LastPass warns you now when you are using duplicate or weak password

Martin Brinkmann
Mar 25, 2013

You can improve the security of your online accounts by following a few simple password rules. Important in this regard are for instance the rules to never use the same password multiple times, and to select secure passwords and not weak ones.

Duplicate passwords can lead to a serious problem. Imagine one of the sites getting hacked that you used the password on. The attacker may decrypt the password and try it on other popular sites in hope that it may work in combination with the selected email address or username as well.

Weak passwords on the other hand are either guessable right away or easily decrypted via dictionary or brute force attacks. Selecting password, princess or qwerty as your password guarantees that attackers can decrypt it in record time to access your account.

The company behind the online password manager Last Pass announced two additions to its password manager that help users identify weak or duplicate passwords. The feature is currently only available in the Chrome version of Last Pass, but will be added to the company's other browser extensions in the near future.

It is activated by default and indicates a weak or duplicate password by changing the extensions' icon color to yellow in the browser's address bar. The password seems to be tested during log in only.

last pass weak password

When you click on it, you open an explanation of what Last Pass detected. It displays the type of issue, weak password or duplicate password, explains what it recommends you to do, and displays the domain and user name of the site.

You can now change the password on the site, since you are logged in on the site. Last Pass will detect the new password and offer to change the current one to it.

If you do not want the alerts to be displayed in your browser, you can disable them with a click on the disable alert pulldown menu. Here you can disable the alert for the current website, or all weak or duplicate site alerts instead.

Here you can open Last Pass' Security Check as well which opens the page on the Last Pass website to run a check on all accounts in the database.


Tutorials & Tips

Previous Post: «
Next Post: «


  1. William Anderson said on November 11, 2013 at 3:23 am

    I was using LastPass 2.0 with the latest firefox beta and LastPass stopped firefox for 30 seconds when I logged in. With LastPass 3.0 it starts right away now.
    I saw you prefer KeePass. I want to use a password manager with my pc and my galaxy note 2.
    Do you recommend KeePass 1.x or the 2.x

    1. Martin Brinkmann said on November 11, 2013 at 7:29 am

      I use KeePass 2, but some do not like it because of its .Net Framework requirements.

  2. Mihir said on April 2, 2013 at 2:38 pm

    You guys haven’t mentioned the best password manager – RoboForm. If you try both web based solutions mentioned above, then try RoboForm, you will find that RoboForm is much easier to use and works a lot faster. I use the desktop version so my passwords are NOT stored in the cloud, something that both Dashlane and LastPass force you to do.

    1. Martin Brinkmann said on April 2, 2013 at 4:16 pm

      Mihir we have reviewed Roboform several times in the past, the last review is here:

      I personally prefer KeePass though.

  3. ReeRee82 said on April 2, 2013 at 10:41 am

    I also used to use lastpass but then heard about their security breach previously and stopped using it. No thanks

  4. Tushar Agarwal said on March 26, 2013 at 8:16 am

    Yes noticed it today, but the fact is most of the internet users have same password for multiple sites since its easy to remember or manage logins this way.

  5. austin316gb said on March 25, 2013 at 6:07 pm

    Dashlane has been doing this for ages.

    I used to use Lastpass but switched to dashlane. I now love it. It even monitors my purchases and store digital receipts for everything I buy online

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.