Never memorize more than one password!
A password manager can:
- Secure and organize multiple passwords.
- Generate extremely strong passwords that you don't have to memorize.
- Use simple copy/paste or advanced web browser integration to input the appropriate password without typing.
A password manager is only as secure as:
- The strength of your master passphrase.
- How well the company used cryptography in the app.
- Use a master passphrase for your password manager that is easy-to-type.
- Make it 15 or more characters long.
- Make it different than your Pepperdine NetworkID password.
- Back up your password database with your normal file or disk backup methods [in case your storage fails or your device is stolen/lost].
- Sync your password manager database to cloud storage (if supported) so it can be securely shared between your computer and other devices.
CAUTION: Choose a strong master pass phrase that you can remember; without the master pass phrase no one can access the passwords, not even you!
Recommended Password Managers
- User Friendliness: A The browser integration and multi-platform sync in this application, as well as its availability across all major operating systems and devices, may make it a worthwhile investment.
- Cost: Paid (free for mobile). Use the smartphone or tablet versions standalone for free or upgrade them to integrate with the paid desktop versions. More info on 1Password at their Home Page or purchase (Mac/Windows) or download free (iOS/Android) from links at their education store.
- Use Case: You have a lot of passwords or intend to use them on multiple devices and keep them in sync.
Pepperdine LastPass Enterprise
- User Friendliness: A- The browser integration requires separate log in each browser; this could be an advantage if you use Chrome for work LastPass and Firefox for personal LastPass. If you use multiple browsers for work, 1Password is single login for all browsers.
- Cost: Paid (Licensed by ISO). If this is the right Password Manager for your department's use case, we have a limited number of licenses for testing through October 2019). You can call ISO for a consultation or request a license through our form.
- Use Case: Your technical or administrative team needs auditably strong passwords, management of many passwords, perhaps including those which must be securely shared between authorized users (e.g. Admin accounts like Unix root, Windows Administrator, database or service access passwords or financial account PINs).
LastPass FREE is also ok for individuals with light password management needs doing University work, just use separate accounts for your personal and University passwords.
KeePass and KeePassX
- User Friendliness: C+
- Cost: Free (Windows and Mac) or Paid (mobile). Access KeePass (Windows) from its home page, or KeePassX (Mac/Windows) from its download page.
- Use Case: You have just a few passwords and intended to store all your passwords on a computer and mobile device.
- User Friendliness: C
- Cost: Free (Windows and Universal Java Version) or Paid (native versions for mobile & Mac) This password manager has both a free Windows and a free Java version (runs on any computer with Java). There are enhanced paid versions of the software for Mac, iOS, Android. Find more info about Password Safe at its Home Page or get the free Java version. Mac users will have to control-click and select OPEN to run the Java version the first time.
- Use Case: You have just a few passwords and intended to store all your passwords on a single computer.
The Information Security Office (ISO) lists the password manager programs below at the Recommended level, which means ISO has evaluated the application and determined:
- The app meets high standards of security, limited only by the strength of your master passphrase.
- The app meets minimum standards of user-friendliness.
- Security and usability feedback on Recommended programs is solicited for submission at firstname.lastname@example.org.
CAUTION: Use of other apps instead of these recommended programs is risky, because they are NOT certified to do the job securely; many companies that sell security apps don't do a good job implementing encryption and some password managers have fallen into that insecure category in the recent past.