Pitt Password Manager: Frequently Asked Questions | Information Technology | University of Pittsburgh

Pitt Password Manager: Frequently Asked Questions

What happens to my Pitt Password Manager (LastPass) account(s) when I leave the University? 

  • Premium Accounts: Students who graduate from Pitt will be able to keep their Pitt Password Manager Premium account for life at no charge. Faculty and staff who officially retire from the University will also be able to do so.
  • Enterprise Accounts: Students, faculty, and staff who have enrolled in an Enterprise account will lose access to that account when they graduate or leave the University.   

What’s the difference between Pitt Password Manager Enterprise and Premium accounts?   

Please refer to our comparison matrix for details.

Why do you recommend storing personal credentials in a Pitt Password Manager Premium account instead of an Enterprise account? 

Pitt Password Manager Enterprise accounts are intended to store and protect University credentials. When you leave the University, access to your Enterprise account—and any University credentials it contains—is disabled. If you have stored passwords for any personal services in your Enterprise account, you will lose access to those passwords, too. We recommend you store personal passwords in a Premium account so that you do not lose access to those credentials when you leave the University. If you graduate or retire from Pitt, you can keep your Premium account for life. If you leave Pitt without graduating or retiring, your Premium account converts to a Personal account that you will still be able to access, but with limited features.  

Why am I having issues with the LastPass extension for Safari?

In Jan. 2019, Apple implemented a change in the way they handle Safari extensions. Users are now required to download and install a Mac App to get the LastPass extension for Safari. Learn how to download the Mac app... 

How does Pitt Password Manager (LastPass) work with Pitt Passport, the University’s single sign-on service?  

You can save your single sign-on (Pitt Passport) credentials to your Pitt Password Manager (LastPass) vault. Afterwards, Pitt Password Manager should autofill your login credentials the next time you load a University website using the Pitt Passport login page (my.pitt.edu, accounts.pitt.edu, pitt.box.com, software.pitt.edu, etc.). 

However, you will not be able to launch the Pitt Passport login page directly from your LastPass vault. This is because when you save your Pitt Passport login credentials, LastPass saves the redirect URL for Pitt Passport. The redirect URL cannot be used to log you in to a specific service provider’s site. 

I use another password manager. Can I import my passwords into Pitt Password Manager?   

Yes. You can import passwords from other services into Pitt Password Manager>

What can I do if I forget my master password? 

If you set up the SMS account recovery option> when creating your account, you can recover your own master password>. If you did not set up the SMS account recovery option, you may still be able to recover your master password using an alternative method>.

  • If you are unable to recover the master password for your Enterprise account, contact the 24/7 IT Help Desk. They can help reset it.  
  • If you are unable to recover the master password for your Premium account, then your only option is to delete your account> and recreate it. Neither the 24/7 IT Help Desk nor LastPass can help recover master passwords for Premium accounts. Note: deleting your account removes all data from your account.        

Why can’t I use Pitt Passport to log in to my vault using my University Computing Account password?

We chose not to implement a single sign-on (SSO) model with Pitt Password Manager (LastPass) because of the following key limitations:

  • No offline access to your passwords: You would always need to be connected to the Internet to use Pitt Password Manager (LastPass). 
  • No account linking: You would be unable to link a Pitt Password Manager Premium account to your Pitt Password Manager Enterprise account. 
  • No one-time passwords: When accessing Pitt Password Manager from a public computer, you may not want to use your master password. LastPass provides the capability to use one-time passwords that are good for only one login. These one-time passwords are not available if SSO is used.

Why should I trust LastPass?    

No company should be implicitly trusted. However, when considering whether to utilize the service, keep in mind that independent third-party assessments have verified LastPass’ claims of security. It is also highly regarded among security researchers. You can read more about their security at https://lastpass.com/enterprise/security/.  

What if LastPass is hacked?    

LastPass was hacked in July 2015. The attackers attempted to gain access to password vaults and steal passwords. They were unsuccessful because LastPass does not have access to your password vault or your master password. Without your master password, the passwords you store in LastPass stay encrypted.  

Read more about the LastPass incident>

Can LastPass see my individual passwords or my master password?  

No. Your master password, and the keys used to encrypt and decrypt data, are never sent to LastPass’ servers. LastPass employs a zero-knowledge model, which means all sensitive data is encrypted locally at your device with a key that is never transmitted to LastPass. You can read about LastPass Security and Privacy Operational Controls for more information about their security architecture.

Can the University see any data in my Pitt Password Manager account​?  

  • Premium accounts: The University cannot see the passwords or any other data stored in your Premium account vault.
  • Enterprise accounts: The University cannot see the passwords stored in your Enterprise account vault. A few University super administrators can see the names of saved sites and some reporting activity, like password strength and how often you log in.
  • Enterprise account shared folders: The University cannot see the contents of a shared folder in an enterprise account vault. A small number of University super administrators can see the names of the shared folders and their status in the system only. This status information includes the list of shared users for the folder, the rights the user(s) holds for the folder, and users with administrative privilege.

Can I use Pitt Password Manager to share my University Computing Account password?  

No. You should never share your University Computing Account password with anyone for any reason.

Pitt Password Manager does allow you to share login credentials for sites. However, you should only share login credentials for departmental systems that do not utilize your University Computing Account password. Make sure you have permission from the appropriate individuals in your department before sharing credentials for a departmental site or service.

Why doesn’t Pitt Password Manager autofill my login credentials for a certain website?  

LastPass works smoothly with many sites, but some websites and web browsers interpret scripts differently. If LastPass does not autofill your passwords, you can obtain your passwords by clicking the LastPass icon in your web browser and selecting Open My Vault. You can then copy usernames and passwords directly from your vault.

How can I share Sites and Secure Notes with other enterprise accounts?  

Follow these rules and best practices:

  • In order to share items such as Sites and Secure Notes, they must first be placed in a shared folder. Shared folders are explicitly required for sharing among enterprise accounts. The administrator of the folder can grant access to users and manage the items in the folder. Each shared user will be able to see the Sites and Secure Notes in their vaults. Any updates to those items will be reflected for everyone in the shared folder.
  • When granting user(s) rights to shared folder(s) from the Sharing Center, make sure to only invite users that are currently enterprise account holders in Pitt Password Manager. If the person with whom you wish to share a folder does not show up in the drop-down list, suggest that they enroll in an Enterprise account first. Disregard any windows that ask to send an email inviting someone to join LastPass.   
  • Make sure to have at least two administrators for shared folders as a best practice. Having at least two administrators means there is little chance that a folder will be lost or stranded in the case of someone leaving the University. 
  • Groups are not supported at this time.
  • Enterprise accounts can receive sharing requests from other types of Pitt Password Manager accounts (Premium) and other personal LastPass accounts.

Can Premium accounts share sites and secure notes​?  

  • Yes. Premium accounts may share Sites and Secure Notes with all of the other account types. However, Premium users cannot share folders.
  • Premium account holders need to be careful not to invite pitt.edu addresses without confirming beforehand if the user has a Pitt Password Manager account. Enterprise to Enterprise folder sharing is preferred to other sharing options within the Premium account type and other account types.
  • In general, you should not share credentials from your Premium account with anyone from Pitt, as it is a best practice not to mix personal credentials with Enterprise accounts. If you are sharing a Pitt-related credential, that item should likely be moved into your Enterprise account and shared in a folder.

Can I create multiple Pitt Password Manager Premium accounts?  

No. When you create a Premium account at lastpass.com/partnerpremium/pitt, your Premium account is associated with your University email address. Only one Pitt Password Manager Premium account can be associated with your University email address.

Do I need to renew my Premium account?  

No. Your Premium will renew automatically each year. 

Do I need to renew my Enterprise account?  

No. You do not need to renew your Enterprise account. Keep in mind, however, that once you leave the University, your Enterprise account is disabled.