Data breaches like the ones at Target, Neiman Marcus, Staples, Home Depot, and most recently Bebe, are now exceedingly common. Combined with large-scale security incidents like Heartbleed, web users are often asked to quickly change their account passwords to protect themselves against further attacks. Unfortunately, doing so is easier said than done – users tend to re-use their passwords across websites, making it difficult to fully batten down the hatches when one password makes it out into the wild.
Two companies in the business of password management, Dashlane and LastPass, have now stepped in to help with new features that allow users to automatically change their passwords on affected websites.
Dashlane beat LastPass to market with the new addition by hours – clearly, both companies understood that there’s a real need to help make the password changing process easier on end users.
In Dashlane’s case, the feature’s development was aided by the company’s acquisition of PassOmatic, a New York-based startup that created password change technology. In a beta release of Dashlane out this week, PassOmatic’s technology has been baked into Dashlane’s core product, which allows you to change your passwords with a click.
A process that might have otherwise taken time as users hunted down which sites shared that same password and then jumped through the hoops to make the change, now takes seconds instead of minutes or even hours.
Dashlane’s Password Changer works with over 50 top U.S. sites including Amazon, eBay, Facebook, Google, LinkedIn, Twitter and Yahoo and is continuing to grow as the feature expands. The first version is available for PC and Mac with mobile support arriving “soon,” the company says.
The company notes it’s also working on a recurring password change feature that will automatically change passwords at preset intervals – for example, every 30 days.
Dashlane, which now has 3 million users, says that the average users has about 60 passwords stored in its service. That means its ability to change around 50 passwords automatically will cover a lot of the sites visited today.
Following Dashlane, competitor LastPass also rolled out an automated password change feature. The company supports a few more sites at launch, with 75 sites as of today, including big ones like Facebook, Twitter, Amazon, Pinterest, Dropbox and others.
Similar to Dashlane, LastPass will automatically change a password for you when need be. To enable the feature, you click “edit” in the LastPass dashboard for a supported site, and a “Change Password Automatically” button appears. Click this, and LastPass logs you into the website, creates a new password and submits the changes to the site and to LastPass. The next time you log in, LastPass will use the new password.
One difference between the two implementations is that Dashlane’s feature lets you select all the supported sites and change the passwords at once – it even displays little progress bars at the bottom to show you how the work is progressing. Meanwhile, LastPass has you edit each site by individually.
LastPass notes, however, that it makes the password changes locally on your machine so it never has access to your data.
While the automated password changing technology is a huge leap in terms of efficiency and security protections for today’s web users, some may still be hesitant to take steps to protect their account information despite the features’ ease-of-use.
The problem is that many of the most commonly used web services are also regularly accessed as mobile apps. That means, in many cases, users will have to look up their new passwords, then copy and paste them into the apps to sign in. That’s still a bit of a hassle, and when it comes to choosing security over easiness, web users have consistently shown they prefer the latter. If a site lets you make your password ‘123456,’ it will become one of the most popular password choices.
(On Android, we should note, things are a little easier thanks to support for autofilling logins. iOS and Windows Phone, sadly, don’t allow for this.)
You can try the new features for yourself, for free. Dashlane users can sign up for early access, and LastPass is available for download here.
Image credit, top: JMiks