LastPass gives you tools to generate secure, non-guessable passwords, helping you to have the safest web experience possible. You can also use LastPass to replace old passwords with unique, randomly generated ones.
When LastPass detects that you are entering a password for a site that is not already stored in your LastPass Vault, or creating a new login on a new site, it will pop up the Generator icon to assist you in creating a strong password when clicking on the password field:
In this dialog, you can specify the password length and characters that make up your new, secure password. The ‘Show Advanced Options’ allows you to customize your generated password.
‘Avoid Ambiguous Characters’ will prevent the generator from using the characters ‘i’ ‘I’ ‘l’ ‘L’ ‘o’ ‘O’ ‘1’ ‘0’ .
When you Accept the generated password, LastPass also securely saves it in your account in case you do not get a chance to add the new site. You can view the saved password in your Vault at any time:
If LastPass does not prompt you to generate a new password, you can access the feature by clicking on your LastPass Icon, and selecting ‘Generate Secure Password’ to launch the ‘Generate Secure Password’ dialog box.
Watch the Basic Tutorial for Generating a Password
Changing an Old Password to a Generated One
If you stored login details that you created before you began using LastPass, we recommend that you run the LastPass Security Challenge to identify potentially weak passwords. Once identified, you may want to change your old password to ones randomly generated by LastPass.
You may also like to periodically update your passwords; LastPass tries to make this process as simple as possible for sites that you have stored in your Vault.
Replacing Your Old Password
We’ll use a demo Gmail account to show how to update a stored site with a new, generated password from LastPass.
To begin, log in to the target site and access the account settings or preferences page where you can change your password.
When you launch the change password page, you will usually be asked to enter your old password, with a new password entered twice. Click on the field icon in the current password field, and select the login. LastPass will fill in the current password for the login you selected:
Select the options you wish, and if you accept the password that has been generated, click Use Password to autofill both the ‘New password’ and ‘Confirm new password’ fields. This will also create a backup copy of the generated password in your Vault called ‘Generated password for…’. You will then be asked to confirm if this is a password change or a new entry. Choose Yes, Use for this Site to overwrite your existing password with the new one. Choose No, Save as New Entry to save this as a new entry in your Vault and not continue with the password change.
By clicking on Confirm, you will tell LastPass to swap the old password for the entry with the new, generated password. Save New Site creates an entirely new entry for the site with your previous username and new, generated password.
The next time you log in to your site, LastPass will autofill with the new, generated password!
If LastPass does not recognize the change in password when you submit it, do the following:
- Sign out of the site
- Go to the login page for the site
- Use LastPass to enter your username
- Copy/paste the password from the ‘Generated Password’ entry that was stored when you accepted the new password
- Click login
You will then be prompted by LastPass to accept the changes to the site’s entry, and now the new password will be stored with the entry in your Vault.
Auto-Password Change (BETA)
Auto-Password Change will change a site’s password with a single-click. This feature currently supports 75 of the most popular websites. You can see the full list of supported websites below.
Auto-Password Change is currently available for Chrome, Firefox, and Safari in Beta. It only works with supported sites and is not available for shared sites. To try this feature, make sure you are using the latest version of LastPass (3.1.7+). Remember this is a beta feature, so be careful! If you experience any problems or find bugs, please check our FAQs to see if it has been addressed or is being worked on already. If not, let us know by submitting a support ticket.
Is Auto-Password Change Secure?
We implemented Auto-Password Change with security as its top priority. Though LastPass is changing the password for you, the changes happen locally on your machine. Just like all other data on your account, the changed password is encrypted locally before syncing, never allowing LastPass to access your data.
Automatically Changing Passwords
To automatically change a password with Auto-Password Change, go the LastPass Vault and find a supported site. Click the edit icon to edit the site. In the Edit dialog, click the ‘Change Password Automatically’ button as seen below.
By clicking this button, LastPass will begin to automatically log you into the site in the background (in another tab) and change your password. Make sure to NOT close out of this tab. As the Auto-Password Change changes your password, you will see a progress bar.
Once completed, you will receive a notice that the password has been successfully changed on the both the site and in LastPass!
In some work environments, it is not unusual that you have many accounts tied to the same password. If you were to change your password in one location, you would be required to manually change each site saved, which is why we developed the Linked Sites feature.
When a password change is detected for a domain for which you have several saved sites, LastPass will prompt you asking if you would also like to change the saved password for all of your other LastPass sites for that domain: