Jan 9, 2012

New Year's Resolutions with LastPass: #3 Replace Weak and Duplicate Passwords

With a newly reorganized vault and the results of the Security Check in hand, let's roll up our sleeves and go through the steps to update those weak and duplicate passwords.

We recommend starting with important passwords - online banking, email addresses, online shopping accounts with stored credit card information - that are critically weak (the bar is red in the results) or that share passwords with other logins. Set a goal to work on a handful of accounts at a time, over several days or weeks if needed, until all passwords are at a 'strong' level. This is likely the hardest resolution on our list, but an important step to increasing your online security with LastPass.

To start with the most critical areas first, we want to pay attention to the Security Check results that display the number of duplicate passwords, the number of sites with duplicate passwords, and the number of weak passwords:

The Security Check's detailed results makes it easy to identify these problems and correct them. The sites are ranked from weakest passwords to strongest passwords, with the weakest showing a shorter red bar, and the strongest showing a longer green bar.

As we've shown before, updating a site's password requires logging into the site itself, then using LastPass to go through the password change process. By clicking "visit site" next to the weak password in the Security Check results, LastPass will take us to the login page for that entry:

For example, if a Gmail login is very weak or is currently the same as another password, we'll click "Visit Site" and be directed to the Gmail login page, where LastPass will autofill the data:

We can then navigate to Gmail's "account settings" page, where we can access the page to change our Gmail password:


On the password change page, LastPass will present a notification bar, allowing you to first autofill the existing password, and to then generate a new password. Note that when you click the "Generate" button, you can check the "show advanced options" box to customize the length of your password, and the types of digits, characters, and letters that will be included in the generated password.

When the fields are complete, save the account changes. LastPass will present another notification bar, asking you to confirm the change to an existing account, or to save a new site entry. When clicking "confirm", a dialog will appear allowing you to select the entry to which you want to apply the change.You should then repeat this process with every site that contains a weak or duplicate passwords, working your way through the Security Check results. Note that, after updating the username or password for a site stored with LastPass, you can go to the "edit" dialog and click "History" to see a record of changes made to the entry:

We hope the article provides a helpful push for you to remove duplicate and update weak passwords. You're well on your way to topping the Security Check!

Best,
The LastPass Team