Password Manager Guidelines

This KB Article References: LastPass, LastPass Enterprise
Created: 01/04/2023 Last Updated: 05/02/2024

When used properly, encrypted password managers can increase convenience and reduce risk by eliminating the need to reuse passwords or rely on weak passwords that are easy to remember. Even so, password managers can potentially expose our accounts to new risks that can be greatly reduced by following the below guidelines.


  1. Use a long (16+ characters), strong (special characters, mixed case and numbers) master password that is NEVER reused on any other website or application.
  2. Enable two-factor authentication (2FA) on your password manager.
  3. Rotate or change your master password if you are concerned that it may have been compromised or once a year.
  4. Enable two-factor authentication for every account you store inside of your password manager.
  5. Reset any password that may have been compromised, or every year if you are unsure.

Do not

  1. Store two-factor authentication seeds in the same password manager as the corresponding password.
  2. Store high risk passwords of accounts that don’t have two-factor authentication enabled.
  3. Store master passwords inside of a password manager.
  4. Reuse your master password for any other account.

Supported By

Information Security Team