LastPass Now Warns You When You’re Using a Weak or Duplicate Password

The latest update to the LastPass Chrome extension now warns you when you are logging in to an account with a weak or duplicate password. The new feature will help you be more proactive in updating insecure passwords to strong, unique ones generated by LastPass!

When you’re logging in to a site, LastPass will flag the password as “weak” if it detects that you received a score below 50% for that specific password in the LastPass Security Challenge. It will also flag the password as a “duplicate” if you are using the same password for another login stored in LastPass.

When a weak or duplicate password is detected, the LastPass icon turns yellow. Clicking the LastPass icon shows the warning, recommending that you update the password immediately.

Since you are now logged in to the account, you can navigate directly to the password change page for the site, and use LastPass to generate a new, strong password. If the “generate” notification doesn’t appear, you can always use the “Generate Password” function from the LastPass icon menu.

Once you’ve submitted the changes to the site, LastPass will also ask you to confirm the changes, and you’re done!

If for some reason you do not want to update the password for the site, you can choose to “disable” the alert so you are not prompted again. You can also disable alerts entirely if you do not wish to use this feature.

Remember, you can always re-run the LastPass Security Challenge to see a comprehensive analysis of your stored passwords – you can launch it from the new alerts directly, or you can open it from the Tools sub-menu in the LastPass icon.

The feature will soon be rolled out to other browsers, but is currently only available in Chrome. Most users should receive the update automatically when they restart their browser, but if a manual reinstall is needed you can do so from our download page.

What do you think of the new feature? Leave your feedback in the comments below!


  • Basiclife says:

    When you’re developing a website on 10-15 servers on your network, and continuously rebuilding databases/user accounts, using the same password on all of them is so much faster than keeping LastPass’s records up-to-date.

    Unfortunately, the “ignore the duplicate warning for this site” option is broken and will not STFU. Very irritating.

  • Amber Gott says:

    Thanks for the reports, we are investigating and hope to have improvements for the next release.

    We encourage users to report any persisting issues here: for investigation with the support team, we’re happy to be of help.

  • Anonymous says:

    This problem is long over due for a fix. Please allow the user to disable this.

  • Anonymous says:

    I’m glad to see that others are bothered by this. I don’t mind LastPass’s telling me about weak/duplicate passwords, as long as the ability to turn off this warning works. Alas, it does not work. For months, people have been calling this to LastPass’s attention, and many have also offered compelling reasons for their using duplicative passwords, but the problem continues. Why doesn’t LastPass at least FIX the turn-off-warning option?

  • Anonymous says:

    Getting the same thing in IE now, to the point where I can’t use my LP toolbar because all it does is repeatedly display the Weak Password popup and BLOCKS me from using my own LP toolbar commands.

    And as you all said, disabling it doesn’t work at all. Malware is right.

  • Rick Reumann says:

    Agree with others. Even when selecting to disable entirely, it keeps coming back. Quite annoying.