Online shoe and clothing retailer Zappos recently announced that the personal account information of 24 million users has been compromised. In an email to their userbase, Zappos confirmed they will require a password reset for all account holders to prevent unauthorized access. Even if you've already reset your password for Zappos, it's important to double-check that your new Zappos password is secure, that you weren't using the same or similar password on other sites, and that you don't have other critically weak or duplicate passwords lurking in your vault.
Follow our steps to:
1. Run the LastPass Security Check
Go to the "Tools" menu in your LastPass browser addon, and select the Security Check to review your data. Once complete, you'll receive a score from 0 to 100 and a detailed analysis of your stored passwords. We've mentioned before the importance of auditing your vault data to get an idea of how strong your passwords are, and to identify passwords that are still in use across multiple sites.
For a more in-depth look at the Security Check, read our related blog post.
2. Note Any Sites Using the Same Password as Zappos
Once your Security Check results are in, note if the password for Zappos is shared with any other account logins. If so, make a list of the sites (or print off the LastPass Security Check results) to reference as you make changes.
3. Update Your Zappos Password
Go to the Zappos password change page to login to your Zappos account. You can also launch Zappos by clicking the "visit site" link next to the entry on the Security Check page to login and go to the account settings page.
From there, use LastPass to generate a new password, selecting "show advanced options" in the password generator if you'd like to increase the number or types of characters used. When you submit the changes, confirm the update to the site entry stored in LastPass.
4. Update Sites Sharing the Same Password as Zappos
Follow the same steps to login to any other site sharing the Zappos password and update the account with a new password generated by LastPass. Note that you can access the LastPass password generator under the Tools menu in the LastPass Icon at any time.
For more details on how to update old logins with passwords generated by LastPass, see our previous blog post with step-by-step instructions.
We know our users do a great job of following best password practices with LastPass; if you feel you could improve, our resolutions posts will help you get started (more posts on the way!). We want to say thanks to our users who have been enthusiastically recommending LastPass as a password management solution in the wake of the Zappos leak and similar incidents. We hope to continue spreading the word that you don't have to use the same password everywhere, and that with LastPass there's an easier, more secure way to manage your online life.
The LastPass Team