Apr 16, 2014

Updating Passwords in the Wake of Heartbleed

With many online services now making the necessary security changes in the wake of Heartbleed, it’s time to start updating your passwords and improving your online security. Follow our steps to start using LastPass to update your passwords and better protect yourself going forward.

Before Getting Started

If you haven’t signed up yet, start by downloading LastPass, creating your account, and adding your sites to the vault.

LastPass will prompt you to import during the installer process. If any sites are stored in your browser, or a previous password manager, they can also be imported at any time by opening the LastPass browser icon, click the Tools menu, select Import, and select where you’re importing from. See our article for more information on importing to LastPass.

Getting Started

As a LastPass user, start by running the LastPass Security Check (click the LastPass Icon in your browser menu > Tools > Security Check).

This tool identifies potentially vulnerable passwords and tells you if it’s safe to start updating them.

For the sites that have the recommended action "Go update!", use LastPass to update the password to a new, generated one.

The security check will also identify weak and duplicate passwords. Prioritize updating those next, so that you have a strong, unique password for each online account.

Replacing Your Old Passwords

Using Gmail as an example, let’s walk through how to update a password using LastPass.

To begin, we’ll go to Gmail.com, login with our current username and password, and locate the Gmail settings page where we can update our password.

On the ‘Change Password’ page, we’re asked to enter the old password, as well as enter a new password twice.

In the current password field, we can click the * icon and select the existing login to fill that password:

Then, we click the "Generate" icon in the "New Password" field to create a random, unique password. If we want to add additional characters to the new password, we can click “Show Advanced Options”, update the settings, and generate a new password to use:

After clicking “Use Password”, LastPass fills both the “New Password” and “Confirm New Password” fields.

Since we are updating an account that is already stored in LastPass, we will see a dialog to either confirm we want to update the existing account, or save as a new account.

We’re going to select “Yes, Use for this Site” because we just want to update the account entry already saved by LastPass.

On the webpage, we’ll click “Save” to submit the account changes. Since we selected “Yes, use for this Site”, the change has also been saved in LastPass. It’s important that the save is made both on the website, and in LastPass, so that it is up-to-date in both places.

The next time you log in to your site, LastPass will autofill with the new, generated password!