Special LastPass Announcement - 12/23/2022
If you are reviewing this webpage because of the special announcement regarding the LastPass breach, thank you for taking the time to secure your information. Please reads the section below about changing your password at LastPass.
Overview
It is important to make your passwords long enough so that they can't easily be guessed. Do not use single words or names as passwords. They are too easily broken by computers today. The longer a password is, the more secure the password will be. The old "complexity rules" do play a part in security, but the main factor is the length of the password.
MED IT recommends using a password manager to help secure your various passwords. There are may tools available and you should choose the best one for you. You might choose to use the password manager built into your mobile device. It will be iCloud for Apple users. For Android users it will likely depend on the phone manufacturer like Samsung, Google, or Motorola.
You may be using the password manager built into your web browser such as Google Chrome, Mozilla Firefox, or
There are very good multi-platform tools that you can use on your mobile device and from your computer or from a web browser. Services such as LastPass, 1Password, or Bitwarden are great options. MED IT recommends using one of these tools because of their utility in various situations.
Protecting your passwords
All of these password managers use similar techniques to secure your information. You need to create a "master password" that you use as your key to access the rest of your stored passwords. You should make sure your never use your master password anywhere except for this purpose. It is also important to make your master password secure. We recommend a passphrase, which is a series of random words or a sentence that you can remember, but would be hard for others to guess. (*but don't use a song lyric, those might be too easy to guess. Everyone knows how much you like sweet Caroline... bah bah bahhh.)
Changing your "master password"
It is good to periodically change your master password. If you use a good, strong, long, master password you don't need to do this often. However, it is good practice to change it from time to time. If you need to change your master password, please follow the instructions from your password manager's website. For the 3 recommended tools, here are the links to instructions on how to change your master password.
If you suspect that your master password has been compromised in any way, we recommend that you change your master password right away.
Passwords vs. Passphrases
One of the most important things is not to reuse your password from one service to another. This becomes a very difficult problem to overcome, but one technique is to use a pasphrase instead of a password. Most websites today will allow you to use long "passwords". Depending on the service and their systems they may have different rules, but it is generally accepted that the longer the "password" is, the better it is. This is where passphrases come in. It is easier to remember a meaningful sentence than a randomly generated string letters, numbers, and characters. For example you may use a phrase like "The bank was at 2022 Sampson Street when I was a child." as you banking passphrase. It is something meaningful to you, but would be very difficult to guess. It also doesn't have to be actually accurate, just something that you will remember. (*please don't use this example)
More info about passwords vs. passphrases.