Passwords – you can’t escape them. Logging into your computer? Enter your password. Checking your email? Enter your password. Online banking? Enter your password. Passwords are such an integral part of online life, it’s easy to forget how important they actually are for protecting your digital footprint. Here are some tips for becoming a password pro.

The Art of the Password

Just having a password isn’t enough to protect you from cybercriminals trying to obtain your sensitive information. Creating a strong password that can withstand the efforts of bad actors online takes some thought and effort.

• Don't share your password … not even with your computer. When you let your browser "Remember me," someone who gets access to your Google account or your device has access to your passwords.
• Don't use obvious passwords, such as something linked to your personal life, like your last name, birthday or anniversary, or pet’s name. This info can be easily found by cybercriminals through a quick media search.
• Go long, complex, or both. A complex password includes a mix of upper- and lower-case letters, numbers, and special characters. Length is even better than complexity. A long password that uses a number, special character, and capital letter is the best of both worlds. Pitt Passport allows you to use up 14 characters—use them all.
• Use a passphrase. It’s much easier to remember a phrase than a random string of characters and numbers. “IReallyLoveMy3Kittycats!” or “IwenttoMyrtleBeachin2021!” is long, complex, and easy to remember!
• Keep them unique – use a different password for EVERY site or service. Unique passwords ensure that if one of your accounts ends up being hacked, it doesn’t put the rest at risk. If you realize you’ve created a similar or identical password for multiple accounts, change one of them to be sure each account’s password is unique.
• Change your passwords occasionally. For important accounts that give direct access to your finances, confidential health or personal information, or your institutional or governmental accounts, it’s a great idea to change them every so often, even if you are not required to do so.
• Be alert for signs your account was compromised. Strange notices? Purchases you don’t recognize? Strange posts? Trouble logging in? If you have even the slightest suspicion someone’s been mucking about in your account, change your password/security Qs ASAP.
• Strengthen your security questions. These questions are pretty standard, and the answers are often easy to find with a little online sleuthing. To make them harder to guess, you can always lie or use a passphrase as an answer (e.g., MyfirstpetwasBuddy).
• Use Multifactor Authentication whenever possible. Pitt uses Duo for multifactor authentication. Many other services like Facebook, Google, and most online banking offer multifactor authentication as well. Check your settings and turn on multifactor.
• Last, but certainly not least – use a password manager! Password managers are powerful apps made to keep track of and protect all your passwords, as well as generate strong passwords to use on your accounts. They make following the above rules much easier.

LastPass – The Key to Password Mastery

LastPass is Pitt’s password manager of choice, and it’s free for students, faculty, and staff. LastPass makes your life easier by saving your passwords in a secure vault, and makes hackers’ lives harder by helping you generate strong, unique passwords for every service you use. All you have to remember is the master password for the account. LastPass can auto-fill your logins, auto-save new logins, and store other important info, like payment information or insurance numbers.

Setting up LastPass is simple. First, create an account and set up your master password. (We recommend a long passphrase that’s easy to remember and hard to guess.) Then, download the browser extension and mobile app. That way, you can access your passwords across multiple devices. Pitt IT has step-by-step instructions on how to set up an account using your Pitt credentials.

Here are a few steps you should take so you can get the most out of LastPass.

1. Enable SMS recovery. This is super important in case you ever forget your master password! It will send a text verification to your phone, so can easily reset it.
2. Import passwords saved in Chrome into LastPass. If you have passwords saved in your browser (Chrome), importing them into LastPass is a snap – no need to manually enter them! You just export them from Chrome and upload them into LastPass.
3. Disable auto-save in your browser, so your credentials no longer save to your browser. The point of LastPass is to keep all your passwords in one secure place, not across multiple services.
4. Delete the passwords from your browser’s password manager. Again, not to nag, but the goal is to use LastPass and only LastPass. Browser password managers are not as secure as LastPass, so make sure none of your credentials are still lingering in the old service.
5. Enable autofill, especially on mobile devices. Autofill makes it quick and easy to retrieve your info from LastPass and use it on all of your sites and services. From a PC, you just install the browser extension and make sure you’ve logged into it when you go online. On a mobile device, it’s a little more complicated, since you have to explicitly enable autofill and may have to disable your device’s other autofill options (e.g., disable Safari autofill).

Now that you’re all set up, you can go forth and use all of your favorite online services in peace, knowing that your passwords are safe sound with LastPass. And, once it comes time to make a new password, you can quickly and easily create a strong one with LastPass’s password generator.

Passwords are the first line of defense when it comes to cybersecurity. Use these tips, and you will become a Password Master in no time! To learn more:

• Attend the Cybersecurity, Password Hygiene, and LastPass webinar on Thu., Oct. 28 @ Noon.
• The webinar will be made available on demand from the LastPass webpage at pi.tt/password.

-- By Mary Rose O’Donnell, Student IT Blogger