As a perk of being a Caltech employee, you can create a personal Premium account (or upgrade an existing Personal account if you already have one). Go to the LastPass Caltech Premium Upgrade portal and enter your Caltech email and personal (non-Caltech) email to get set up.
This Premium account can be used to store your personal passwords. Once created, you can link your personal account "vault" with your Enterprise account, so that you can easily get into your personal vault while logged into your Enterprise account. This is very convenient and doesn't give Caltech any kind of control over your personal account.
IMSS cannot see any telemetry at all for your personal account even if you have taken advantage of the free upgrade to Premium. This is also true if you decided to link your Premium account with your Enterprise account.
No, linking your Personal/Premium account with your Enterprise account just for convenience. If your accounts are linked, when you are logged in with your Enterprise account you automatically have access to your personal vault without having to log in separately for that.
IMSS recommends enabling a Personal/Premium LastPass account. Upon departure from Caltech your Enterprise account will be closed out. However, your Personal/Premium account will not be impacted. You should use the Enterprise account to store work-only accounts.
Yes. If preferred, just install it in one browser, and use that one when you want to log into a site using LastPass. You need to log in using the browser extension at least once, for things like master password recovery to work.
LastPass does support providing IMSS LastPass administrators with access to shared folders (not to users' individual passwords), but IMSS has disabled this by site-wide policy.
IMSS recommends setting up a recovery phone as part of the account creation process. You can also create a password hint that is meaningful to you. If needed, you can also contact the Help Desk. Only by your request and by coordinating with you will the Help Desk be able to help you set up a new master passphrase. Going through this process requires that you are online.
Unfortunately, this is an issue with LastPass for SSO. For Shibboleth logins, you can save one entry in LastPass for idp.caltech.edu. You can also select an existing LastPass entry to access other SSO sites. For example, if you already saved your access.caltech account and are trying to access Kronos, you can select the access.caltech LastPass entry.
IMSS does NOT recommend saving your LastPass master password. Unfortunately, this is not a feature that IMSS can disable.
LastPass is primarily intended for web-based use. There is no automated way of using your LastPass passwords from your main account in your remote desktop, other than cut and paste.
This is not a feature in LastPass. However, you should set a Master Password hint if you haven't already, make sure it only is meaningful to yourself. You can also set up password recovery via SMS by going to Settings, General, and then scrolling down to SMS Account Recovery. Note that you need to log in at least once via the browser extension, for recovery options to be set up correctly.
The Help Desk also has a method for master password recovery assistance. This also requires that you log in with the browser extension at least once. You will need to be online during the recovery process.
NOTE: The Help Desk's Master Password recovery cannot be performed without your cooperation.
You can create an export file in KeePass that you can then import into LastPass. Once the import is complete, be sure to securely delete the export file created from KeePass as the file is plaintext and highly sensitive.