FIGHT BACK WITH LASTPASS. - Bates College · 2017-03-24 · LastPass has opted to use SHA- 256, a...
17
PASSWORDS BITE. FIGHT BACK WITH LASTPASS. Special Topics in Cyber Security
Transcript of FIGHT BACK WITH LASTPASS. - Bates College · 2017-03-24 · LastPass has opted to use SHA- 256, a...
PASSWORDSBITE.
FIGHT BACK WITH LASTPASS.
Special Topics in Cyber Security
It's so annoying when you go online to get something done only to be thwarted by a forgotten password. With so many apps and accounts these
days, who's got time to remember all those passwords?
PASSWORDSBITE.
FIGHT BACK WITH LASTPASS.
Bank-Level EncryptionWe never have your key. Your
data is for your eyes only.
Organize Your PasswordsStore your logins and notes
to a secure, searchable vault.
Sync EverywhereYour passwords are always backed up.
Uncrackable PasswordsGenerate long, strong passwords in a click.
One Master PasswordRemember your master
password, forget the rest.
Simplify Logging InFill in any login or online form, no typing required.
How Does LastPass Work?
See all your accounts and passwords in one easy-to-use "vault." LastPass syncs automatically, so you're always up-to-date. Sensitive data is only encrypted and decrypted locally, with your key, which is never shared with LastPass. 256-bit AES encryption, one-way salted hashes, and PBKDF2 iterations ensure complete security with the power of syncing through the cloud.
Recommended by industry experts, multifactor authentication adds extra security by requiring a second login step when signing in to your account.
Your master password is a key that is never shared with LastPass. Your data stays accessible only to you.
Create an account with your email address and a strong master password. PBKDF2
hashing prevents your password from ever being shared with us,
keeping it secure.
Because LastPass remembers and fills in all of your usernames and passwords for you, you can finally use a strong, unique password for each online account. LastPass does the work for you.
LastPass ensures you'll have all of your passwords, everywhere you need them, at
any time. LastPass makes it so you won't have to remember passwords, but you can
also trust that your logins will be there when you need them.
LastPass is trusted by over 8 million
users and 18,000 businesses worldwide.
CREATE ACCOUNT
YOUR VAULT & ENCRYPTION
AUTOFILL
MULTIFACTORAUTHENTICATION
LASTPASS WORKS ON ALL OF YOUR DEVICES!
YOUR MASTER PASSWORD
USER:
PASS:
.................
.................
<
LastPass can never access your master password.
<
<
<
<
<
<
HASHING
PBKDF2\\
Security & Compliance
At LastPass, your security and privacy are our top priority - that's why we've taken every step possible to ensure that your data is safely stored and synced in your LastPass account. We've accomplished this by using 256-bit AES implemented in C++ and JavaScript (for the website) and exclusively encrypting and decrypting on the local PC. This means that your sensitive data does not travel over the Internet nor does it ever touch our servers, only the encrypted data does. This is the same encryption algorithm that is used by the US Government to protect its top-secret data.
Your encrypted data is meaningless to us and to everyone else without the decryption key. This key is created from your email address and Master Password. Your Master Password is never sent to LastPass, only a one-way hash of your password when authenticating, which means that the components that make up your key remain local. LastPass also offers an array of advanced security options that let youadd more layers of protection for your organization.
LastPass has multiple layers of protection in place that will lock down the device in cases of a brute force attack based on a deep and diverse set of criteria. To increase the security of your master password, LastPass utilizes a stronger-than-typical version of Password-Based Key Derivation Function (PBKDF2). At its most basic, PBKDF2 is a "password-strengthening algorithm" that makes it difficult for a computer to check that any one password is the correct master password during a brute-force attack. The standard implementation of PBKDF2 uses SHA-1, a secure hashing algorithm. SHA-1 is faster, but its speed is a weakness in that brute-force attacks can likewise be performed faster. LastPass has opted to use SHA- 256, a slower hashing algorithm that provides more protection against brute-force attacks. LastPass utilizes the PBKDF2 function implemented with SHA-256 to turn your master password into your encryp-tion key. By default, LastPass performs 5000 rounds of the function to create the encryption key, before a single additional round of PBKDF2 is done to create your login hash. We've taken every step to ensure our user’s security and privacy.
On Windows, the LastPass installer helps find insecure passwords stored on a user’s computer so that they can be saved securely in LastPass, eliminating their easy access by malicious software. As an addi-tional precaution LastPass uses SSL exclusively for data transfer - even though the vast majority of data being sent is already encrypted with 256-bit AES and is unusable to both LastPass and any party listening in to the network traffic. Our policy of never receiving private data that has not already been locked down with a LastPass master password (which we never receive and will never ask for) radically reduces attack vectors. We use firewalls and best practices to protect the servers and service, but our best line of defense is simply not having access to data even if someone were able to hack their way in. If LastPass can't access it, hackers can't either.
Strengthen Compliance Through Controlled Access and Monitoring
Safeguarding your customer’s personal information is a considerable challenge in today’s environment of remote offices, virtual employees, the increased use of Web services, and the increased incidence of cyber-attacks. Each regulatory framework is different, but HIPAA, PCI, SOX and GLBA all call for highly defined processes relative to employee access to data, the ability to track this access, and retention of these records. LastPass helps support corporate compliance efforts by:
• Empowering administrators to control employee access to specific tools and sites• Employers can impose specific criteria around the strength and length of the master passwords of their
employees.• Employers can mandate the use of multi-factor authentication for login to LastPass.• Employers can lock down access to LastPass based on IP Address and/or device. Access can be
restricted for all employees, or an elected sub-set.• With LastPass Shared Folders, Administrators can allocate logins to users as either hidden or
visible. Hidden passwords can only be utilized through LastPass auto-fill. Every login event is then captured and retailed in the Login Reports.
• Monitoring and logging all access by both employees and administrators• The LastPass Login Report captures (1) username, time date stamp, IPaddress and site name for
every login, (2) formfill events, (3) and all username and password updates, that are conducted using LastPass.
• The Shared Folders Report captures a detailed record of every Shared Folder created within the company, including: (1) assigned users, (2) access rights and permissions of each user relative to each folder, (3) full list of sites and tools shared with the folder.
• The Admin Events Report tracks administrator activity conducted with the Enterprise Console such as (1) new account created, (2) user account terminated, (3) policy edit or assignment. This report includes the name of the administrator, time/date stamp, IP Address and event type.
• Retaining access records for a minimum of three years• Each report is retained on our servers for a period of no less than 3 years. • Reports can be filtered by user, data range, and can be exported to Excel.
Safely Sharing Accounts With Others
LastPass uses public/private key cryptography - specifically RSA from Crypto++ and jsbn - to allow users to share their accounts with trusted parties, without ever sharing it with LastPass. The distinguishing technique used in public-key cryptography is the use of asymmetric key algorithms, where the key used to encrypt a message is not the same as the key used to decrypt it. Each user has a pair of cryptographic keys - a public encryption key and a private decryption key. Messages are encrypted with the recipient's public key, and can be decrypted only with the corresponding private key. This process is, of course, completely automated with no action required by the end user.
Account Recovery
With 'account recovery', we store an encrypted version of the user's encryption key on their hard drive and store an encrypted version of the key to decrypt the encryption key on our server. The encryptedvalue on their hard drive is useless without the encrypted key on the server. The encrypted key on our server is useless to us as we do not have the key to decrypt it. We force the end user to prove they are who they claim to be by validating their email and thereafter deliver the encrypted key to the user -- they then decrypt the key and use it to decrypt their encrypted key to gain access to a forced password reset module.
Availability
LastPass was built on the belief that users must always have access to their data – anywhere, anytime. We've accomplished this in multiple ways: first, we have multiple Tier 1 data-centers in production service at all times for full redundancy and availability. Second, we store the user’s encrypted data on the local PC at login, so that if LastPass.com cannot be reached, the user will still have full access to the add-on and to their stored accounts. The website can be used without installation of the add-on (the encryption and decryption happens in JavaScript), but we take advantage of faster encryption in the add-ons when available. LastPass also offers user access through the mobile site m.lastpass.com.
Off Site Backups
LastPass keeps daily local backups as well as a daily off site backup. Although private data is already encrypted on our servers, as an additional precaution backups are also encrypted with GPG.
Automated Testing
LastPass uses Paros to help verify it hasn't made common mistakes that could result in a XSS or SQL Injection attack, and Funkload to verify performance and create functional tests that are runby Nagios. Microsoft's Application Verifier and other tools are used to help identify common problems inthe IE add-on as well as a number of Mozilla tools that are used to test the Firefox add-on.
At LastPass, your security and privacy are our top priority - that's why we've taken every step possible to ensure that your data is safely stored and synced in your LastPass account. We've accomplished this by using 256-bit AES implemented in C++ and JavaScript (for the website) and exclusively encrypting and decrypting on the local PC. This means that your sensitive data does not travel over the Internet nor does it ever touch our servers, only the encrypted data does. This is the same encryption algorithm that is used by the US Government to protect its top-secret data.
Your encrypted data is meaningless to us and to everyone else without the decryption key. This key is created from your email address and Master Password. Your Master Password is never sent to LastPass, only a one-way hash of your password when authenticating, which means that the components that make up your key remain local. LastPass also offers an array of advanced security options that let youadd more layers of protection for your organization.
LastPass has multiple layers of protection in place that will lock down the device in cases of a brute force attack based on a deep and diverse set of criteria. To increase the security of your master password, LastPass utilizes a stronger-than-typical version of Password-Based Key Derivation Function (PBKDF2). At its most basic, PBKDF2 is a "password-strengthening algorithm" that makes it difficult for a computer to check that any one password is the correct master password during a brute-force attack. The standard implementation of PBKDF2 uses SHA-1, a secure hashing algorithm. SHA-1 is faster, but its speed is a weakness in that brute-force attacks can likewise be performed faster. LastPass has opted to use SHA- 256, a slower hashing algorithm that provides more protection against brute-force attacks. LastPass utilizes the PBKDF2 function implemented with SHA-256 to turn your master password into your encryp-tion key. By default, LastPass performs 5000 rounds of the function to create the encryption key, before a single additional round of PBKDF2 is done to create your login hash. We've taken every step to ensure our user’s security and privacy.
On Windows, the LastPass installer helps find insecure passwords stored on a user’s computer so that they can be saved securely in LastPass, eliminating their easy access by malicious software. As an addi-tional precaution LastPass uses SSL exclusively for data transfer - even though the vast majority of data being sent is already encrypted with 256-bit AES and is unusable to both LastPass and any party listening in to the network traffic. Our policy of never receiving private data that has not already been locked down with a LastPass master password (which we never receive and will never ask for) radically reduces attack vectors. We use firewalls and best practices to protect the servers and service, but our best line of defense is simply not having access to data even if someone were able to hack their way in. If LastPass can't access it, hackers can't either.
Strengthen Compliance Through Controlled Access and Monitoring
Safeguarding your customer’s personal information is a considerable challenge in today’s environment of remote offices, virtual employees, the increased use of Web services, and the increased incidence of cyber-attacks. Each regulatory framework is different, but HIPAA, PCI, SOX and GLBA all call for highly defined processes relative to employee access to data, the ability to track this access, and retention of these records. LastPass helps support corporate compliance efforts by:
Security & Compliance
• Empowering administrators to control employee access to specific tools and sites• Employers can impose specific criteria around the strength and length of the master passwords of their
employees.• Employers can mandate the use of multi-factor authentication for login to LastPass.• Employers can lock down access to LastPass based on IP Address and/or device. Access can be
restricted for all employees, or an elected sub-set.• With LastPass Shared Folders, Administrators can allocate logins to users as either hidden or
visible. Hidden passwords can only be utilized through LastPass auto-fill. Every login event isthen captured and retailed in the Login Reports.
• Monitoring and logging all access by both employees and administrators• The LastPass Login Report captures (1) username, time date stamp, IPaddress and site name for
every login, (2) formfill events, (3) and all username and password updates, that are conductedusing LastPass.
• The Shared Folders Report captures a detailed record of every Shared Folder created within thecompany, including: (1) assigned users, (2) access rights and permissions of each user relative toeach folder, (3) full list of sites and tools shared with the folder.
• The Admin Events Report tracks administrator activity conducted with the Enterprise Consolesuch as (1) new account created, (2) user account terminated, (3) policy edit or assignment. Thisreport includes the name of the administrator, time/date stamp, IP Address and event type.
• Retaining access records for a minimum of three years• Each report is retained on our servers for a period of no less than 3 years.• Reports can be filtered by user, data range, and can be exported to Excel.
Safely Sharing Accounts With Others
LastPass uses public/private key cryptography - specifically RSA from Crypto++ and jsbn - to allow users to share their accounts with trusted parties, without ever sharing it with LastPass. The distinguishing technique used in public-key cryptography is the use of asymmetric key algorithms, where the key used to encrypt a message is not the same as the key used to decrypt it. Each user has a pair of cryptographic keys - a public encryption key and a private decryption key. Messages are encrypted with the recipient's public key, and can be decrypted only with the corresponding private key. This process is, of course, completely automated with no action required by the end user.
Account Recovery
With 'account recovery', we store an encrypted version of the user's encryption key on their hard drive and store an encrypted version of the key to decrypt the encryption key on our server. The encryptedvalue on their hard drive is useless without the encrypted key on the server. The encrypted key on our server is useless to us as we do not have the key to decrypt it. We force the end user to prove they are who they claim to be by validating their email and thereafter deliver the encrypted key to the user -- they then decrypt the key and use it to decrypt their encrypted key to gain access to a forced password reset module.
Availability
LastPass was built on the belief that users must always have access to their data – anywhere, anytime. We've accomplished this in multiple ways: first, we have multiple Tier 1 data-centers in production service at all times for full redundancy and availability. Second, we store the user’s encrypted data on the local PC at login, so that if LastPass.com cannot be reached, the user will still have full access to the add-on and to their stored accounts. The website can be used without installation of the add-on (the encryption and decryption happens in JavaScript), but we take advantage of faster encryption in the add-ons when available. LastPass also offers user access through the mobile site m.lastpass.com.
Off Site Backups
LastPass keeps daily local backups as well as a daily off site backup. Although private data is already encrypted on our servers, as an additional precaution backups are also encrypted with GPG.
Automated Testing
LastPass uses Paros to help verify it hasn't made common mistakes that could result in a XSS or SQL Injection attack, and Funkload to verify performance and create functional tests that are runby Nagios. Microsoft's Application Verifier and other tools are used to help identify common problems inthe IE add-on as well as a number of Mozilla tools that are used to test the Firefox add-on.
At LastPass, your security and privacy are our top priority - that's why we've taken every step possible to ensure that your data is safely stored and synced in your LastPass account. We've accomplished this by using 256-bit AES implemented in C++ and JavaScript (for the website) and exclusively encrypting and decrypting on the local PC. This means that your sensitive data does not travel over the Internet nor does it ever touch our servers, only the encrypted data does. This is the same encryption algorithm that is used by the US Government to protect its top-secret data.
Your encrypted data is meaningless to us and to everyone else without the decryption key. This key is created from your email address and Master Password. Your Master Password is never sent to LastPass, only a one-way hash of your password when authenticating, which means that the components that make up your key remain local. LastPass also offers an array of advanced security options that let youadd more layers of protection for your organization.
LastPass has multiple layers of protection in place that will lock down the device in cases of a brute force attack based on a deep and diverse set of criteria. To increase the security of your master password, LastPass utilizes a stronger-than-typical version of Password-Based Key Derivation Function (PBKDF2). At its most basic, PBKDF2 is a "password-strengthening algorithm" that makes it difficult for a computer to check that any one password is the correct master password during a brute-force attack. The standard implementation of PBKDF2 uses SHA-1, a secure hashing algorithm. SHA-1 is faster, but its speed is a weakness in that brute-force attacks can likewise be performed faster. LastPass has opted to use SHA- 256, a slower hashing algorithm that provides more protection against brute-force attacks. LastPass utilizes the PBKDF2 function implemented with SHA-256 to turn your master password into your encryp-tion key. By default, LastPass performs 5000 rounds of the function to create the encryption key, before a single additional round of PBKDF2 is done to create your login hash. We've taken every step to ensure our user’s security and privacy.
On Windows, the LastPass installer helps find insecure passwords stored on a user’s computer so that they can be saved securely in LastPass, eliminating their easy access by malicious software. As an addi-tional precaution LastPass uses SSL exclusively for data transfer - even though the vast majority of data being sent is already encrypted with 256-bit AES and is unusable to both LastPass and any party listening in to the network traffic. Our policy of never receiving private data that has not already been locked down with a LastPass master password (which we never receive and will never ask for) radically reduces attack vectors. We use firewalls and best practices to protect the servers and service, but our best line of defense is simply not having access to data even if someone were able to hack their way in. If LastPass can't access it, hackers can't either.
Strengthen Compliance Through Controlled Access and Monitoring
Safeguarding your customer’s personal information is a considerable challenge in today’s environment of remote offices, virtual employees, the increased use of Web services, and the increased incidence of cyber-attacks. Each regulatory framework is different, but HIPAA, PCI, SOX and GLBA all call for highly defined processes relative to employee access to data, the ability to track this access, and retention of these records. LastPass helps support corporate compliance efforts by:
Security & Compliance
• Empowering administrators to control employee access to specific tools and sites• Employers can impose specific criteria around the strength and length of the master passwords of their
employees.• Employers can mandate the use of multi-factor authentication for login to LastPass.• Employers can lock down access to LastPass based on IP Address and/or device. Access can be
restricted for all employees, or an elected sub-set.• With LastPass Shared Folders, Administrators can allocate logins to users as either hidden or
visible. Hidden passwords can only be utilized through LastPass auto-fill. Every login event is then captured and retailed in the Login Reports.
• Monitoring and logging all access by both employees and administrators• The LastPass Login Report captures (1) username, time date stamp, IPaddress and site name for
every login, (2) formfill events, (3) and all username and password updates, that are conducted using LastPass.
• The Shared Folders Report captures a detailed record of every Shared Folder created within the company, including: (1) assigned users, (2) access rights and permissions of each user relative to each folder, (3) full list of sites and tools shared with the folder.
• The Admin Events Report tracks administrator activity conducted with the Enterprise Console such as (1) new account created, (2) user account terminated, (3) policy edit or assignment. This report includes the name of the administrator, time/date stamp, IP Address and event type.
• Retaining access records for a minimum of three years• Each report is retained on our servers for a period of no less than 3 years. • Reports can be filtered by user, data range, and can be exported to Excel.
Safely Sharing Accounts With Others
LastPass uses public/private key cryptography - specifically RSA from Crypto++ and jsbn - to allow users to share their accounts with trusted parties, without ever sharing it with LastPass. The distinguishing technique used in public-key cryptography is the use of asymmetric key algorithms, where the key used to encrypt a message is not the same as the key used to decrypt it. Each user has a pair of cryptographic keys - a public encryption key and a private decryption key. Messages are encrypted with the recipient's public key, and can be decrypted only with the corresponding private key. This process is, of course, completely automated with no action required by the end user.
Account Recovery
With 'account recovery', we store an encrypted version of the user's encryption key on their hard drive and store an encrypted version of the key to decrypt the encryption key on our server. The encryptedvalue on their hard drive is useless without the encrypted key on the server. The encrypted key on our server is useless to us as we do not have the key to decrypt it. We force the end user to prove they are who they claim to be by validating their email and thereafter deliver the encrypted key to the user -- they then decrypt the key and use it to decrypt their encrypted key to gain access to a forced password reset module.
Availability
LastPass was built on the belief that users must always have access to their data – anywhere, anytime. We've accomplished this in multiple ways: first, we have multiple Tier 1 data-centers in production service at all times for full redundancy and availability. Second, we store the user’s encrypted data on the local PC at login, so that if LastPass.com cannot be reached, the user will still have full access to the add-on and to their stored accounts. The website can be used without installation of the add-on (the encryption and decryption happens in JavaScript), but we take advantage of faster encryption in the add-ons when available. LastPass also offers user access through the mobile site m.lastpass.com.
Off Site Backups
LastPass keeps daily local backups as well as a daily off site backup. Although private data is already encrypted on our servers, as an additional precaution backups are also encrypted with GPG.
Automated Testing
LastPass uses Paros to help verify it hasn't made common mistakes that could result in a XSS or SQL Injection attack, and Funkload to verify performance and create functional tests that are runby Nagios. Microsoft's Application Verifier and other tools are used to help identify common problems in the IE add-on as well as a number of Mozilla tools that are used to test the Firefox add-on.
Managing your Online Passwords
TodaysGoals
● To provide you with a password management solution/options that is available at a low cost or free.
● Learn about Password Managers● Learn How LastPass Works● Creating a LastPass Free Account● How to Access LastPass Free● Learn How to Save Sites and
Passwords● Learn How to Create Secure Notes● Use the Form Fill-In’s Feature● Learn How to Generate Strong and
Secure Passwords● Learn About Account Recovery
Options● Learn Where to Find Help
Special Topics in Cyber Security
What is a Password Manager?A Password Manager is a service that remembers your passwords, so you don’t have to. All you have to do is remember one Master Password!
In addition to helping you organize and manage your logins and passwords, a Password Manager also makes it easy for you to follow Best Password Practices.
Special Topics in Cyber Security
Password ManagersThe Best Password Managers of 2017 - PC Magazine
Five Best Password Managers - LifeHacker
Take Control of Password Chaos with These Six Password Managers - c|net
Special Topics in Cyber Security
What is LastPass?LastPass is a secure password management tool that provides individuals with a solution for creation, saving, management, and sharing* of passwords.
LastPass synchronizes everywhere with support for the most common browsers, operating systems, and mobile devices.
Data is encrypted locally and stored on LastPass servers that is not readable by anyone except for you. This means that sensitive data does not travel over the Internet, only the encrypted data does.
LastPass Review - PC Magazine
Special Topics in Cyber Security
LastPass EditionsLastPass Personal
● Free Edition● Premium Edition (Sharing of Passwords with Family Members)
○ $1/Month
LastPass Business
● Teams Edition● Enterprise Edition
Special Topics in Cyber Security
Why Use LastPass?LastPass allows you to create secure and strong passwords.
LastPass provides you with a single repository (LastPass Vault) to store your login and password information, sensitive data, and secure notes that are easily accessible to you in a variety of ways.
Saving and Managing Passwords with LastPass makes this process simple and secure! So no more passing around of paper notes, saving passwords in email, or sharing passwords in a password protected Word/Excel documents that can easily be compromised.
Special Topics in Cyber Security
How Does LastPass Work?
Special Topics in Cyber Security
Getting Started● Create an Account - www.lastpass.com
○ During this training session you will be creating a LastPass Personal account. You will need to use a personal email address and not your Bates email address.
● Access your Online LastPass Vault○ Login to your LastPass Web Vault
● Download and Install the Browser Plug-In○ LastPass is best accessed through your browser plug-in. The browser plug-in automatically
monitors sites and saves site information and injects usernames and passwords into login fields.
Special Topics in Cyber Security
Creating your Master Password
Your Master Password is the most important factor in securing your LastPass Vault.
Make your Master Password secure. Your Master Password should include at least 8 characters combining numbers, symbols, and letters, without using dictionary-based words.
Your Master Password should be something memorable. If you lose or forget your Master Password, there is NO WAY to retrieve it! Without your Master Password, your password vault is unaccessible and all of your information stored in it will be lost!
Special Topics in Cyber Security
Accessing LastPassYour LastPass Vault can be accessed in a variety of different ways.
● Browser Plug-In (Recommended and Easiest)○ Most web browsers are supported!
■ Chrome, Safari, Firefox, Opera, Maxhon, Internet Explorer
● Web Vault○ https://www.lastpass.com/
● Mobile Access○ iOS - iPhone/iPad○ Android○ Windows Phone
Meet your LastPass Vault
Meet the Browser Extension
Special Topics in Cyber Security
Saving Sites and PasswordsLastPass saves and fills in logins and passwords for your (Sites).
Use the LastPass in-field icon to save a new login or to select from the account you have already stored.
LastPass can also generate secure, unique passwords for you. Consider updating account passwords with one that has been generated by LastPass!
Advanced Features:
● Automatic Login / Disable Login● Require Password Reprompt
Adding & Saving Sites
Special Topics in Cyber Security
Saving Sites and Passwords
Special Topics in Cyber Security
Creating Secure NotesWith LastPass Secure Notes you can securely save things like Credit Card Information, WiFi logins, PIN Codes, Membership information, or anything that should be saved securely.
Secure Notes also allow you to add attachments to your Secure Notes.
Special Topics in Cyber Security
Creating Secure Notes
Special Topics in Cyber Security
Using Form Fill-In’sSave time and create a secure form fill profile(s) for simplified automatic filling of online forms.
Consider creating different forms for different purposes (identities).
● Different Address Information● Different Department Information
Filling a Form
Special Topics in Cyber Security
Using Form Fill-In’s
Special Topics in Cyber Security
Security ChallengeOnce you have started to add your login and password information (site), take the LastPass Security Challenge.
The LastPass Security Challenge identifies weak, duplicate, and potentially breached passwords.
Special Topics in Cyber Security
Multifactor AuthenticationAdd another layer of security to your LastPass account with multifactor authentication to protect against keyloggers, phishing, and other threats.
● Google Authenticator● LastPass Authenticator
Special Topics in Cyber Security
Generating Secure PasswordsLastPass Free Edition can generate strong and secure passwords for you.
Generating a Password
Special Topics in Cyber Security
Share Single PasswordsWith LastPass Free Edition you can share single site information with another individual. They will need to create a LastPass account in order to access the site information shared with them.
Special Topics in Cyber Security
Emergency Account RecoveryEstablish an emergency contact to access your LastPass Free account in the case of an emergency where you may not be able to access your account.
Special Topics in Cyber Security
Account RecoveryIt is very important that you remember your LastPass Master Password. If you forget your Master Password, there are few options available to recover your account.
If you are not successful in recovering your account, all of your secured data in your LastPass Vault will be lost!
Visit lastpass.com/forgot.php to initiate the account recovery process.
Special Topics in Cyber Security
Account Recovery
Special Topics in Cyber Security
Getting AssistanceGetting Started with LastPass
● https://helpdesk.lastpass.com
Visit the LastPass Support Center
● https://lastpass.com/support.php
Special Topics in Cyber Security
Thank You!Special Topics in Cyber Security - Managing your Online Passwords
Lee Philip J. DesiderioInstructional Support Manager
Bates College(207) 786-6181/x6181
[email protected]@bates.edu
![Configuring LastPass - password manager [RT]...Why MFA and a Password Manager? Lastpass Authenticator Lastpass Password Manager ECU bought LastPass enterprise and ECU staff is entitled](https://static.fdocuments.us/doc/165x107/5ed3b4b3a74f540d6d3546af/configuring-lastpass-password-manager-rt-why-mfa-and-a-password-manager.jpg)
