Information Security


Using LastPass to manage your passwords


UCL has acquired licenses for UCL users to use the enterprise version of LastPass. This article attempts to explain what LastPass is, why you should use it, and how to get a UCL LastPass account.

Enterprise accounts are for UCL Staff only at present, students will need to sign up for a free last pass account at www.lastpass.com

Why use a password manager like LastPass?

So, what is LastPass? LastPass is a password manager that allows you to store all your passwords encrypted in one place. The advantage of using a password manager over other methods of storing passwords is that you only ever have to remember one password instead of hundreds for all the individual accounts that you have. This is probably a good time to mention that you should never re-use a password for more than one account, if one account is compromised it could compromise all accounts that you have that use that same password. It’s really not worth the risk.

LastPass also allows you to share passwords with other LastPass users, so it’s ideal for using in teams that need to share passwords.

2 Factor Authentication

We highly recommend that you use 2 factor authentication with LastPass, this helps to protect against risks such as key logging software – by using 2 factor authentication if someone was to get your LastPass password they would not be able to access your account without your authenticator code. LastPass allows you to use authenticators such as Google Authenticator, LastPass Authenticator and many others.

How to get a UCL LastPass account

• We recommend that you download the browser plugin from LastPass and/or the app from the app store for your mobile.
• Then email isg@ucl.ac.uk who will then provision an account for you.

Training options

LastPass is intuitive and easy to use, however they do provide training materials which can be found through the link below:



Frequently Asked Questions

Q. Is it safe to use LastPass on a shared computer?

A. If you follow the correct steps and ensure that you log out of Lastpass when you have finished using the device, it is safe to use it on a shared device. When you are finished with LastPass, make sure that you log out of Lastpass, and check that this has completed, before you leave the device.

Q. Is it safe to keep all of my passwords in one place?

A. LastPass has very good security, and has a legal agreement with UCL to apply strong security to their service. UCL has decided to trust LastPass based on these assurances. As long as you use a strong master password for your Lastpass account, it is a safe place to keep all of your passwords. Remember that the master password is the one thing protecting your other passwords, so ensure that it is long, complex, and you have a way to remember it. It helps to use a password several times after setting it, as this cements it in your memory. It may be helpful to force yourself to log in every few hours, or every day or so while you are memorising the master password.

Q. Can UCL see the passwords I store in my LastPass?

A. UCL cannot see the passwords stored in your Lastpass account. UCL can see the sites that are saved in your UCL LastPass, and it can also see when these are used; for example, if you stored your Amazon account in your UCL LastPass, UCL would be able to see that you had stored an Amazon account in your LastPass, and would be able to see when you used it to log in. UCL would not be able to see your password however.

Q. How can I log in to last pass from a new device?

A. Please see the article following this link below: https://lastpass.com/support.php?cmd=showfaq&id=1036. 

Q. I can’t access my passwords and my vault is always empty when I when login offline

A. LastPass encrypts and decrypts data locally on the user’s machine. The offline mode accesses the locally cached vault on the device so a previous successful log in on the device is required in order for offline mode to be available for the user. 

Please retest by login online, then offline off the same device. 

Q. Why do I have to enter credentials multiple times before accessing the vault?

A. This should not be happening, if you continue experiencing this, kindly report this confirming if it is occurring on the Last Pass browse or extension.

Q. What happens when I leave UCL? Can I keep my LastPass account?

A. When you leave UCL you will lose access to your UCL LastPass. You must make sure that you look through your UCL LastPass for any private passwords or information you will require, before you leave. Make sure to store this information in a new place not linked with your UCL LastPass account. LastPass has free accounts for private users, so you could re-save all your information in a new, private LastPass. 

Q. What happens if I forget my master password?

A. The Information Security Group are able to reset your master password to restore access to your LastPass account. If you have forgotten your password, please email isg@ucl.ac.uk so that the password reset process can be started. Please note we will need to verify that you are who you are saying you are.

Q. I haven’t received my activation email, what should I do?

A. Make sure to check your junk or spam folder as the email sometimes gets filtered into these folders. Otherwise please contact isg@ucl.ac.uk

Q. Can I use two factor or multi factor authentication?

A. MFA Authentication is available to all Enterprise account holders. 

Q. In the Privacy Policy it says user account passwords maybe collected during registration?

A. The terms in the Privacy Policy applies to a wide range of products offered by the company who manages LastPass, some products have the ability to access and view a user’s account password to assist in account recovery methods however, LastPass is not one of those products as the Master Password and all contents of a user's vault are encrypted. 

If you have any questions or would like further information, just send us an email: isg@ucl.ac.uk.