Pitt Password Manager: Frequently Asked Questions | Information Technology | University of Pittsburgh
!

You are here

Pitt Password Manager: Frequently Asked Questions

What happens to my Pitt Password Manager (LastPass) account(s) when I leave the University? 

  • Personal Accounts with Premium Status (Premium): These accounts transition from Premium status to LastPass Free status. Students who graduate from Pitt will be able to access their data and password information. Faculty and staff who officially retire from the University will also be able to do so.
  • Business Accounts: Students, faculty, and staff who have enrolled in a Business account will lose access to that account when they graduate or leave the University.

What’s the difference between Pitt Password Manager Business and Premium accounts?   

Please refer to our comparison matrix for details.

Why do you recommend storing personal credentials in a Pitt Password Manager Premium account instead of a Business account? 

Pitt Password Manager Business accounts are intended to store and protect University credentials. When you leave the University, access to your Business account—and any University credentials it contains—is disabled. If you have stored passwords for any personal services in your Business account, you will lose access to those passwords too. We recommend you store personal passwords in a Premium account as you will not lose access to those credentials when you leave the University. If you leave Pitt without graduating or retiring, your Premium account will transition to LastPass Free status and you will still be able to access your personal passwords, but with limited features.  

Why am I having issues with the LastPass extension for Safari?

In Jan. 2019, Apple implemented a change in the way they handle Safari extensions. Users are now required to download and install a Mac App to get the LastPass extension for Safari. Learn how to download the Mac app... 

How does Pitt Password Manager (LastPass) work with Pitt Passport, the University’s single sign-on service?  

You can save your single sign-on (Pitt Passport) credentials to your Pitt Password Manager (LastPass) vault. Afterwards, Pitt Password Manager should autofill your login credentials the next time you load a University website using the Pitt Passport login page (my.pitt.edu, accounts.pitt.edu, pitt.box.com, software.pitt.edu, etc.). 

However, you will not be able to launch the Pitt Passport login page directly from your LastPass vault. This is because when you save your Pitt Passport login credentials, LastPass saves the redirect URL for Pitt Passport. The redirect URL cannot be used to log you in to a specific service provider’s site. 

I use another password manager. Can I import my passwords into Pitt Password Manager?

Yes. You can import passwords from other services into Pitt Password Manager>

What can I do if I forget my master password? 

If you set up the SMS account recovery option> when creating your account, you can recover your own master password>. If you did not set up the SMS account recovery option, you may still be able to recover your master password using an alternative method>.

  • If you are unable to recover the master password for your Business account, contact the 24/7 IT Help Desk. They can help reset it.  
  • If you are unable to recover the master password for your Premium account, then your only option is to delete your account> and recreate it. Neither the 24/7 IT Help Desk nor LastPass can help recover master passwords for Premium accounts. Note: deleting your account removes all data from your account.        

Why can’t I use Pitt Passport to log in to my vault using my University Computing Account password?

We chose not to implement a single sign-on (SSO) model with Pitt Password Manager (LastPass) because of the following key limitations:

  • No offline access to your passwords: You would always need to be connected to the Internet to use Pitt Password Manager (LastPass). 
  • No account linking: You would be unable to link a Pitt Password Manager Premium account to your Pitt Password Manager Business account. 
  • No one-time passwords: When accessing Pitt Password Manager from a public computer, you may not want to use your master password. LastPass provides the capability to use one-time passwords that are good for only one login. These one-time passwords are not available if SSO is used.

Why should I trust LastPass?    

No company should be implicitly trusted. However, when considering whether to utilize the service, keep in mind that independent third-party assessments have verified LastPass’ claims of security. It is also highly regarded among security researchers. You can read more about their security at https://lastpass.com/enterprise/security/.  

What if LastPass is hacked?    

LastPass was hacked in July 2015. The attackers attempted to gain access to password vaults and steal passwords. They were unsuccessful because LastPass does not have access to your password vault or your master password. Without your master password, the passwords you store in LastPass stay encrypted.  

Read more about the LastPass incident>

Can LastPass see my individual passwords or my master password?  

No. Your master password, and the keys used to encrypt and decrypt data, are never sent to LastPass’ servers. LastPass employs a zero-knowledge model, which means all sensitive data is encrypted locally at your device with a key that is never transmitted to LastPass. You can read about LastPass Security and Privacy Operational Controls for more information about their security architecture.

Can the University see any data in my Pitt Password Manager account​?  

  • Premium accounts: The University cannot see the passwords or any other data stored in your Premium account vault.
  • Business accounts: The University cannot see the passwords stored in your Business account vault. A few University super administrators can see the names of saved sites and some reporting activity, like password strength and how often you log in.
  • Business account shared folders: The University cannot see the contents of a shared folder in an business account vault. A small number of University super administrators can see the names of the shared folders and their status in the system only. This status information includes the list of shared users for the folder, the rights the user(s) holds for the folder, and users with administrative privilege.

Can I use Pitt Password Manager to share my University Computing Account password?  

No. You should never share your University Computing Account password with anyone for any reason.

Pitt Password Manager does allow you to share login credentials for sites. However, you should only share login credentials for departmental systems that do not utilize your University Computing Account password. Make sure you have permission from the appropriate individuals in your department before sharing credentials for a departmental site or service.

Why doesn’t Pitt Password Manager autofill my login credentials for a certain website?  

LastPass works smoothly with many sites, but some websites and web browsers interpret scripts differently. If LastPass does not autofill your passwords, you can obtain your passwords by clicking the LastPass icon in your web browser and selecting Open My Vault. You can then copy usernames and passwords directly from your vault.

How can I share Sites and Secure Notes with other Business accounts?  

Follow these rules and best practices:

  • In order to share items such as Sites and Secure Notes, they must first be placed in a shared folder. Shared folders are explicitly required for sharing among enterprise accounts. The administrator of the folder can grant access to users and manage the items in the folder. Each shared user will be able to see the Sites and Secure Notes in their vaults. Any updates to those items will be reflected for everyone in the shared folder.
  • When granting user(s) rights to shared folder(s) from the Sharing Center, make sure to only invite users that are currently Business account holders in Pitt Password Manager. If the person with whom you wish to share a folder does not show up in the drop-down list, suggest that they enroll in a Business account first. Disregard any windows that ask to send an email inviting someone to join LastPass.   
  • Make sure to have at least two administrators for shared folders as a best practice. Having at least two administrators means there is little chance that a folder will be lost or stranded in the case of someone leaving the University. 
  • Groups are not supported at this time.
  • Business accounts can receive sharing requests from other types of LastPass accounts.

Can LastPass Premium accounts share sites and secure notes?  

  • Yes. Premium accounts may share Sites and Secure Notes with all of the other account types. However, Premium accounts cannot share folders.
  • Premium account holders need to be careful not to invite pitt.edu addresses without confirming beforehand if the user has a Pitt Password Manager account. Business to Business folder sharing is preferred to other sharing options within the Premium account type and other account types.
  • In general, you should not share credentials from your Premium account with anyone from Pitt, as it is a best practice not to mix personal credentials with Business accounts. If you are sharing a Pitt-related credential, that item should likely be moved into your Business account and shared in a folder.

Can I create multiple Pitt Password Manager Premium accounts?  

No. When you create a Premium account at lastpass.com/partnerpremium/pitt, your Premium account is associated with your University email address. Only one Pitt Password Manager Premium account can be associated with your University email address.

Do I need to renew my Premium status?  

No. Your Premium status will renew automatically each year.

Do I need to renew my Business account?  

No. You do not need to renew your Business account. Keep in mind, however, that once you leave the University, your Business account is disabled.