Can I keep my LastPass account if I leave the University?

Signing up for LastPass through the University of Rochester grants you one year of personal premium access. This can be renewed every year you are with the University. If you leave the University you will either need to pay for personal premium yourself, or use the free version of the service. This version has the same security, but a few less features.

How can I secure my LastPass account?

The best way to keep your LastPass account secure is by using a very strong, unique password and enabling two-step verification.

How do I renew my premium LastPass account?

LastPass will send you an email reminding you and providing instructions for you to renew.

If you miss the renewal, your account will go from “premium” to “free”. You can restore the premium features at any time by going through the same process as you would for placing an existing LastPass account under the University of Rochester’s payment plan.

I’m already a LastPass user. Can I get the University of Rochester to cover the cost of the premium version for my existing account?

Yes!

What if I get locked out of LastPass by forgetting my master password?

LastPass does not have your master password so they cannot reset it or retrieve it for you. If you are concerned about this, you may consider writing down your master password and storing it in a secure place such as a home safe. If you are already locked out, there may be some options for recovery depending on your LastPass settings. These options can be reviewed here https://helpdesk.lastpass.com/account-recovery/.

If you are unable to access your vault, you will be able to start again with an empty vault. Follow the password recovery method for the services you use to reset individual account passwords. This is usually done with a reset link sent to the email address on file.

What if LastPass gets hacked?

LastPass was hacked in July 2015. The goal of the attack was to get access to the password vaults. Fortunately, even though the attackers got in to LastPass servers, they could not steal user passwords. Why? Because LastPass does not have access to your password vault. Without your master password, the passwords you store in LastPass stay encrypted.

Read more about the LastPass incident in 2015 at https://blog.lastpass.com/2015/06/lastpass-security-notice.html/.