Recommended password managers
The LiU guidelines for information security state that a password used to log in to the LiU network must not be used for any other service. We recommend the use of a password manager to make it easier for students and co-workers to increase security for all their IT applications, and in particular their private use.
Password managers make it easier to use strong passwords and to use different passwords for each service. It is sufficient to remember one password, which gives access to all the user’s unique passwords – not just the LiU password, but also passwords for private email, social media, and websites that apply individual membership.
There are two main types of password manager: those that store the passwords on the user’s device, and those that store the passwords in the cloud. Cloud-based services make it easy to gain access to all passwords on all devices, while those that store passwords locally in devices give a higher degree of control.
Since it is probable that a password manager will mainly contain passwords that are used privately, we recommend that a private email address be used when registering with a cloud-based service. This will make it easy to continue to use the service after leaving LiU.
For those who want to use a free solution, LiU recommends two alternatives: LastPass, which is a cloud-based service, and KeePass Password Safe, which stores passwords locally on the device.
LastPass is a cloud-based service that is available in both a free version and several paid versions. Most people will find that the functions available in the free version are sufficient for their needs. LastPass works in most web browsers and mobile units.
We recommend strongly that multifactor authentication is used with LastPass, to gain extra security.
LastPass has several alternatives for multifactor authentication. It is most simple to use the dedicated app (LastPass Authenticator), but anyone who already uses the Microsoft app (Microsoft Authenticator) or the Google app for multifactor authentication can use this app also with LastPass.
Choose a long and complex master password. The webpage from the IT Division, Tips for a more secure password, gives help in creating secure passwords.
Download LastPass from https://www.lastpass.com/
KeePass Password Safe is a program that runs on a device and stores passwords in a secure database. The passwords are normally not stored in a cloud-based service. KeePass is available for most systems and several plugins are available to adapt it to different requirements. The database can be stored on OneDrive to be accessed from several devices.
Choose a strong password to protect the KeePass database. The webpage from the IT Division, Tips for a more secure password, gives help in creating secure passwords.
Other password managers
Many excellent password managers are available. Some examples that can be recommended are 1Password (if it is used with multifactor authentication and the “secret key” function), Keeper (with multifactor authentication), and Enpass.
It is important to focus on security when choosing a password manager, particularly if using a cloud-based service. What is most important is that the supplier of the service must not be able to gain access to the passwords. The passwords must be stored in encrypted form, using AES (not DES or any other method), and the encryption and decryption must take place on the device on which the password is to be used, not on the supplier’s hardware. The supplier must not have access to the master password or to encryption keys.
Two-step verification (also known as multifactor authentication) must be used when using a cloud-based service.
Last updated: 2020-08-05