University Retires LastPass Password Manager
Last Modified on 09/16/2024 12:12 pm EDT
The University of Pennsylvania has changed its password manager service offering from LastPass to DashLane. If you use the University's LastPass, follow these steps to preserve any data you still use and review the process for migrating to Dashlane. Dashlane is now available to students, faculty and staff from ISC's website.
Wharton LastPass Enterprise accounts: Wharton Computing will be migrating these accounts to free versions on September 17, 2024. Take action before that date to avoid losing access to shared data and folders.
Wharton LastPass Premium and Personal accounts: The University's contract with LastPass expires on September 26, 2024. After this date, all remaining LastPass accounts will transition to free versions, and the account will no longer be managed by Wharton or Penn. If you have shared data and folders, take action before that date to avoid losing access.
Wharton Computing's security policy: users should store their business and personal passwords separately from each other, in separate manager stores.
If you are a current Wharton user of LastPass, these directions will explain how the end of the contract affects you, and provides tips on migrating to Dashlane. (More detailed information, including testing results and directions for exporting via .csv file, is available for the tech-hearty.)
Identify Your Account Type
The University’s LastPass contract included three different account types for University users: Enterprise, Personal (with Premium access) and Free. Use these steps to figure out which kind of user account you have:
Open your University-licensed LastPass vault.
Under the Account name dropdown menu at the top right of the screen, select Account Settings.
In the General tab, scroll down to Account information.
Check your Type:
If you see “LastPass User: University of Pennsylvania - Wharton” (with or without an associated expiration date), your account is in Wharton’s LastPass enterprise account. Your Wharton Computing support team will work with you to migrate your account to Dashlane. Look for a communication from them during August, or reach out directly.
If you see “LastPass Premium user : Expires on (date), 2024”, then you have LastPass personal account with premium access. (The date you see depends on when your LastPass Premium license first began.) See our directions below for the steps we recommend.
If you don’t see either of the above options, you likely have a free LastPass account. See the appropriate directions below.
LastPass Enterprise accounts
Enterprise Accounts allow you to create shared folders, which many teams use to share access credentials for software and other sensitive information. (Only some Wharton staff and some faculty have LastPass Enterprise accounts. If you have a LastPass Enterprise account:
On September 17, 2024, all LastPass Enterprise accounts will be removed from Wharton’s LastPass company account and will become LastPass free accounts. This will allow you to keep your access to the passwords stored in your LastPass accounts that are NOT in shared folders.
When your account becomes a free account, you will:
no longer be able to share or access shared password folders (unless you created them), sync passwords between multiple devices, or access premium LastPass support.
continue to be able to log into your LastPass account, which will automatically downgrade to the 30-day free trial of a “LastPass Premium account”. After 30 days, the account will lose premium features and become a free account.
LastPass Linked Account Users
If you have linked your LastPass enterprise accounts to your LastPass personal accounts, there are some extra steps you need to take.
Some users have their personal LastPass accounts to their Enterprise accounts. For example, jwharton@wharton.upenn.edu could have a Wharton enterprise account, and link their personal account under the email jwharton@gmail.com.
This gives users the advantage of having all of their passwords, for both business and personal use, accessible through LastPass, using their single Enterprise login. You can check if you have any linked account settings enabled in the Accounts Benefits menu item:
Unlinked Account
|
Linked Account
|
If your account is linked, we recommend unlinking your accounts before September 17, since we may not be able to help you manage your account after Enterprise accounts revert to free status. Follow these steps:
Ensure that you can still log in to your account.
Unlink the personal account from the enterprise account.
The personal and Enterprise LastPass accounts should now be distinct and can be managed as two separate LastPass accounts.
To migrate your personal account to another password manager, export your passwords, and import to another password manager.
If you already have a Dashlane personal account, you'll have the option to convert Dashlane personal accounts to premium status.
Dashlane does not offer a similar “linked account” feature at this time, nor does it support simultaneous personal and work use in one place. ISC’s recommendation is to use two distinct password stores.
LastPass Premium Personal Accounts
Premium Accounts are personal LastPass accounts created for individual and personal use, taking advantage of the University's premium level of service.
On September 26, 2024, any Premium accounts with premium status will automatically transition to free LastPass accounts accounts.
Regardless of the expiration date on your LastPass premium status, your account is expected to lose Premium status by 9/26. (See the section “Renewing LastPass premium” below for more details.)
When your account account loses premium status and becomes a free account, you will:
no longer be able to sync passwords between multiple devices, share any password items to multiple users, or access premium LastPass support.
you’ll continue to be able to log into your LastPass account and access the credentials within, including shared folders that you created.
LastPass Premium users: if you are eligible for it and your LastPass Premium status expires before Sept 26, 2024, you may want to renew your LastPass Premium status now, so that you can continue to remain fully licensed until September 26, 2024.
Renewing LastPass Premium
If your LastPass Premium access expires before September 26, you should receive an email from LastPass about 2 weeks before your expiration date with the subject “Another year of LastPass, free!” Look for this email in your @upenn.edu account, and follow the instructions to open a link and renew access. (Be sure to use a browser that is set up to use your LastPass Premium account.)
LastPass Support has assured Penn that Premium Account users can continue to renew their LastPass license before September 26, so you should have full premium support until then. After September 26, accounts may transition to free status so we recommend preparing in advance.
Migration Options
The migration option you choose depends on the answers to these questions:
- Faculty or staff member with a LastPass Enterprise account? See Option 3 below.
- Faculty or staff member with LastPass Premium, or a personal LastPass account with work or business credentials in your personal account? We strongly recommend Option 3, especially if you need to share credentials with your colleagues. However, Option 1 or 2 are available to you as well.
- Using the University’s LastPass Premium plan for personal use accounts? Choose Option 1 or 2, below.
Option1: Keep using LastPass and do nothing else
If you choose this option
You can let your LastPass premium account expire naturally to a free account, and not lose too much functionality. If you choose this option, you do not have to do anything.
LastPass Enterprise account and Premium account owners: if you have shared folders and choose this option, shared folders created by you will no longer be shared to anyone else, but will remain in your account, only visible by you. Shared folders shared to you will no longer be accessible to you.
You can also renew LastPass Premium licensing on your own in order to to retain Premium level benefits. See LastPass' Help article about signing yourself up for Premium LastPass.
Option 2: Migrate to Dashlane Premium
Dashlane Premium accounts are personal accounts created for individual and personal use, taking advantage of the University's licensing for premium level of service. You should not use these accounts to store University data and credentials; instead, use Dashlane Business.
If you choose this option you'll need to reauthorize your Dashlane Premium license and re-subscribe. To migrate to Dashlane Premium:
- Obtain a Dashlane Premium account: https://www.isc.upenn.edu/how-to/dashlane#Dashlane-Premium
- Decide whether you need to migrate any LastPass Shared folders.
- If yes, we recommend using Dashlane Business plan instead. Dashlane Premium does not allow for the ability to share password folders or collections.
- If no, we recommend using the Direct import method to migrate your credentials through the Dashlane console. See Dashlane's instructions on migrating your data from LastPass to Dashlane.
This ONLY imports personal vaults for LastPass Enterprise accounts - shared password folders cannot be transferred via this method.
Note: The instructions provided by Dashlane say that disabling 2FA / two-factor authentication is required for the direct import to work. However, in testing, both Wharton Computing and ISC users have successfully imported their LastPass credentials with 2FA enabled. Using the same browser that you have the LastPass browser plugin already installed, or a LastPass session already running, should eliminate the need for disabling 2FA.
Further documentation is available at ISC’s Dashlane documentation site
Option 3: Migrate to Wharton’s Dashlane Business Plan
Dashlane Business accounts allow you to share credentials with other users, and offer other advanced features.
If you choose this option:
be aware that your account will be subject to Wharton Account policies. If you separate your Dashlane account from the University account, all passwords created under the Wharton plan will disappear from your account.
To migrate to Dashlane Business:
- First, obtain an invitation to create a Dashlane Business account. If you are:
- an existing Wharton LastPass enterprise user: you are already on the list of users to be invited to create a Dashlane Business account. Invitations will be sent in late August.
- a LastPass personal account owner with premium status: request an invite to the Dashlane Business plan by reaching out to your Wharton Computing representative.
- Locate the invitation to create your Dashlane account in your Wharton email account. Search for subject “You have been added to UPenn - Wharton on Dashlane” and follow the instructions. Reach out to your Wharton Computing representative if you need assistance in setting up an account.
- Before migrating your data, decide whether you need to migrate LastPass Shared folders:
- No Need for Shared Folders? We recommend using the Direct import from Dashlane method to migrate your credentials through the Dashlane console. This ONLY imports personal vaults for LastPass Enterprise accounts - shared password folders cannot be transferred via this method.
- Need Shared Folders? You can continue on and try the migration yourself (Wharton Computing staff, and anyone experienced in working with .csv imports), or reach out to your Wharton Computing representative.