LastPass Business is now available to UC Berkeley departments for storing institutional account information. LastPass Business accounts enable campus teams to share secrets, credentials, and keys, as well as sharing with other LastPass Business teams at UC Berkeley. Note: Business should not be used to store or share your personal CalNet credentials.
More information about what LastPass is, along with how and why it should be used, can be found at: https://www.lastpass.com/business-password-manager
Getting Started with LastPass Business
Your department will need to assign two or more LastPass Administrators to administer their Business instance. Below are a few requirements that departments need to be aware of before requesting a LastPass Business account.
- You must use your @berkeley.edu email to access LastPass Business. If you are using your @berkeley.edu email address in any other LastPass account of any kind, you must change the email address associated with your other LastPass account.
- Follow these instructions to change the email address on the other account: https://support.logmeininc.com/lastpass/help/how-do-i-change-my-email-address-for-lastpass
- Our LastPass Business version allows a user to be in only one Business account. If you are already in an Business account, there will be extra steps to move your account.
- If you are already in an Business account, please email calnet-admin@berkeley.edu for assistance.
- Duo MFA is required for all Business accounts; Duo Push, Duo Mobile passcodes, Security Keys (U2F or WebAuthn), or Touch ID are acceptable authentication methods. Phone callback, SMS, and simple hardware tokens are not supported.
- ISO will set up LastPass Business account policies on Business accounts to allow certain account admins to reset master passwords for users in that account. ISO will configure local admins or superusers to be able/responsible for passphrase resets.
- ISO will retain access in each LastPass Business instance to assist with emergency passphrase resets.
- ISO will configure policies in LastPass Business to forward event logs to ISO.
- Your department or unit will determine who will administer the Business account. Administrators are usually technologists or IT help desk staff who are comfortable taking on the administrative role and understand the requirements and risks.
Once the above requirements are understood, a designated LastPass administrator for your department will need to request a LastPass Business account via the LastPass Business Request Form.
Activate your LastPass Business account
Install Browser Extensions and Mobile Apps
Users should prepare their browser to use LastPass Business by going to the LastPass Download webpage and downloading the appropriate plug-on or browser extension: https://lastpass.com/misc_download2.php
Activate Your Account
Departmental LastPass Business administrators will invite users to their instance. The email invitation will come from LastPass <do-not-reply-support@lastpass.com> and will include an activation code for users to activate their account and set their Master Password.
Click on the Activate LastPass button to start. Users will be asked for their Activation code and to create a master password.
Set Your Master Password
For security purposes, the master password must be a strong, complex password.
- At least 20 Characters
- Password characters must be from all 4 of the following character sets:
- numbers [0-9]
- lowercase letters[a-z]
- uppercase letters[A-Z]
- special characters[!@#$,^ etc]
- The passwords must be complex and not easily guessed or obtained.
- Do not use simple words. e.g. "password," "welcome," or "hello"
- Do not include three or more consecutive characters from your user name
- Master Passwords must be reset every 365 days
- If you reuse a Master Password elsewhere in LastPass, you will be required to reset it. Your Master Password cannot be reused elsewhere.
Set Up Duo MFA
After the Master Password is set, log in again and click the link to verify your Duo Security setup. You will be asked to provide your CalNet ID on the next screen, and complete a Duo Security challenge before being logged in to LastPass Business.
Link Personal Account
ISO offers LastPass Business users the option to link a personal account to their Business account. This is entirely voluntary and is not required. When a user completes their first login, they will be prompted to set up a linked account.
Additional information on Linked account
Both the linked personal account and the Business account are encrypted, with different encryption keys. When linked, the Business account can view data within the personal account but not vice versa. The linked personal account can be any “free” or “premium” account. Free LastPass Premium accounts are available to anyone with a valid berkeley.edu email address thanks to Premium as a Perk. LastPass cannot auto-create a “premium” account for any entity, since the end-user will always need to define the master password for encryption and access.
Browser Extensions and Mobile Apps
If you have not yet done so, install Browser Extensions and mobile apps. Downloads for plug-ins or add-ons for other browsers and operating systems can be downloaded at the LastPass Download webpage https://lastpass.com/misc_download2.php
Set Up Recovery Options
It is extremely important that you set up recovery options for your account. https://support.logmeininc.com/lastpass/help/how-do-i-set-up-all-account-recovery-options-for-lastpass details all recovery options. At a minimum, we recommend using the LastPass browser extension. Signing in to LastPass using the extension regularly will ensure that your administrators can help you reset your Master Password, if you forget it.
Managing Sharing and Shared folders
In order to share credentials with team mates, you need to first create a shared folder, and then share the folder with your colleagues.
Create a LastPass Business shared folder - LastPass Support
About LastPass Business Shared Folders - LastPass Support
Add and Manage LastPass Business Groups - LastPass Support
A note about shared folders: Your department LastPass Admin will NOT automatically have access to your shared folders. In order to ensure that access to a shared folder is not lost when a user leaves campus, please consider adding your department Admin to your shared folders.
Training and Support
LastPass Video Tutorials
- https://support.logmeininc.com/lastpass/video
- These videos include Browser extensions, user training, Mobile Apps, Account Recovery information, Password Management, Sharing and Shared Folders, and a variety of Administrator tools.
Online Training
- LastPass provides a one hour training session with Q&A for users and administrators. We recommend everyone watch the live training or the recorded versions: https://support.logmeininc.com/lastpass/help/free-live-training-lp010018
Support
- Primary support is provided solely by LastPass and is accessible through your departmental Administrator. Find your Admin, here.
- You can check the status (incidents, outages, etc.) of LastPass at https://status.lastpass.com
- See Business Help for additional help resources.