Topics Map > Office of Cybersecurity > Tools and Software > LastPass
By logging in and using LastPass Enterprise, you are agreeing to adhere to the following terms of service:
In general, UW–Madison LastPass Enterprise is suitable for restricted information as long as the appropriate permission controls are in place.
Individuals using this service are required to:
Protect the privacy and confidentiality of employee, student, patient, and other institutional information as required by FERPA (privacy of student information) and HIPAA (privacy of patient information).
In accordance with federal regulations and UW–Madison policies, all research involving human subjects must be reviewed and approved by an Institutional Review Board prior to any research intervention with a participant. See Human Research Protection Program for details.
Comply with all other applicable University policies, State laws, and Federal laws.
System Use - LastPass Enterprise
LastPass Enterprise is intended for the secure storage and sharing of work-related credentials and secrets.
UW–Madison’s LastPass Enterprise Service is available only to active UW–Madison faculty, staff, and student-employees with a UW–Madison Office365 email account. Students, Emeritus staff, Retirees with IT Services, and Alumni are not eligible for the LastPass Enterprise Service.
LastPass Enterprise accounts can be linked to personal LastPass Premium accounts for ease of access.
Upon leaving the University, your access to your LastPass Enterprise account will be removed.
New LastPass Enterprise users’ accounts will be provisioned to use NetID login for Vault access. Existing beta users will maintain their Master Password login access; however, they can request to convert to NetID login via the LastPass Enterprise Login Type Request Form.
LastPass Enterprise accounts require the use of Multi-Factor Authentication (MFA-Duo) for additional security.
LastPass Enterprise accounts are supported by DoIT. For more information, refer to “Introducing LastPass Enterprise”. For troubleshooting, contact the DoIT Help Desk.
LastPass (LogMeIn) and UW–Madison do not provide backups of credentials and secrets stored in LastPass Enterprise Vaults.
LastPass Premium accounts are offered separately to LastPass Enterprise accounts. They are provided for free and are intended for storage and sharing of personal credentials, secrets, documents, and payment information at the discretion of the user.
Active UW–Madison faculty, staff, student-employees, and students, as well as Emeritus staff, Retirees with IT Services, and Alumni are eligible for free LastPass Premium accounts through the UW–Madison Premium Partner Link.
LastPass Premium accounts can be linked to personal LastPass Enterprise accounts for ease of access.
Before leaving the University, be sure that your personal credentials and/or encrypted files are stored in your personal LastPass Premium (or other similar personal password manager) account, not your LastPass Enterprise account.
Upon leaving the University, your access to your LastPass Premium account (if applicable) will persist as long as you have an active UW–Madison Office365 email account.
Should you no longer have an active UW–Madison Office365 email account, your LastPass Premium account will be downgraded to a LastPass Free account; however, your access to your stored credentials and secrets will be retained.
Access to LastPass Premium accounts is via Master Password login only.
LastPass Premium accounts are not supported by DoIT/UW–Madison.
LastPass (LogMeIn) does not provide backups of credentials and secrets stored in LastPass Premium Vaults.
LastPass Enterprise/Premium Encrypted File Storage:
LastPass Enterprise/Premium encrypted file storage should not be used as a primary data back-up repository or for the storage of data that is not intended for regular access and use. LastPass encrypted file storage is limited to a maximum of 1GB of data per user.
We recommend that you keep secure backup copies of your critical files on other media, such as a local hard drive, Google Drive, or a USB Flash Drive. In the unlikely event that there is a system outage, your online files will not be accessible until service returns.
You are responsible for the integrity of your data files.
LastPass (LogMeIn) and UW–Madison do not provide backups of files stored in LastPass Vaults.
UW–Madison respects the legitimate privacy interests of UW–Madison LastPass Enterprise and LastPass Premium Users within appropriate limits for educational, ethical, and legal reasons.
Neither UW–Madison, DoIT, nor LastPass (LogMeIn) staff will have visibility of, record of, or access to the credentials stored within LastPass Vaults.
UW–Madison LastPass Enterprise administrators routinely monitor the volume of UW–Madison LastPass Enterprise usage for system management purposes.
Usage may also be subject to security testing and monitoring.
If the University receives a credible report that a violation has occurred, or if, in the course of managing the service, discovers evidence of a violation, then the matter will be referred for investigation, University disciplinary action, and/or criminal prosecution.
Complaints that specific material violates the law or University policy should be reported to The Office of Cybersecurity: https://it.wisc.edu/reporting-an-incident-to-it-security/
If you are employed by the University, you should be aware that any documents that you save or publish in the UW–Madison LastPass Enterprise may be subject to the Wisconsin Open Records Act. For more information on the Records Management, please go to: http://www.library.wisc.edu/archives/records-management/program-overview/legal-requirements-for-records/