How to update all your important passwords
HOW TO UPDATE ALL YOUR IMPORTANT PASSWORDS WITH JUST A FEW CLICKS.
IT’S OK. WE’VE all done it. Pretty much everybody has committed this one security sin at some point: using the same password for multiple websites. There are just too many sites, and no human could be expected to remember a unique set of random letters and numbers for every single service.
But we’re grown up now. We use a password manager (don’t we?), and that allows us to maintain unique good passwords for every website, just as we should. But going through and changing all our existing passwords seems like a lot of effort, especially if we plan to do this every year.
Thankfully, some password managers are here to help. A handful of password managers have a feature you might not be aware of: automated password updating. For selected sites (generally the big ones like Google, Microsoft, Amazon, Apple, Twitter, Facebook and so on), the password manager can automatically go in an update your passwords for you, replacing the existing password with a new string of random letters and numbers (and storing the new password for you). This is incredibly useful, especially if you used the same password for multiple sites. Having a unique password for every site is critical; if you’ve ever had one of your major accounts hacked you’ll know why. Say you have an old Twitter account that you no longer use, and the password gets hacked. Immediately you’ll see a string of warnings from every other major account – Google, Microsoft, Facebook and so on – that somebody is trying to access your account. The hackers know that people use the same username/ password combo for multiple sites and if they crack one site they will try them all.
So which password managers have automatic password updates? LastPass and Dashlane are the most notable, but Zoho Vault and Norton Password Manager can also do it.
Others like, RoboForm, 1Password, Sticky Password and even the iOS and Google password managers can audit your passwords and tell you when you have used the same password on multiple sites, but won’t be able to automatically update the passwords for you.
We don’t have space here to provide a guide on how to perform automatic password updates with all the tools that can do it, but we’ll walk through it on the most popular password manager, LastPass.
AUTOMATIC UPDATING WITH LASTPASS
In LastPass, automatic password updates are available for close to a hundred of the most
common web sites and services. You can find a list of supported services at helpdesk.lastpass. com/generating-a-password/auto-passwordchange-beta/.
When you open the site details from any of the supported sites, either from the LastPass Vault or from the browser add-on, you’ll see an extra button that doesn’t appear in other sites.
To see this in action, click on the LastPass icon in your browser and select Open My Vault, which will take you to the LastPass Vault webpage. In your list of passwords, find your Facebook password (or Google, Amazon or other supported site if you don’t have Facebook) and select Edit, which will bring up the details for that site. Just below the password, there’s a new button that only appears on supported sites: Auto-Change Password.
Click on that button, and LastPass will open site for you and change the password to a new, automatically generated password.
Now this is useful if you want to quickly update the password for a single site. But what if you want to check and change the passwords for all of your sites? This is where the Security Challenge is very useful.
LastPass’ Security Challenge is a password auditing feature that will let you know about passwords that have been already compromised by hackers, passwords that are just weak and easily crackable, passwords that haven’t been changed in too long, and instances where you’ve used the same password for multiple sites.
To use it, go to your Vault and click on Security Challenge on the bottom left. A new tab will open, and you’ll be prompted to begin (this will require re-entering your master password).
Once you start, LastPass will spend some time analysing your passwords, and will produce a final security score for you, along with lists of compromised, weak, reused and old passwords.
Now, for the automatic updates. Click on the + sign next to one of the Steps to bring up the list of sites with issues. For sites that support automatic password updates, there will be a check box on the left hand side (sites that aren’t supported by automatic updates will still be listed, but won’t have a check box). Click on the check boxes to select them, then click on Update Now.
This will go through and automatically change the passwords on the selected sites, all at once, without any further intervention by you. It might take a little while, depending on the sites, but should be able to update all the sites’ logins to new auto-generated passwords without further intervention by you.
For the sites that don’t have automatic password updates, you’ll just have to do things the old fashioned way. Click on the Launch Site button next to the site name, which will open up the site in the new tab, and then you can locate its password change feature manually. If LastPass has given you a warning about the site, you should update the password. You may not think it important now, but maintaining good passwords is your number one step on keeping your digital life safe.