Dashlane and LastPass can now change your passwords automatically
Dashlane (review) and LastPass (review) are two of the top password managers available across multiple devices. Download3K provided a detailed comparison review of these leading password safety tools recently. They run off master passwords and once these have been entered you can view the password vault with all your web site passwords safely saved for you. Both software options offer web browser extensions to add extra functionality to your browser when surfing the web.
Once logged into web browser extensions, both Dashlane and LastPass are both capable of automatically logging you into web sites as you visit them. No more trying to remember the password for every web site or even needing to use the same password everywhere because you cannot remember more than one.
The problem more recently has been issues like Heartbleed where security certificates were found to be vulnerable necessitating web users to change their passwords on all their important web sites because it was unclear if their passwords had been compromised or not.
Dashlane was the first to come out a way to automatically change passwords for web sites already loaded into a user's account and not to be outdone LastPass followed suit later.
How Does Automatic Password Changing Work?
The process of letting these password managers change your web site passwords is a little different for each piece of software.
With Dashlane, clicking the big green button is the thing to do. The button reads: Change all passwords. The dashboard at Dashlane will then get to work changing the passwords for you. There is still some authentication to go through and a few clicks here and there to approve new passwords for the web sites.
With LastPass, unfortunately there is no single button that will change passwords on all saved sites. Because of this it is necessary to see the list of saved sites and click the “Change password automatically” link in order to action a change for that individual site. If you have many sites saved, this could involve a lot of clicking and quite a bit of time too.
Limitations with Automatic Password Changing
The ability to change passwords automatically is a nice one to have. Don't get us wrong. Dashlane does a better job of it because they offer close to a one click solution to the problem. However, the trouble comes into play because of the limited implementation by both services on just what sites they can actually help to automatically update in the first place.
Dashlane Does Quite Well
Dashlane is able to directly interface with only 75 web sites in order to change the passwords. This does include some big names like Google, Twitter, Facebook, Amazon and PayPal, but smaller sites aren't covered at the present time.
Two-factor authentication also works with the automatic password changing which is good to see with a pop-up appearing to confirm the identity of the user before going ahead with the password changes.
In the future the company also plans to offer the extra option to prompt the user to change the passwords every 30 days.
LastPass Drops The Ball
In the case of LastPass, it also appears that they presently cover around the same number of major sites with their individual automatic updates. Again this is a pretty restrictive list and a long way from comprehensive. A user could have hundreds of web sites saved into their LastPass vault, so a change of password due to a new Heartbleed-like security problem would still leave most of the passwords outside of the coverage from the automatic update feature.
A bigger problem though is that presently LastPass does not support their two-factor authentication when using the automatic update feature. Therefore, for anyone interested in improved security – one reason to use the software in the first place – they have to update every site manually. For these users, the LastPass automatic update feature is more smoke and mirrors than a reality for them. Given that LastPass came out second to Dashlane with their automatic password changer feature you'd think they would have gotten this sorted before launching the new automatic option...
Overall, Dashlane has done a better job in responding to the risks associated with Heartbleed SSL and other security issues. Their implementation is more complete and works with two-factor authentication. The LastPass solution seems rushed and inadequate at present. Hopefully they'll make improvements to it in the coming months.