On Thursday, May 11, Pitt IT will activate two new security features for desktop users of LastPass — the provider for the University’s Password Manager and vault service — Dark Web Monitoring and increased Password Iterations. Dark Web Monitoring watches the LastPass account to see if there is any activity on the Dark Web for the user’s email address. Password Iterations improve the password strengthening algorithm used to customize a login encryption key, making it more difficult for unauthorized users to determine a master password.
For Dark Web Monitoring, the email address used to set up an account is now monitored and checked against security breaches. If an account is at risk, the user receives an email that identifies the potentially compromised website and provides additional, preventative security recommendations. Pitt IT Security recommends that users change the passwords for any accounts shown in such a report.
For Password Iterations, LastPass uses a password algorithm to turn the password into an encryption key. The result is compared with information stored in LastPass to verify that the correct master password has been entered for the user account.
No action is required for users to activate either of these features. Users may need to sign in to LastPass once the features have been enabled. At any time, users can also turn off the Dark Web Monitoring feature or customize the number of password iterations.
Visit the LastPass website for additional information about Dark Web Monitoring and Password Iterations. Please contact the 24/7 IT Help Desk at +1-412-624-HELP (4357) if you have any questions about this announcement.