Jan 16, 2012

Have a Zappos Account? 4 Steps to Take Now with LastPass

Online shoe and clothing retailer Zappos recently announced that the personal account information of 24 million users has been compromised. In an email to their userbase, Zappos confirmed they will require a password reset for all account holders to prevent unauthorized access. Even if you've already reset your password for Zappos, it's important to double-check that your new Zappos password is secure, that you weren't using the same or similar password on other sites, and that you don't have other critically weak or duplicate passwords lurking in your vault.

Follow our steps to:

1. Run the LastPass Security Check

Go to the "Tools" menu in your LastPass browser addon, and select the Security Check to review your data. Once complete, you'll receive a score from 0 to 100 and a detailed analysis of your stored passwords. We've mentioned before the importance of auditing your vault data to get an idea of how strong your passwords are, and to identify passwords that are still in use across multiple sites.

For a more in-depth look at the Security Check, read our related blog post.

2. Note Any Sites Using the Same Password as Zappos

Once your Security Check results are in, note if the password for Zappos is shared with any other account logins. If so, make a list of the sites (or print off the LastPass Security Check results) to reference as you make changes.

3. Update Your Zappos Password

Go to the Zappos password change page to login to your Zappos account. You can also launch Zappos by clicking the "visit site" link next to the entry on the Security Check page to login and go to the account settings page.

From there, use LastPass to generate a new password, selecting "show advanced options" in the password generator if you'd like to increase the number or types of characters used. When you submit the changes, confirm the update to the site entry stored in LastPass.

4. Update Sites Sharing the Same Password as Zappos

Follow the same steps to login to any other site sharing the Zappos password and update the account with a new password generated by LastPass. Note that you can access the LastPass password generator under the Tools menu in the LastPass Icon at any time.

For more details on how to update old logins with passwords generated by LastPass, see our previous blog post with step-by-step instructions.

Be Vigilant

We know our users do a great job of following best password practices with LastPass; if you feel you could improve, our resolutions posts will help you get started (more posts on the way!). We want to say thanks to our users who have been enthusiastically recommending LastPass as a password management solution in the wake of the Zappos leak and similar incidents. We hope to continue spreading the word that you don't have to use the same password everywhere, and that with LastPass there's an easier, more secure way to manage your online life.

Best,
The LastPass Team

3 comments:

  1. Fortunately, I don't have a Zappo's account. I'm struggling through the above process and have improved my score from 17.4 to 49.8, but still have a ways to go. I've run into a couple of problems, though. One is iPhone apps that don't keep you logged in. You either have to remember the password or have a separate password manager.

    ReplyDelete
    Replies
    1. Do you have the lastpass iPhone app? Because I just open the lastpass app, copy the password for the iPhone app in question, and go back to the iPhone app that needs it. Way easier than typing in even an easy/short password (that is insecure AND that you have to remember, as you noted).
      The app is $1 a month. I'd pay that much every day that I used it. I hate typing on the iPhone :)

      Delete
  2. It's needed xmarks+lastpass app

    ReplyDelete