documents and notes. Tax information, medical health documents, or anything that you want to protect can be stored in LastPass using the same level of top-secret government encryption and can be accessed anywhere and anytime. 

Online Shopping

LastPass can store all of your credit cards and autofill that information for an easy and quick online shopping experience. By default it will prompt you to re-enter your Master Password to make sure that it's really you buying that item, and perhaps to make sure you really want to buy that item. 

Get Lastpass Now

<embed>
Copy and paste this code to your website.
Copy and paste this code to your website.