Password manager apps Dashlane and LastPass are hoping to take the sting out of the next security snafu that affects your online accounts. This week, both services new automatic password-changing features that let you swap your login codes with just a few clicks, replacing them with randomly generated passwords made up of letters, numbers, and symbols. The new features automatically save the new logins to your password manager of choice.
Both Dashlane and LastPass can change your password for about 75 separate services, but they operate a little differently. LastPass' Auto-Password Change works on an account-by-account basis, while Dashlane's Password Changer can work on multiple accounts at once.
Why this matters: After the public reveal of the Heartbleed vulnerability in April, many users were forced to swap out at least some of their passwords for online services. But changing passwords is a pain and can be very time consuming. The new Dashlane and LastPass features will make it easier the next time a major vulnerability has you scrambling to change multiple accounts at once. It also makes it easier to change your passwords more regularly, which is standard practice for good password hygiene.
Hands-on with LastPass
The password changing features for both Dashlane and LastPass are currently in beta; however, Dashlane is only letting users sign-up for the chance to try its new feature. LastPass is already rolling out auto-password change to any user running LastPass version 3.1.70 for Chrome, Firefox, and Safari. Both LastPass' Auto-Password Change and Dashlane's Password Changer work only on PCs and are not available on mobile devices.
To change your passwords automatically with Auto-Password Change you have to open your LastPass Vault by click on the extension's icon in your browser. Then press the pencil (edit) icon for the account you want to change.
In the tab that opens, click the Change Password Automatically button under the password field.Then you have to click Change Password Now in the new window that opens to authorize LastPass to open a new browser tab, log in to your account, and change your password. The whole process takes just a few seconds, and you can even watch it happening in the new browser tab.
LastPass says all changed passwords are created on your device and do not go up to the LastPass servers before being encrypted.
A few problems
In my tests, Auto-Password Change worked with a wide range of accounts including Amazon, Dropbox, Facebook, GitHub, Google, Reddit, Spotify, and Yahoo. Notably, LastPass' new feature does not appear to work with Microsoft accounts.
Despite the system working well overall, there were a few times that LastPass choked on its password changing attempts. The first site LastPass had problems with was Facebook. Towards the end of the password change, Facebook asked if I wanted to logout of all my devices where I was logged in to Facebook--such as my phone.
When Facebook threw up that window, LastPass choked and cancelled the password change. But since I saw the dialog that Facebook put up, I answered it and elected to remain logged in to my other devices. When this happened, Facebook said my password was successfully changed, but LastPass hadn't registered the switch.
Actually, it wasn't that hard to fix. LastPass saved its attempt to change my Facebook password as a "Generated password for..." entry meaning I could swap out the old password manually and keep everything up-to-date.
Another hiccup came when I was tried to change the password to one of my Google accounts in Chrome.
I am usually signed in to multiple Google accounts at once. When I tried to change one of my Google accounts, LastPass failed since it couldn't navigate through some of the screens multiple account users have to deal with, such as the page where you have to choose one of multiple accounts to log in to.
This is admittedly an edge case, but I suspect many PCWorld readers will have multiple Google accounts and this is an issue to be aware of.
LastPass would probably not do well with any accounts that are protected by two-factor authentication too since LastPass doesn't have access to your passcode generator. I did not have a chance to test this issue thoroughly, however.
Despite its few drawbacks, overall LastPass' Auto-Password Change makes it much easier to change your passwords regularly or when disaster strikes. As for Dashlane's new feature, we look forward to trying it out once we get our hands on it.