Password Managers
Never memorize more than one password!
A password manager can:
- Secure and organize multiple passwords.
- Generate extremely strong passwords that you don't have to memorize.
- Use simple copy/paste or advanced web browser integration to input the appropriate password without typing.
A password manager is only as secure as:
- The strength of your master passphrase.
- How well the company used cryptography in the app; all the apps listed below have good cryptography.
When to use a Password manager
Keep your work and personal passwords stored separately. Don't use a browser to remember your passwords, it is not secure. If you have multiple passwords (and don't we all?) use a password manager to secure and remember your passwords. Don't re-use your Pepperdine password outside of Pepperdine sites. Password re-use in general is a Very Bad Thing™.
Should you use a Password manager for work?
If you just have your Pepperdine NetworkID password, you don't need a password manager. for work Just follow our tips for a strong password. If you have multiple passwords for work related tasks, e.g. your Pepperdine NetworkID password, plus passwords that are different for web apps or services your department uses, then you should use a password manager to create unique passwords for each work servic, remember and secure them under vault passphrase. Only use the recommended password managers below for work.
Tips
Password manager security is only as good as your master passphrase. If this passphrase is short, weak or not complex, someone will get into your vault.
- Use a master passphrase for your password manager that is easy-to-type.
- Make it 15 or more characters long.
- Make it different than your Pepperdine NetworkID password.
- Back up your password database with your normal file or disk backup methods [in case your storage fails or your device is stolen/lost].
- Sync your password manager database to cloud storage (if supported) so it can be securely shared between your computer and other devices.
- Turn on Multi-factor Authentication (MFA) for access to your password vault.
CAUTION: Choose a strong master pass phrase that you can remember; without the master pass phrase no one can access the passwords, not even you! Do NOT use any recovery scheme that involves answering questions about your life history.
Recommended Password Managers
1Password
- User Friendliness: A. The browser integration and multi-platform sync in this application, as well as its availability across all major operating systems and devices, may make it a worthwhile investment.
- Cost: Subscription. More info on 1Password at their Home Page or purchase (Mac/Windows) or download free (iOS/Android) from links at their education store.
- Use Case: You have a lot of passwords or intend to use them on multiple devices and keep them in sync.
KeePass and KeePassX
- User Friendliness: C+
- Cost: Free (Windows and Mac) or Paid (mobile). Access KeePass (Windows) from its home page, or KeePassX (Mac/Windows) from its download page.
- Use Case: You have just a few passwords and intended to store all your passwords on a computer and mobile device.
Password Safe
- User Friendliness: C
- Cost: Free (Windows and Universal Java Version) or Paid (native versions for mobile & Mac) This password manager has both a free Windows version and paid non-subscription app store versions of the software for Mac, iOS, Android. Find more info about Password Safe at its Home Page .
- Use Case: You have just a few passwords and intended to store all your passwords on a single computer.
Bitwarden - provisionally recommended for personal use 2024
- User Friendliness: A
- Cost: Free for personal use, though there are paid plans.
- Use Case: You are looking for a personal password manager that is free and can be used across several devices.
Pepperdine LastPass Enterprise
- User Friendliness: A. The browser integration requires separate log in each browser; this could be an advantage if you use Chrome for work LastPass and Firefox for personal LastPass. If you use multiple browsers for work, 1Password is single login for all browsers.
- Cost: Paid (Licensed by ISO). If this is the right Password Manager for your department's use case, we have a limited number of licenses. You can call ISO for a consultation or request a license through our form.
- Use Case: Your technical or administrative team needs auditably strong passwords; team management of many passwords, perhaps including those which must be securely shared between authorized users (e.g. Admin accounts like Unix root, Windows Administrator, database or service access passwords or financial account PINs). Also good use case for colleagues that have passwords for many ( > 3) work related services.
LastPass FREE is also ok for individuals with personal password management needs to save their personal Pepperdine password; do NOT use the sharing feature with University passwords. Note that as of March 2021 LastPass FREE is limited to syncing either computer browsers or mobile devices, but not both. There are subscription versions of the program which are also OK for personal use.
Support
The Information Security Office (ISO) lists the password manager programs below at the Recommended level, which means ISO has evaluated the application and determined:
- The app meets high standards of security, limited only by the strength of your master passphrase.
- The app meets minimum standards of user-friendliness.
- Security and usability feedback on Recommended programs is solicited for submission at infosec@pepperdine.edu.
CAUTION: Use of other apps instead of these recommended programs is risky, because they are NOT certified to do the job securely; many companies that sell security apps don't do a good job implementing encryption and some password managers have fallen into that insecure category in the recent past.