Never memorize more than one password!
A password manager can:
- Secure and organize multiple passwords.
- Generate extremely strong passwords that you don't have to memorize.
- Use simple copy/paste or adanced web browser integration to input the appropriate password without typing.
A password manager is only as secure as:
- The strength of your master pass phrase.
- How well the company used cryptography in the app.
- Use a master pass phrase for your password manager that is easy-to-type.
- Make it 12 or more characters long.
- Make it different than your Pepperdine NetworkID password.
- Back up your password database with your normal file or disk backup methods [in case your storage fails or your device is stolen/lost].
- Sync your password manager database to cloud storage (if supported) so it can be securely shared between your computer and other devices.
CAUTION: Choose a strong master pass phrase that you can remember; without the master pass phrase no one can access the passwords, not even you!
Recommended Password Managers
- User Friendliness: A The browser integration and multi platform sync in this application, as well as its availability across all major operating systems and devices, may make it a worthwhile investment.
- Cost: Paid (free for mobile). Use the smartphone or tablet versions standalone for free or upgrade them to integrate with the paid desktop versions. More info on 1Password at their Home Page or purchase (Mac/Windows) or download free (iOS/Android) from links at their education store.
- Use Case: You have a lot of passwords or intend to use them on multiple devices and keep them in sync.
Pepperdine LastPass Enterprise
Personal LastPass is NOT Recommended for University work.
- User Friendliness: B+ The browser integration is sometimes clunky.
- Cost: Paid (Licensed by ISO). If this is the right Password Manager for your department's use case, we have a limited number of licenses for testing through October 2018). You can call ISO for a consultation or request a license through our form.
- Use Case: Your technical or administrative team needs auditably strong passwords, management of many passwords, perhaps including those which must be securely shared between authorized users (e.g. Admin accounts like Unix root, Windows Administrator, database or service access passwords or financial account PINs).
KeePass and KeePassX
- User Friendliness: C+
- Cost: Free (Windows and Mac) or Paid (mobile). Access KeePass (Windows) from its home page, or KeePassX (Mac/Windows) from its download page.
- Use Case: You have just a few passwords and intended to store all your passwords on a computer and mobile device.
- User Friendliness: C
- Cost: Free (Windows and Universal Java Version) or Paid (native versions for mobile & Mac) This password manager has both a free Windows and a free Java version (runs on any computer with Java). There are enhanced paid versions of the software for Mac, iOS, Android. Find more info about Password Safe at its Home Page or get the free Java version. Mac users will have to control-click and select OPEN to run the Java version the first time.
- Use Case: You have just a few passwords and intended to store all your passwords on a single computer.
The Information Security Office (ISO) lists the password manager programs below at the Recommended level, which means ISO has evaluated the application and determined:
- The app meets high standards of security, limited only by the strength of your master passphrase.
- The app meets minimum standards of user friendliness.
- Security and usability feedback on Recommended programs is solicited for submission at email@example.com.
CAUTION: Use of other apps instead of these recommended programs is risky, because they are NOT certified to do the job securely; many companies that sell security apps don't do a good job implementing encryption and some password managers have fallen into that insecure category in the recent past.