Apr 8, 2013

Get Proactive with the LastPass Password Generator

Whether you're new to LastPass or a seasoned password manager user, the LastPass password generator remains one of the most effective tools in securing your online accounts. So how can you ensure you're getting the most out of this feature?
The LastPass Security Check, located in the "Tools" menu in your LastPass browser addon, provides a comprehensive overview of the strength of your passwords and the number of duplicate passwords lurking in your vault. And now LastPass helps you identify weak and duplicate passwords as you're logging into your sites, notifying you immediately so you know you should update that account. 
But the key to improving your online security is to follow through on generating new passwords for your stored accounts - whether you run the Security Check and commit to updating your passwords at once, or wait for the alerts and update as you go.

If you haven't gone through the process before, it's a few simple steps. Let's say you want to update your Gmail password. After logging in to the Gmail account, you can navigate to the site's account settings page, where you should see a "change password" option. In most cases, LastPass will recognize that there's a "new password" field, and will prompt you with the "generate" notification, which will allow you to generate a new password.
Accepting the password tells LastPass to fill it into the new password fields, and you can submit the account changes on the site. If for some reason LastPass can't detect the password fields, you can click the LastPass Icon and select "Generate Secure Password" from the menu, and copy-paste the generated password to the page.

With the changes submitted for the account, LastPass should show a notification asking you to "confirm" the change, or to "save" the change as a new site entry. Choosing "confirm" will allow LastPass to replace the old password with the new, generated password in the site entry in your vault.
And that's all there is to it - next time you login to the account, LastPass will fill in the updated password as you're logging in.

As you start registering for new sites, LastPass will also show a generate notification, so you'll have unique, strong passwords for all of your accounts moving forward.

Want to learn more about increasing your security with LastPass? Check out these blog posts:

New Year, Better Security with LastPass: 3 Steps to Take Today
LastPass Sentry Now Checks Your Entire Vault
Want to Up Your Online Security? Follow These Steps Now.

How are you using LastPass to better your online security?

14 comments:

  1. There's a bug where in sites such as www.bankofamerica.com that have the user ID on one page and the password on the next page, Lastpass warns you that the user ID is a "weak password."

    ReplyDelete
  2. Also think about whether you don't want to create some strong *memorable* password (or memorable + some suffix-per-service to not share the passwords) for email and other critical apps. Because LastPass might be offline or you may be on someones phone and desperatelly needing to check mail. I had this problem with twitter - when apps wanted me to login to twitter to sucessfully OAuth and I had like 12char generated password. That sux. Think about it when you are changing your passwords.

    ReplyDelete
    Replies
    1. You can use lastpass offline with its offline app. Just make sure to backup regularly.

      Also , one should have lastpass on their phone so it is always with them. The phone app will use it's cache of lastpass blob data if it can't connect to the lastpass servers.


      Delete
  3. Anyone else wish diceware was an option? http://en.wikipedia.org/wiki/Diceware

    ReplyDelete
  4. Have you considered improving the password generator at all? A few simple things could make a world of difference:
    * Group letters of the same case, numbers and punctuation. People entering on phones and having to jump between keyboard screens are going to find your passwords more difficult to use.
    * Let "Pronounceable" include something beyond lowercase. Currently "Pronounceable" means "contains a mixture of lowercase letters that I can say but which is unacceptable at most sites." Create two shorter pronounceable "words," capitalize them, throw digits or punctuation in before, between or after.

    ReplyDelete
    Replies
    1. I like that 2nd suggestion Alan

      Delete
    2. This is only available for Chrome at the moment, isn't it? I might switch over to Chrome for the time being just to get some passwords updated. Nice feature.

      Delete
  5. Can you please moderate your blog comments and remove all the spam? It is starting to get annoying...

    ReplyDelete
  6. Could lastpass's pword generator do something like passphra.se ? Much longer passwords but still easy to remember.

    ReplyDelete
  7. Call me stupid if u wanna, but when I go to create the acct. w/password, but I get messg saying email address not legit. Am I suppose to enter my yahoo mail address, and if so, am I suppose to enter the password w/Yahoo? I looked around in the short time I had before going to bed, but could bot find the answers to these questions.

    By the way, is their anyone who stopped using this because of flaws in the applicatiob?

    ReplyDelete
    Replies
    1. If you try again and still see an error when registering for a LastPass account, please reach out to the support team here: https://lastpass.com/supportticket.php and provide any further details or screenshots that would help explain the situation.

      Delete
  8. I have a suggestion -- why not connect the scan service with the ability to autogenerate strong passwords? then you could click once to fix all insecure items. this could be part of your premium service.

    ReplyDelete
    Replies
    1. Unfortunately this requires communicating with the websites themselves, which is an extremely complex process. We're looking at further improvements here, but currently doing the standard update password process with LastPass is the best option.

      Delete
  9. Because of the annoying Heartbleed bug, to generate a strong password is more important than before.

    ReplyDelete