Note: When something like a password database compromise happens, it’s a good time to reassess. Using LastPass, I could reset my Lifehacker password, and all others like it, in three minutes, from a train. Here’s how to do that.
Portions of this post originally ran in a previously published Intermediate Guide to Mastering Passwords with LastPass. We thought it was a good time to jump back into top-level password control and password changes.
The LastPass browser extension is a free password manager that securely stores, generates and audits your passwords. You can learn more about LastPass here, or head to the LastPass home page. Here’s how to use it to hunt down passwords you’re using across various sites, as well as to generate new, more secure passwords.
Update: Reader Rufo informs us that 1Password offers a possibly more direct means of searching out a password you used and finding where else you have it registered. We recommend you do that any password you believe has been compromised.
Step 1: Install LastPass, and Let It Save Your Passwords
The first time you install LastPass, it will, at some point in the setup wizard, prompt you to import saved passwords from your browser. Assuming you’ve been allowing your browser to save your passwords, let LastPass import all of these passwords.
Note: Many of you are understandably wary of handing over all your passwords to a third-party service. Under the circumstances, we can’t blame you. Take a look at LastPass’ security page and security FAQ for a better idea of how the service works.
Step 2: Audit and Update Your Passwords
Point your browser to each site where you’d used this password and find its password update tool. One of LastPass’ built-in features detects password changes forms. In other words, if you log into a website and change your password, it notices a field asking for your current password, but also asking for another password. LastPass can do one of two things here: It can help you generate a secure password, using rules and defaults of your choice (recommended — just click on LastPass, then select Tools > Generate Secure Password), or it can simply watch you type in your new password. Either way, once you update your password, LastPass will offer to update it in the LastPass database.
Step 3: Second-Level Security Updates
Finally, there’s a painful lesson to be learned this fiasco: don’t use weak passwords, don’t use the same passwords across different sites, and don’t let your friends or relatives do as such either. We’re keenly aware of just how much frustration this is causing, but some of it can hopefully be channelled into a better chance at leaving us all better protected in the future.