Nifty new LastPass, Dashlane features can change your passwords for you

Both Dashlane and LastPass recently released features to automatically change your passwords for more than 75 different websites.

Password manager apps Dashlane and LastPass are hoping to take the sting out of the next security snafu that affects your online accounts. This week, both services new automatic password-changing features that let you swap your login codes with just a few clicks, replacing them with randomly generated passwords made up of letters, numbers, and symbols. The new features automatically save the new logins to your password manager of choice.

Both Dashlane and LastPass can change your password for about 75 separate services, but they operate a little differently. LastPass' Auto-Password Change works on an account-by-account basis, while Dashlane's Password Changer can work on multiple accounts at once.

Why this matters: After the public reveal of the Heartbleed vulnerability in April, many users were forced to swap out at least some of their passwords for online services. But changing passwords is a pain and can be very time consuming. The new Dashlane and LastPass features will make it easier the next time a major vulnerability has you scrambling to change multiple accounts at once. It also makes it easier to change your passwords more regularly, which is standard practice for good password hygiene.

Hands-on with LastPass

The password changing features for both Dashlane and LastPass are currently in beta; however, Dashlane is only letting users sign-up for the chance to try its new feature. LastPass is already rolling out auto-password change to any user running LastPass version 3.1.70 for Chrome, Firefox, and Safari. Both LastPass' Auto-Password Change and Dashlane's Password Changer work only on PCs and are not available on mobile devices.

To change your passwords automatically with Auto-Password Change you have to open your LastPass Vault by click on the extension's icon in your browser. Then press the pencil (edit) icon for the account you want to change.

In the tab that opens, click the Change Password Automatically button under the password field.Then you have to click Change Password Now  in the new window that opens to authorize LastPass to open a new browser tab, log in to your account, and change your password. The whole process takes just a few seconds, and you can even watch it happening in the new browser tab.

LastPass says all changed passwords are created on your device and do not go up to the LastPass servers before being encrypted.

A few problems

In my tests, Auto-Password Change worked with a wide range of accounts including Amazon, Dropbox, Facebook, GitHub, Google, Reddit, Spotify, and Yahoo. Notably, LastPass' new feature does not appear to work with Microsoft accounts.

Despite the system working well overall, there were a few times that LastPass choked on its password changing attempts. The first site LastPass had problems with was Facebook. Towards the end of the password change, Facebook asked if I wanted to logout of all my devices where I was logged in to Facebook--such as my phone.

When Facebook threw up that window, LastPass choked and cancelled the password change. But since I saw the dialog that Facebook put up, I answered it and elected to remain logged in to my other devices. When this happened, Facebook said my password was successfully changed, but LastPass hadn't registered the switch.


Actually, it wasn't that hard to fix. LastPass saved its attempt to change my Facebook password as a "Generated password for..." entry meaning I could swap out the old password manually and keep everything up-to-date.

Another hiccup came when I was tried to change the password to one of my Google accounts in Chrome.

I am usually signed in to multiple Google accounts at once. When I tried to change one of my Google accounts, LastPass failed since it couldn't navigate through some of the screens multiple account users have to deal with, such as the page where you have to choose one of multiple accounts to log in to.

This is admittedly an edge case, but I suspect many PCWorld readers will have multiple Google accounts and this is an issue to be aware of.

LastPass would probably not do well with any accounts that are protected by two-factor authentication too since LastPass doesn't have access to your passcode generator. I did not have a chance to test this issue thoroughly, however.

Despite its few drawbacks, overall LastPass' Auto-Password Change makes it much easier to change your passwords regularly or when disaster strikes. As for Dashlane's new feature, we look forward to trying it out once we get our hands on it.

Join the CSO newsletter!

Error: Please check your email address.

Tags LastPasssecuritypasswordsDashlane

More about DropboxFacebookGoogleMicrosoftSpotifyYahoo

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Ian Paul

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place