You’ve probably heard about Heartbleed by now. This Gizmodo article does a nice job explaining what it is and why it’s problematic. How do you know which of the sites you’ve logged into are at risk? How do you know if that service has updated their software to fix the bug making it safe to change your password on that site? There are 496 sites for which I have a username and password. How am I supposed to know which ones are vulnerable. As a LastPass user, LastPass will tell me. [If you’re not yet a LastPass user, this previous blog post, although a bit dated now, will give you the overview of what LastPass does.]
Run the LastPass security check
Log into the LastPass website. On the far left, click “Security check.”
On the next page, click the big red “Start the Challenge” button. You will be asked to re-enter your LastPass password. You’ll see your security score and ranking which is based on things like how many weak passwords you have and how often you reuse a password. Scroll down and you will see this.
For the websites marked “Go update!” go change your passwords. Remember to use the LastPass random password generator to create strong, unique passwords. When you assign a new password to a website, be sure to tell LastPass that you are replacing an existing LastPass website so you avoid having duplicate LastPass entries: one with the old password and one with the new password.
I went into my account settings in Dropbox, clicked on the Security tab, and selected “Change password.” That generated this popup. I clicked the LastPass icon to automatically fill in my current password. Next, click lock/arrow-around-it icon to generate a new password.
LastPass will give you a new password based on the parameters you used the last time you generated a new password. You can change the length of the password, and if you click on advanced options, you can decide if you want special characters, numerals, etc. Once you’re happy with your password, you will get this popup. Click “Yes, Use for this Site.” The new password LastPass just created will replace the old password in your LastPass Dropbox entry.
Click “Change password” and Dropbox will make the change.
Now, go do it for all of the sites LastPass says you should update.