Password Managers
Purpose
As mentioned on UCSB's Information Security Website here, Password Managers are ideally a helpful way to store passwords for many services that you use both on campus and off-campus.
We strongly recommend users to consider using a Password Manager for the following reasons:
- Book/paper password keeping is not secure and can get lost/destroyed
- Document on the computer can be lost if the computer breaks down or is stolen
- Passwords left 'not encrypted' can be easily copied and exploited.
This article is only a recommendation with regards to Password Managers.
ECI currently does not have the ability to support or troubleshoot issues with Password Managers at this time.
Password Managers
UCSB Information Security (https://security.ucsb.edu) recommends LastPass and Bitwarden:
LastPass
LastPass (https://www.lastpass.com) is a service that provides secure Password Management in the cloud that doesn't cost anything for the basic service.
Passwords are encrypted and cannot be accessed unless you have the master key.
Pros
- In the cloud for access - Accessible if the computer is not.
- Can be used on most Web Browsers for Desktop use for Free.
- Can use Multi-Factor Authentication for additional security.
- Can share passwords with others using LastPass securely.
Cons
- Requires paying to get additional feature use such as:
- Ability to use the Smartphone App to get access to your passwords.
- Able to access your Passwords on multiple Devices - Free Version only works on the device it is set up on.
- Group Defined sharing (Using Enterprise Version)
- No Master Password Recovery - If you forget your password, you are unable to access your vault.
- Internet Explorer and Opera not supported by LastPass.
Bitwarden
Bitwarden (https://bitwarden.com/) is an opensource Password Manager that will keep your passwords in an encrypted database that can only be unlocked with one password.
UCSB used to recommend prior to 2022 KeePass (https://keepass.info/), another open source password manager that was purely local on computers only. Bitwarden has additional features such as online and cell phone features that can be enabled. Keepass is still being updated and maintained if you want something lighter than Bitwarden that has absolutely no online components and does nothing but store passwords in an encrypted file.
Pros
- It is free and open source, so no cost.
- No online component unless you either upgrade to a paid version or enable extra features.
Cons
- Only resides on the computer unless you either upgrade to a paid version or save the keyfile on a Cloud Service like OneDrive, Google Drive or DropBox.
- Cannot share passwords to others in a secure way unless you upgrade to a paid version
Other Password Managers
We have seen other groups recommend the following:
1Password
1Password (https://1password.com) is another Password Manager that has a 30 day trial and offers similar Cloud Password Management like LastPass.
Dashlane
Dashlane (https://www.dashlane.com) is another Password Manager some groups are using that.
This is also a Cloud Password Management like LastPass.