LastPass warns you now when you are using duplicate or weak password
You can improve the security of your online accounts by following a few simple password rules. Important in this regard are for instance the rules to never use the same password multiple times, and to select secure passwords and not weak ones.
Duplicate passwords can lead to a serious problem. Imagine one of the sites getting hacked that you used the password on. The attacker may decrypt the password and try it on other popular sites in hope that it may work in combination with the selected email address or username as well.
Weak passwords on the other hand are either guessable right away or easily decrypted via dictionary or brute force attacks. Selecting password, princess or qwerty as your password guarantees that attackers can decrypt it in record time to access your account.
The company behind the online password manager Last Pass announced two additions to its password manager that help users identify weak or duplicate passwords. The feature is currently only available in the Chrome version of Last Pass, but will be added to the company's other browser extensions in the near future.
It is activated by default and indicates a weak or duplicate password by changing the extensions' icon color to yellow in the browser's address bar. The password seems to be tested during log in only.
When you click on it, you open an explanation of what Last Pass detected. It displays the type of issue, weak password or duplicate password, explains what it recommends you to do, and displays the domain and user name of the site.
You can now change the password on the site, since you are logged in on the site. Last Pass will detect the new password and offer to change the current one to it.
If you do not want the alerts to be displayed in your browser, you can disable them with a click on the disable alert pulldown menu. Here you can disable the alert for the current website, or all weak or duplicate site alerts instead.
Here you can open Last Pass' Security Check as well which opens the page on the Last Pass website to run a check on all accounts in the database.
Advertisement
Martin,
I was using LastPass 2.0 with the latest firefox beta and LastPass stopped firefox for 30 seconds when I logged in. With LastPass 3.0 it starts right away now.
I saw you prefer KeePass. I want to use a password manager with my pc and my galaxy note 2.
Do you recommend KeePass 1.x or the 2.x
Thanks
Bill
I use KeePass 2, but some do not like it because of its .Net Framework requirements.
You guys haven’t mentioned the best password manager – RoboForm. If you try both web based solutions mentioned above, then try RoboForm, you will find that RoboForm is much easier to use and works a lot faster. I use the desktop version so my passwords are NOT stored in the cloud, something that both Dashlane and LastPass force you to do.
Mihir we have reviewed Roboform several times in the past, the last review is here: https://www.ghacks.net/2011/12/08/roboform-everywhere-review/
I personally prefer KeePass though.
I also used to use lastpass but then heard about their security breach previously and stopped using it. No thanks
Yes noticed it today, but the fact is most of the internet users have same password for multiple sites since its easy to remember or manage logins this way.
Dashlane has been doing this for ages.
I used to use Lastpass but switched to dashlane. I now love it. It even monitors my purchases and store digital receipts for everything I buy online