To LastPass or to pass: that is the question for the Harvard Kennedy School community

MadiMurariu
4 min readOct 30, 2020

--

|This story is part of a series designed for Harvard’s DPI 662 class.

As we enter the 9th month since the global covid-19 pandemic started, most countries are still operating in increasingly online environments to safeguard against the transmission of the virus. This has certainly been the case at the Harvard Kennedy School, where students and staff have been working, studying, and teaching remotely since March.

With the increase in online engagement, security and cyber-threat prevention have been top of mind to students and faculty leaders alike. Even before the pandemic started, Harvard adopted a number of privacy tools, including LastPass in 2013. However, most of the available tools have been provided as options, raising questions on whether they should be made mandatory instead to truly help protect university users.

Photo by Jan Piatkowski on Unsplash

There are some clear upsides to encouraging the use of a safe password-storage system. In 2019 alone, over 80% of data breaches were caused by passwords being hacked. Research demonstrates that over 65% of people reuse passwords across multiple sites, often for both personal and work accounts, and a staggering 13% of people admit to using one password for all accounts as detailed in this story. The adoption of a password storage system by Harvard would therefore allow users to securely store their passwords (I see you, student with their password written on a post-it on their screen)and directly protect personal information.

Indirectly, it can also better safeguard the entire Harvard security system in three core ways.

Photo by Dan Nelson on Unsplash
  1. It can limit the network exposure to breeches. By securing individual users’ information, Harvard can in turn secure its own networks since password-protection systems can limit the visibility negative actors would have on individual passwords and impede their use as entry-points into the networks.
  2. It can encourage users to adopt more complicated and secure passwords. While most users have a tendency to use personal information in their passwords to help them keep track, or simple series of words and numbers, this also makes them much easier to hack. Millions of users still admit to using “123456” as their primary password, making security at the password level almost impossible to implement. By removing the memory requirement, services like LastPass can encourage better password hygiene and encourage users to adopt longer and more complex passwords without fear of forgetfulness.
  3. It can save money in the long run. Increased security will not only protect organizations from their information being hacked and protect them from expensive and disruptive information breaches, but they can also save on technical support costs. Forrester Research estimated that large organizations can spend up to $1 million dollars per year on training, staff and infrastructure to handle password resets, which can amount to 40% of technical support requests. By enabling LastPass, Harvard stands to gain substantially from no longer having to service as many password-reset calls and users can feel more satisfied with both the level of security and services they receive since tech. support time can be better allocated this way.

For these reasons, Harvard should therefore consider mandating it to their staff, faculty, and students. While there is no guarantee that the adoption rate would be 100%, even a partial adoption would substantially increase the organization’s and users’ cybersecurity posture.

However, in conjunction with mandating the use of the tool and providing lifetime access to it, Harvard should also focus on proactively training its community to be leaders in password and data protection. Since most Harvard community members share networks with roommates, friends and family, it is therefore not just their own passwords that need to be safeguarded, but also those of the community closest to them. When it comes to cybersecurity, therefore, Harvard should encourage users to adapt to the famous quotes from William Shakespeare in All’s Well that Ends Well and “Love all, trust a few”.

--

--

MadiMurariu
0 Followers

Public Affairs and Communications professional interested in #democracy, #innovation, #technology and #diplomacy. HKS Graduate Student.