Try This Automatic Password Changer
Security experts have “best practices” for passwords that can be cumbersome. They recommend you make your passwords long and obscure; never write them down where they can be stolen; and update them regularly. Unfortunately, all of that is so difficult that it seldom gets done. The key to password security is to make is easy. Read on to learn how you can strengthen and change all your most important passwords in just a few seconds...
Password Changer is a Game Changer
Software such as RoboForm and LastPass simplify password management by storing many passwords in an encrypted “vault” and filling them in automatically when they are requested on websites. They all will generate long, complex passwords on demand. You just have to remember one master password to unlock the vault and set a reminder to change passwords monthly.
Password managers have evolved additional features such as auto-filling forms, backing up data and passwords to the cloud, syncing passwords across devices, adding support for two-factor authentication, importing bookmarks and competitors’ password file formats, and so on. Like other security software, password managers are locked in an ever-escalating features war.
Dashlane does all of the above, including two-factor authentication. If you enable two-factor authentication, Dashlane will text to your phone a code that you must enter manually before your master password will unlock Dashlane’s vault.
It also does a great job of minimizing keystrokes, the second most important function of a password manager. For example, when you want to log in to Facebook you don’t have to choose a profile from a drop-down list, as you do in some other programs. Dashlane recognizes the Facebook log-in screen, fills in your username and password, and even “clicks” the log-in button for you. The log-in screen flashes by so fast you may miss it if you blink.
Dashlane has a “security dashboard” where you can review all of your passwords. It highlights weak, reused, or compromised passwords that put you at risk, nudging you to strengthen your defenses.
Automated Password Changing
But the more interesting news about Dashlane is the Password Changer, which lets you update all (or at least most) of your passwords with a single click. Dashlane automatically selects all compatible logins to be changed. You can change them all at once, or select only some logins. Dashlane will generate new passwords, then automatically login and change your passwords on the selected sites in just seconds.
This is pretty awesome in light of the fact that security vulnerabilities and data breaches are happening at an alarming pace. The best course of action when these things happen is to change all your passwords. Doing it manually is a huge nuisance. Clicking a button to make it happen is (almost) fun.
Password Changer is a paid Dashlane feature, available in the Dashlane web app, Safari app, and on iOS and Android. The Dashlane Premium plans costs $60/year. In the past, this feature was criticized by some, because it relied on the Dashlane server to change passwords. After an update in March 2021, the Password Changer does all of that work locally on your device, eliminating the potential security exposure. (Dashlane users with a free account are limited to one device and up to 50 passwords.)
Lastpass, a Dashlane competitor, also has a password changer feature. However, the Lastpass Auto-Change Password facility lacks the automation offered by the Dashlane password changer. You'll need to select a site, do the password change, select the next site, and so on. But still, it's a time saver over logging into each site and navigating to the password change page. I'll admit that not having this feature in Roboform has made me dread the task of updating some of my own passwords on a regular basis.
Dashlane also acts as a digital wallet, storing your credit card and even Paypal data securely and filling in their details wherever needed. If you have multiple versions of a profile (e. g., different shipping addresses you’ve used on Newegg.com), Dashlane stores them all and lets you pick one from a drop-down menu.
Dashlane is a fine option for a password manager and digital wallet. I've been using the paid version of Roboform for years, so I'll be considering a change when my next renewal comes due. (Full disclosure: I have no relationship with Dashlane, Roboform, or Lastpass.) Have you tried Dashlane's automatic password changer?
Your thoughts on this topic are welcome. Post your comment or question below...
This article was posted by Bob Rankin on 24 Feb 2022
|For Fun: Buy Bob a Snickers.|
Geekly Update - 23 February 2022
The Top Twenty
Can You Spare a Few Electrons?
There's more reader feedback... See all 28 comments for this article.
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- Try This Automatic Password Changer (Posted: 24 Feb 2022)
Copyright © 2005 - Bob Rankin - All Rights Reserved
Most recent comments on "Try This Automatic Password Changer"(See all 28 comments for this article.)
24 Feb 2022
Here's a really good article on re-thinking the whole "change passwords regularly" rule.
24 Feb 2022
I've been using Blur by Abine for many, many years. It offers all the features I need, doesn't do what this is talking about, yet anyway, but it does everything else. Works across all platforms and devices. When a password is needed on an Apple device, I'm given the option of using Blur, or Keychain. I use Blur and try to keep Keychain in sync, but my default is always Blur. Simple to do what someone suggested above for a site that doesn't allow a password manager to actually change the password on site, just open Blur, generate a long strong password, copy it, and then enter it to whatever site. Then edit the new password in Blur to add your username and email, so it'll fill in next time. I don't change them as frequently as I did (though when working we were compelled to do so every 90 days), but that's mostly because they're 20 or more characters, symbols and numbers and ALL unique, none reused - Blur makes that part easy too. To each his/her own, but using one just makes sense these days. I wouldn't use a document to store them - though I have both software and hardware firewalls and great security software. That was always drummed into me, never write them down, they'll always be at some risk.
24 Feb 2022
Reviews on Chrome Web Store are not good. Folks have lost passwords etc. You might want to check this out https://chrome.google.com/webstore/detail/dashlane-password-manager/fdjamakpfbbddfjaooikfcpapjohcfmg
It's not as "slick" but I still like my Secret! program from LinkeSoft https://www.linkesoft.com/secret/
Keeps an ENCRYPTED file on MY computer and syncs to my phone via WiFi. Never stored on someone else's servers. Have used this for over 20 years! Support is fantastic. Cannot recommend this highly enough.
24 Feb 2022
When LastPass came out with their 'Premium' release, which is required if you need to access your passwords etc., across multiple devices (desktop or mobile), I opted to use Bitwarden. It had good reviews and had pretty much the same functionality as LastPass, and so far it has served me well.
25 Feb 2022
I ditched LastPass when they wanted to charge to sync across devices. I switched to Bitwarden and haven't looked back.
25 Feb 2022
"Is your Docx file and/or your USB password flash drives encrypted?" is asked by Bill K, and it's a great question.
The answer is No.
1) If I forgot - by even one character - the absurdly long master password, I'd be locked out of all my passwords.
2) I live in a safe, stable neighborhood. In our 13 years here, the worst that has happened is some tires stolen off two vehicles in the driveway. Our town is notorious locally for its zealous police force.
3) Hiding a small flash drive in a 2900-sq ft house is easy. Book safes, pantries, attics, etc, no thief is going to find it.
4) If I die unexpectedly, my executor or adult children can use the flash drive to work with my accounts in my name.
That's how it looks from here anyway. Not a perfect system, but I feel I understand its risks.
25 Feb 2022
"...some tires stolen off two vehicles in the driveway."
Not my driveway. Two other houses. Out of 210.
Ernest N. Wilcox Jr.
25 Feb 2022
I have been using LastPass for a long time on my PCs. I use my phone for making/taking calls, playing a few games, and searching the Internet for information such as phone numbers, etc. but I never use it to access any Internet account I have set up. For example, if I want to go on Facebook, I do so from my PCs at home, not from my phone. I never do any banking on my phone, IMHO, that is simply too insecure. All such activity is performed from the security of my desktop PC at home. All this is to inform you that I have no need to sync my passwords between device types, only between PCs which remains free when using LastPass, so their most recent change to their free tier has had no effect on me.
I use long, strong passwords on all my Internet accounts. I use 2FA with all my Internet accounts that support it. I have my email accounts registered with the Have I Been Pwned Website for alerts when/if they may be involved in a breach. I subscribe to a few security-related newsletters to watch for breach reports. When/if I see news about a (potential) breach that may affect any of my accounts, I use LastPass to change that/those password(s).
I agree with Walter T regarding password changes, and I have read the item he references. The concept of forced password changes has been changed/debunked since about 2009 by many security organizations including the FTC (as the referenced item in Walter T's post indicates - it appears on their site). I put a lot of effort into keeping my computer secure, and if my research indicated that there was any measurable advantage to scheduled password changes, I would make that a part of my monthly/weekly routines.
No one can argue that regularly scheduled password changes can limit the window of a password's vulnerability to the length of time between changes, at most. In other words, if a password becomes compromised immediately following a change (later the same day), it will remain so until the breach is discovered, or until the day of the next scheduled change, whichever comes first. On my Windows 10 desktop I have Ransomware Protection (Controlled Folder Access) enabled. When I install a new app, either during the installation, or when the app runs for the first time, I get a notification telling me that a folder access has been blocked. I then go into my Security dashboard and review the event. If it was the new app, I authorize access to allow the new app to make changes in that folder. Controlled Folder Access protects me from much more than Ransomware, it protects me from any malware being installed on my PC because Controlled Folder Access notifies me when/if any unauthorized change is attempted. RAM-based malware is a different story, and beyond the scope of this post.
The bottom line here is that when/if I become aware that a password has become compromised, I change it ASAP. Until then, as far as I have learned over more than thirty years of computer use/exploration, there is no measurable benefit to be gained with regularly scheduled changes, especially since I use 2FA to better secure my Internet accounts, so I don't do them.
25 Feb 2022
I agree with Steve K. from Feb. 24. The only thing I haven’t done is to put my document on a thumb drive which I will do.
25 Feb 2022
Just tried Norpass as vault for my passwords Well I cannot recommend them as of today I have spent more time trying to log in than it is worth . Yes they do not give back your money .Robo was no better .Will have to go back to writing passwords
25 Feb 2022
@Steve K It is nice to have a good local police force; however, home break-ins happen even in well-protected gated communities. The flash drive located close to your computer is the one I would be concerned with. Unless they are amateurs, thieves know about the different hidey-holes people believe no one would ever find, especially around computers. They will dump and grab anything that even remotely appears of value, and sort it out later. It is good that you have a 2nd flash drive hidden away--and hopefully, they did not come across it also--that way you would be able to change all of your account passwords before they figure out what they have.
As to an end-of-life scenario, a letter or flash drive in a safety deposit box or left with a trusted friend or relative will work as long as it does not contain any personally identifying information (like using your full name as a user-id :-)
26 Feb 2022
"They [thieves] will dump and grab anything that even remotely appears of value, and sort it out later."
I agree, Bill K, and is why all three of my flash drives are stashed with nothing remotely of value. One is in the pantry, for example, but knowing that, you'd never find it if you looked all day. And burglars want to get in and out of a house.
Having one of the drives found by a burglar is a concern, I can't deny. Weighing all the risks, though, it seems the best solution for me.
My plan won't work for everyone. I offer it to others, like Diane, in hopes it helps.
26 Feb 2022
26 Feb 2022
We change passwords at work every 60 and 90 days. (One password for one area, the other for another area) Most of my passwords are what ever is product is in front of me at the time I get the notification.
I have used ingredients off products, warning labels, etc. If I wanted to create a password at this moment it would be 40%AlcByVol/80Proof, I text myself a hint like Fire No 32. I would keep this product close to my computer until I need to change the password again. Seems to work for me, but I only use this at work since I am forced to change them,
I am on the same page as others and only change passwords when I think someone may have tried to compromise my accounts.
28 Feb 2022
I've been using Kaspersky for a couple of years. Will Dashlane be able to download those passwords or will I have to have Dashlane go to each site and make a new password? It would be great if the new password changers could get all of your passwords from a password changer you are moving from but then it would have to find a way to get into the old program which would make it vulnerable.
28 Feb 2022
Thw whole PW scenario is to me mind bogglingly complex, frustrating & time consuming.
I "use" Lastpass free edition & lets say want to search on Alibaba.
First obstacle" enter my email & password; I can't remember which Email I used years ago & I have no idea what PW I have assigned. The alternative is login with Google which I'd prefer not to do.
OK open Lastpass (I can remember my simple master PW) although I am repeatedly advised its too simple.
The vault opens & I see that there are several entries for Google - lets try the last. Re-enter master PW so that I can see the PW, copy it & enter on the Google login. OK now I am IN but what a fuss, it's tedious time consuming & prone to mistakes (By me). I have maybe a dozen or so things to do that involve the use of a PW. This is not fun!
28 Feb 2022
Would you like to create a different password for each of your web sites without any help from PW sgenerators, that meets all security needs, is impossible to hack and easy to remember?
1. Pick an obscure number that you have memorized. A telephone number or the birthday of a past on relative or friend, a number that is already etched in your brain. The number should be 7 to 10 digits long. Write it down.
2) There are some up to 40 symbols on your keyboard. Pick one and add it either before or after that number.
This is the fixed part of your password that will never change for any web site.
3) The part of the password that is unique for each web site consists of the first three letters of the web site which you want to visit, e.g. ama for Amazon, fac for Facebook.
Capitalize one of these three letters. Add them your number either before or after your number. Which end your add these letters is your choice.
3) Now you have a unique password for each web site that is difficult to hack and easy to remember. The combination of such numbers and symbol together with the capitalization of a letter is called an algorithm.
Once you have committed your algorithm to memory you won’t forget it. No longer do you need to write your passwords down anywhere and, even logging into a web site you haven’t visited for a while is easy.
Do not record your passwords anywhere. Certainly not in the auto-log in function on your computer. Don’t share your personal algorithm with anybody. The only place it exists is in your head. That makes your passwords un-hackable.
Technically, you don’t even need to change a password any more but it is probably a good idea to do so from time to time. And there are sited that force you to change your passwords.
All you have to do is change the capitalization from one letter to another. That single change is easy to remember when you get that “invalid password” message.
When resetting a password, some web sites won’t let you use the same password again immediately. You will have to go through the password change procedure two or three times before you can use your old algorithm again.
Don’t change all passwords at once. You can do that as you go along. All you have to remember is the one character you changed.
However, there is one place where you should record your algorithm: your last will and testament. Your executor will then be able to access and delete your accounts after your demise.
01 Mar 2022
Your last will and testament is published and is not private after your death, so it is not the place to leave your password algorithm for your heirs to find.
30 Mar 2022
I tried Dash Lane and they jerked me around for a couple of weeks. I finely gave up and got my money back. It would be great if I could find a password program for someone 83 yrs old.
01 Apr 2022
To all the posters who said they do not update their passwords. I, like you, seldom if ever change passwords. However, that was in the past. If you ever get hit with identity theft, as I was last December, and have to go through a whole bunch of stuff to resolve that situation, your attitude will change.
Someone made a payment, just before Christmas by telephone to one of my credit cards ($2,700 dollars). Normally, a transaction such as that would only take 2 days to post to my checking account (all I use for bill payments) but after 3 days, nothing hit my credit union. So I thought that perhaps some anonymous good samaritan had paid down my credit card debt. Day 4 arrived and there it was in my credit union's checking account. About the same time, I received an email from the credit card's fraud department about a $1500 charge being attempted on my card and ask if it was me. It was not.
That started the domino effect. I had to call the fraud department to discuss what had happened and my card was cancelled and a new one issued which took up to 10 days to receive (just before Christmas, mind you).
Next, I had to notify my credit union about it but by the time I did, they had already rejected the debit because of insufficient funds along with a fee for same. So they told me that they would close my checking account and give me a new one. Before it happened, the $2,700 debit returned for a second go around, with the same result, and another insufficient funds fee.
Being naive about identity theft resolution, I was in no hurry to change all my passwords, thinking the credit union would honor all charges from my creditors being made to my previous checking account number, just as the credit card company was doing. Not so! They returned each charge to the creditor for reason of a closed account. Then I got hit with all kinds of fees by the creditors, one which was my mortgage company.
To make a long story shorter, here it is March, 3 months after the identity theft occurred and I am just now getting out from under all of the debt that one transaction caused me. Some creditors waved fees, others did not.
Bottom line is, I now change my passwords via Roboform, which I have used for years, every 90 days. The trouble with all of this is that I subscribe to a few sites that monitor my personal data for unauthorized access and had been notified that personal information about me was found on the dark web months before this incident happened. I, being cocky, ignored it because I figured no one knew any of my 20 to 30 character passwords as they were all encrypted and stored in an encrypted vault that only I could access with Roboform. I have earned my lesson the hard way.
The person who made that payment to my credit card company did it by telephone and knew my account number for both my credit card and my checking account. The credit card company DID NOT verify that it was actually me that was making the payment even though I had 2-factor authentication turned on for that account.
I had to send/post fraud alerts in each of the 3 major credit bureaus that remain on them for 12 months. Now, when someone wants to do credit checks on me (or I am desiring new credit of some type) during that 12 month time, I have to be notified and am required to give my permission. What a hassle!
So, I think you all should reconsider not changing passwords from time to time. Unless, of course, you want to go through what I just went through. I didn't think it could happen to me; it did! And I am an IT professional for over 40 years and very security minded in my business. If it can happen to me, it can happen to you! It can happen to anyone! Do you want to take that chance?