LastPass - NetID vs Master Password: Which authentication method is best for me?
The UW-Madison Enterprise instance of LastPass supports two different authentication mechanisms, NetID and Master Password. There are key differences to each highlighted below to help you decide which option is best for you.
Note: We prefer "primary" to "master," but LastPass uses "master." We've used "master" in this documentation to avoid confusion.
The best way to safely generate, store, and keep track of your passwords is to use a password manager app like LastPass. At UW-Madison we support two ways to login to your LastPass account and have provided some considerations below to help you decide which is best for you.
NetID is the default authentication method for new LastPass users. (If you are interested in activating a LastPass account, see: LastPass - How to activate a UW-Madison Enterprise LastPass account) Using this authentication method, users will login to LastPass much like other applications at UW-Madison. You'll provide your firstname.lastname@example.org email address and then log in with NetID, NetID password, and Duo.
- Eliminates the need to remember a separate Master Password to access LastPass.
- Most difficult to crack encryption because part of the encryption key is stored by UW-Madison and not LastPass. LastPass uses a patent-pending method of distributing, storing and uniting encrypted keys to ensure your NetID password is never shared with LastPass.
- Creates a single point of failure if your NetID account is compromised. A compromised NetID could allow an attacker to compromise your LastPass account.
- Signing out requires you to close your browser, and potentially clear your browsers cache, to be fully logged out.
- There are some feature limitations when using NetID authentication. Details: LastPass - What are the limitations for LastPass users with NetID login?
Master Password Authentication
Users who leverage a Master Password use it instead of their NetID password to log into LastPass. You'll provide your email address, Master Password, and complete a Duo MFA prompt to login.
- Separate from NetID password, meaning a compromise of one doesn't compromise the other.
- Creates an additional password to remember. It is strongly recommended that you never re-use your master password for any other account or application.
- It is not possible for LastPass Support to reset or change a user's master password if it is forgotten. UW-Madison LastPass admins are able to reset some users Master Passwords if they are forgotten.
- LastPass does provide recovery options for a forgotten Master Password.