Worried about Heartbleed? LastPass' Security Check has you covered

Summary:LastPass has updated its built-in Security Check so that you can now easily see which sites require you to update your passwords to be safe from possible Heartbleed attacks.

BadLastPass
All those Websites needing new passwords to protect yourself against Heartbleed attacks may look daunting in LastPass' Security Checker, but it's a heck of a lot easier than looking for them by hand.

LastPass has always been an excellent Web browser password management program. In Heartbleed's ugly security aftermath, the company's new Heartbleed-aware Security Check feature turns it into a great password manager.

You see one of the most annoying things about trying to protect yourself against sites that have potentially left you open to Heartbleed-based attacks is that it's not enough for a site to patch its OpenSSL software. It must also update its Secure-Socket Layer (SSL) certificates. Until both steps have been taken it's still won't be safe to update your password.

That's the bad news.

The worse news is if you're like me, you may have several hundred sites to check up on for security updates.

What LastPass has done is add a new feature to its Security Check that firstly automatically checks to see if any of your stored sites and services were affected by Heartbleed, and secondly if you need to update you passwords for these accounts at this time. What once was a Herculean task of checking and rechecking sites now becomes manageable.

To run the LastPass Security Check you just run it from the LastPass Icon menu. Simply, click the LastPass icon in the browser toolbar, click the Tools menu, and select the Security Check. Just follow the prompts and you'll soon see what you need to do with your Websites.

What's that? You don't own LastPass? No worries, LastPass' free version includes this feature and you can download it and get to work checking your sites immediately.

Of course, if your password "manager" is your memory and a piece of paper you'll still need to visit each site and enter your password so LastPass knows what's what. If, however, you're using another password manager you should be able to import your passwords into LastPass and start checking your passwords much more quickly.

I have two caveats about importing your passwords. First, while the import procedure works well on Windows and Mac OS X, I was unable to get it to work on Linux. Fortunately, once you've imported your passwords from any machine you can then use the imported passwords on any of your systems no matter what operating system you're running and on all the major Web browsers: Chrome, Firefox, Internet Explorer, Opera, and Safari.

My other word of warning is that when you import your passwords, LastPass treats them as if they had all just been changed. So, when you run the test and it tells you that all is well because both you and the site are now up to code, don't believe it. If you know — and I'm sure you do — you haven't changed your password since 2010 on say Facebook you'll still need to change your password. Still, LastPass does give you a list of sites to be concerned about and that's still a great savings in time and on your nerves as you deal with Heartbleed's aftershocks.

Related Stories:

Topics: Security, Networking, Open Source, Web development

About

Steven J. Vaughan-Nichols, aka sjvn, has been writing about technology and the business of technology since CP/M-80 was the cutting edge, PC operating system; 300bps was a fast Internet connection; WordStar was the state of the art word processor; and we liked it.His work has been published in everything from highly technical publications... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.