LastPass software generally should self-update to the latest version by itself however make sure you approve or apply any updates if LastPass asks you to. Like all software, it is important to keep the software up to date (sometimes known as ‘patching’). It may be simpler to ‘log out’ of the LastPass applications or uninstall/delete them before travelling outside of the UK and reinstalling when you get back. The MoJ has existing policies on travelling abroad on the MoJ intranet which require various approvals before travel. Taking a device (such as personal smartphone) that has MoJ LastPass installed counts as travelling overseas with MoJ information.
You must not share your LastPass main password with anyone, even your line manager or MoJ security. It is your responsibility to remove items or people from shared folders when access to the credential(s) is no longer required. You should make sure the credentials you’re sharing are only available to the people who need to access them for MoJ work. To share a password create a “shared folder” in the LastPass Vault. If you don’t have an MoJ-issued work smartphone you may use a personal device for MFA.
SMS-based (a one-time code sent via SMS).TOTP-based (the code is held by a dedicated app such as Google or LastPass Authenticator on a mobile device).Software-based (for example, Google Prompt on a mobile device).The MoJ has an ‘order of preference’ for which types of MFA to use: You must setup multi-factor authentication (MFA, sometimes known as 2FA) for your MoJ LastPass account. Your primary password must be unique and you should never use it anywhere else (including a similar version, for example, by simply adding numbers to the end) Multi-Factor Authentication
There are password guidance standards here. You can choose to make it pronounceable and memorable (passphrase) such as CyberSecurityRules! or Sup3rD00p3rc0Mp3X!, as long as you’re comfortable remembering it and won’t need to write it down. It must be at least 12 characters long (the longer the better). You need to create a primary password - this is the only password you’ll need to remember. LastPass have ‘getting started’ guides on their website. You will be sent an email to your MoJ work email account inviting you to create your LastPass account.
You shouldn’t use LastPass for ‘secrets’ that belong to systems, only credentials to be used by humans.There is separate guidance on how to handle secrets. LastPass should not be used for storing MoJ documents - you must use existing MoJ services such as Office 365 or Google Workspace for that. MoJ LastPass administrators cannot routinely access the contents of LastPass Vaults but can reset accounts to gain access if there is a good reason to do so. You could use your MoJ LastPass account to store personal non-work information but as it is a work account belonging to the MoJ you may lose access if you change role and will lose access entirely if you leave the MoJ. A good example is running a shared Twitter account. LastPass can also be used for sharing passwords within a team when individual named accounts cannot be created in the service.
LastPass can be used for storing usernames and passwords that are specific to you (for example, your MoJ Google account details). if there were any credentials within Rattic that you need access to based on this shared spreadsheet of old Rattic credentials.your role in your team / why you need access.MoJ LastPass accounts can be requested by anyone in MoJ Digital and Technology.Īt the moment, rollout is limited to technical service/operation teams but we’re working on license funding to make it available to everyone. The Ministry of Justice (MoJ) has the Enterprise tier of LastPass. LastPass will securely save your credentials in your own LastPass ‘Vault’ and then offer to autofill those credentials the next time you need them.
LastPass is available as a browser extension for popular browsers and as well as a full software suite (for use outside of browsers) for Microsoft Windows and Apple macOS. It keeps all your website logins protected, helps with creating new ‘strong’ passwords and password sharing when required. Using it means you no longer need to remember dozens of passwords, just a single primary password. LastPass is an online password management tool that we make available to you to help you create, store and share passwords. Using LastPass Enterprise What is LastPass?