Password manager apps Dashlane and LastPass are hoping to take the sting out of the next security snafu that affects your online accounts. This week, both services new automatic password-changing features that let you swap your login codes with just a few clicks, replacing them with randomly generated passwords made up of letters, numbers, and symbols. The new features automatically save the new logins to your password manager of choice.
Both Dashlane and LastPass can change your password for about 75 separate services, but they operate a little differently. LastPass' Auto-Password Change works on an account-by-account basis, while Dashlane's Password Changer can work on multiple accounts at once.
Why this matters: After the public reveal of the Heartbleed vulnerability in April, many users were forced to swap out at least some of their passwords for online services. But changing passwords is a pain and can be very time consuming. The new Dashlane and LastPass features will make it easier the next time a major vulnerability has you scrambling to change multiple accounts at once. It also makes it easier to change your passwords more regularly, which is standard practice for good password hygiene.
Hands-on with LastPass
The password changing features for both Dashlane and LastPass are currently in beta; however, Dashlane is only letting users sign-up for the chance to try its new feature. LastPass is already rolling out auto-password change to any user running LastPass version 3.1.70 for Chrome, Firefox, and Safari. Both LastPass' Auto-Password Change and Dashlane's Password Changer work only on PCs and are not available on mobile devices.
To change your passwords automatically with Auto-Password Change you have to open your LastPass Vault by click on the extension's icon in your browser. Then press the pencil (edit) icon for the account you want to change.
In the tab that opens, click the Change Password Automatically button under the password field.Then you have to click Change Password Now in the new window that opens to authorize LastPass to open a new browser tab, log in to your account, and change your password. The whole process takes just a few seconds, and you can even watch it happening in the new browser tab.
LastPass says all changed passwords are created on your device and do not go up to the LastPass servers before being encrypted.
A few problems
In my tests, Auto-Password Change worked with a wide range of accounts including Amazon, Dropbox, Facebook, GitHub, Google, Reddit, Spotify, and Yahoo. Notably, LastPass' new feature does not appear to work with Microsoft accounts.
Despite the system working well overall, there were a few times that LastPass choked on its password changing attempts. The first site LastPass had problems with was Facebook. Towards the end of the password change, Facebook asked if I wanted to logout of all my devices where I was logged in to Facebook — such as my phone.
Sign up for Computerworld eNewsletters.