Use Twitch? Change Your Password Now.

By March 24, 2015 Security News 3 Comments

Social media was in a frenzy yesterday when Twitch, the world’s leading video platform and community for gamers, made an announcement asking its users to reset their passwords.

But don’t fret, LastPass users. We’ve got the tools to help you, so you can change your Twitch password automatically.

Real-time LastPass security alerts

If you’re logged in to LastPass and have a Twitch account, you’ll see our alert prompting you to change your password. Both a desktop notification and a notification from the LastPass browser extension will appear with a brief alert so you can take action immediately.

TwitchPasswordIncident

The alerts are available for any browser running the latest version of LastPass. Clicking one of the notifications will take you directly to the LastPass Security Challenge.

Automatically change your password

In the Security Challenge, you’ll see more information about the Twitch incident and you can update your password with one click by selecting Auto-Password Change.

It’s that simple! LastPass does all the work of logging in to Twitch, updating your password, and storing the new password in your LastPass vault. Plus, you’ll see any websites that were using the same password as your Twitch account, so you can change those passwords, too.

What we know about the Twitch incident

Though the details are vague, it appears that there was unauthorized access to some user accounts, so Twitch expired all passwords and is requiring users to reset them the next time they login. At this time it’s unclear if any data was leaked, but users should be proactive in protecting their accounts by resetting their passwords as soon as possible.

It’s very important to use strong, different passwords for every account and app. Now’s the time to make changes if you’re reusing passwords. The LastPass Security Challenge will alert you to any weak or duplicate passwords you have saved in LastPass. Use Auto-Password Change to update passwords where available, and use the password generator for all other websites to create secure, un-guessable passwords.

New to the idea of a password manager?

Passwords can be frustrating to deal with, and let’s face it, we’re all bad at making passwords that are secure enough. But we’ve got the fix. LastPass is a password manager that remembers all your passwords for you and creates strong passwords for every account on every website and every app.

You only have to remember your LastPass master password, and LastPass takes care of the rest. It’s free to sign up and easy to get started, and you’ll seriously wonder how you survived without it.

3 Comments

  • Chris Casey says:

    I can’t seem to properly change my password using LastPass. What I did was:
    – log in to twitch using my old password
    – click the mandatory reset password link
    – have lastpass generate a new password, and clicked ‘use this password for this site’
    – tried to log in. got wrong password screen.
    – tried to reset password again, same results.

    • ponpat says:

      I am not part of the lastpass support (you maybe should try to contact them if I can’t help), but you should try the following things:
      – If you use Chrome or Firefox: Go to your lastpass vault and click on your twitch entry to edit it and try the “Auto Change” Button. Maybe it can do the whole work for you.
      – You also could generate a new password and copy it to your clipboard instead of applying it and then manually parse it into the password fields and your last pass vault.

      What possible causes for similar issues I had in the past on different websites:
      – The website itself took some time to apply the new password.
      – before clicking on the “save” button in the form somehow lastpass parsed the old password into the “new” field but saved the new one into the fault.
      – The website made no statement about “too long” passwords. It just applied the first few letters of my password (or the last. I had both cases already) but lastpass couldn’t know about the generated password was “too long”. Even I could only know through research.
      -after putting in the password a javascript did “encrypte” the password locally. Lastpass saved the encrypted password because it had no chance to know that the “send password” was not the “input password” and so it tried to log me in with the “send password” in the future.

      Needless to say, that only the second point was the fault of lastpass back then. And that the last two points were stupid decisions by the developer of the website.

  • Coreen VanDerWoude says:

    This was interesting information. I have Last Pass and love it, but I wondered if I need to log in and out every time I use my laptop? Are my passwords safe if I don’t?