UCL has licences to use the enterprise version of LastPass. Enterprise accounts are for UCL staff only at present, students will need to sign up for a free LastPass account at lastpass.com
What is LastPass?
LastPass is a password manager that allows you to store all your passwords encrypted in one place. This service is currently available to UCL staff only.
The advantage of using a password manager is that you only ever have to remember one password, instead of dozens for all the individual accounts that you have. It also stops you re-using passwords, which is not good practice; if one account is compromised it could compromise all accounts that you have that use that same password. It’s really not worth the risk.
LastPass also allows you to share passwords with other LastPass users, so it’s ideal for using in teams that need to share passwords.
How it works
You create a LastPass Master Password. LastPass then creates a unique password for every website you use and remembers them all for you, so you don't feel like you have to re-use passwords.
- We recommend that you download the browser plugin from LastPass and/or the app from the app store for your mobile.
The browser plugin has been pre-installed on all Desktop @ UCL Windows 10 machines.
- Email ISG who will then provision an account for you.
The licence we have for LastPass provides two password vaults, one for UCL-related passwords and one for personal passwords. The one for personal passwords can be taken with you if you leave UCL and used with the free consumer version of LastPass.
Multi-factor authentication, or MFA, is a feature that asks you for more than just your username and password when you log in. It requires something you know (your master password) plus something you have (like your phone or a token) or something you are (like your fingerprint).
It’s another layer of protection that stops others from accessing your account, even if they stole your password.
Because of the security benefits provided by multi-factor authentication, we strongly recommend turning it on for your LastPass account.
- Follow our Install and log in to LastPass how-to guide which includes setting up multi-factor authentication
- Watch the LastPass: A better way to secure your UCL credentials video (below) that gives you an overview of what LastPass is and how it works
- View help guides on the official LastPass website
- Is it safe to use LastPass on a shared computer?
If you follow the correct steps and ensure that you log out of LastPass when you have finished using the device, it is safe to use it on a shared device. When you are finished with LastPass, make sure that you log out of LastPass, and check that this has completed, before you leave the device.
- Is it safe to keep all of my passwords in one place?
LastPass has very good security, and has a legal agreement with UCL to apply strong security to their service. UCL has decided to trust LastPass based on these assurances. As long as you use a strong master password for your LastPass account, it is a safe place to keep all of your passwords. Remember that the master password is the one thing protecting your other passwords, so ensure that it is long, complex, and you have a way to remember it. It helps to use a password several times after setting it, as this cements it in your memory. It may be helpful to force yourself to log in every few hours, or every day or so while you are memorising the master password.
- Can UCL see the passwords I store in my LastPass?
UCL cannot see the passwords stored in your LastPass account. UCL can see the sites that are saved in your UCL LastPass, and it can also see when these are used; for example, if you stored your Amazon account in your UCL LastPass, UCL would be able to see that you had stored an Amazon account in your LastPass, and would be able to see when you used it to log in. UCL would not be able to see your password however.
- How can I Iog in to LastPass from a new device?
Please see the article following this link below: https://lastpass.com/support.php?cmd=showfaq&id=1036.
- I can’t access my passwords and my vault is always empty when I log in offline.
LastPass encrypts and decrypts data locally on the user’s machine. The offline mode accesses the locally cached vault on the device so a previous successful log in on the device is required in order for offline mode to be available for the user.
Please retest by login online, then offline off the same device.
- Why do I have to enter credentials multiple times before accessing the vault?
This should not be happening, if you continue experiencing this, kindly report this confirming if it is occurring on the LastPass browse or extension.
- What happens when I leave UCL? Can I keep my LastPass account?
When you leave UCL you will lose access to your UCL LastPass. You must make sure that you look through your UCL LastPass for any private passwords or information you will require, before you leave. Make sure to store this information in a new place not linked with your UCL LastPass account. LastPass has free accounts for private users, so you could re-save all your information in a new, private LastPass.
- What happens if I forget my master password?
The Information Security Group are able to reset your master password to restore access to your LastPass account. If you have forgotten your password, please email firstname.lastname@example.org so that the password reset process can be started. Please note we will need to verify that you are who you are saying you are.
- I haven’t received my activation email, what should I do?
Make sure to check your junk or spam folder as the email sometimes gets filtered into these folders. Otherwise please contact email@example.com.
- Can I use two-factor or multi factor authentication?
MFA Authentication is available to all Enterprise account holders.