Get Proactive with the LastPass Password Generator

Whether you’re new to LastPass or a seasoned password manager user, the LastPass password generator remains one of the most effective tools in securing your online accounts. So how can you ensure you’re getting the most out of this feature?

The LastPass Security Check, located in the “Tools” menu in your LastPass browser addon, provides a comprehensive overview of the strength of your passwords and the number of duplicate passwords lurking in your vault. And now LastPass helps you identify weak and duplicate passwords as you’re logging into your sites, notifying you immediately so you know you should update that account.

But the key to improving your online security is to follow through on generating new passwords for your stored accounts – whether you run the Security Check and commit to updating your passwords at once, or wait for the alerts and update as you go.

If you haven’t gone through the process before, it’s a few simple steps. Let’s say you want to update your Gmail password. After logging in to the Gmail account, you can navigate to the site’s account settings page, where you should see a “change password” option. In most cases, LastPass will recognize that there’s a “new password” field, and will prompt you with the “generate” notification, which will allow you to generate a new password.

Accepting the password tells LastPass to fill it into the new password fields, and you can submit the account changes on the site. If for some reason LastPass can’t detect the password fields, you can click the LastPass Icon and select “Generate Secure Password” from the menu, and copy-paste the generated password to the page.

With the changes submitted for the account, LastPass should show a notification asking you to “confirm” the change, or to “save” the change as a new site entry. Choosing “confirm” will allow LastPass to replace the old password with the new, generated password in the site entry in your vault.

And that’s all there is to it – next time you login to the account, LastPass will fill in the updated password as you’re logging in.

As you start registering for new sites, LastPass will also show a generate notification, so you’ll have unique, strong passwords for all of your accounts moving forward.

Want to learn more about increasing your security with LastPass? Check out these blog posts:

How are you using LastPass to better your online security?


  • jaericho says:

    Could lastpass’s pword generator do something like ? Much longer passwords but still easy to remember.

  • John says:

    Can you please moderate your blog comments and remove all the spam? It is starting to get annoying…

  • Alan Miller says:

    Have you considered improving the password generator at all? A few simple things could make a world of difference:
    * Group letters of the same case, numbers and punctuation. People entering on phones and having to jump between keyboard screens are going to find your passwords more difficult to use.
    * Let “Pronounceable” include something beyond lowercase. Currently “Pronounceable” means “contains a mixture of lowercase letters that I can say but which is unacceptable at most sites.” Create two shorter pronounceable “words,” capitalize them, throw digits or punctuation in before, between or after.

  • Tomas Fejfar says:

    Also think about whether you don’t want to create some strong *memorable* password (or memorable + some suffix-per-service to not share the passwords) for email and other critical apps. Because LastPass might be offline or you may be on someones phone and desperatelly needing to check mail. I had this problem with twitter – when apps wanted me to login to twitter to sucessfully OAuth and I had like 12char generated password. That sux. Think about it when you are changing your passwords.

    • Unknown says:

      You can use lastpass offline with its offline app. Just make sure to backup regularly.

      Also , one should have lastpass on their phone so it is always with them. The phone app will use it’s cache of lastpass blob data if it can’t connect to the lastpass servers.

  • Richard says:

    There’s a bug where in sites such as that have the user ID on one page and the password on the next page, Lastpass warns you that the user ID is a “weak password.”