Illustration by Alex Castro / The Verge
Password management service LastPass can now proactively tell you if your logins have been compromised in data breaches — but only if you’re a paid LastPass subscriber. The tool comes as part of a new security dashboard designed to give you a better understanding of the strength of all of your passwords.
The new “dark web monitoring” tool actively checks your logins against Enzoic’s database (previously PasswordPing, who LastPass started partnering with in 2017). If the monitoring tool finds one of your logins in the database, LastPass will alert you in the new security dashboard and by sending you an email. That alert will show you which site was breached and will link out to that website so you can change your password.
The new security dashboard, on the other hand, will be available for free and paid LastPass users, and it can tell you which of your passwords are weak, reused, or otherwise at-risk. The updated dashboard takes the place of the Security Challenge, a tool that also recommended which passwords you should change (including those that had been compromised as reported by Enzoic’s database), but required you to run it manually every time you wanted to check. LastPass says the new dashboard is now available on desktop and will be available in the company’s mobile apps in the coming weeks.
You can already get similar monitoring tools from other password managers, such as the paid service 1Password, or you can check yourself to see if a login has been compromised by checking the Have I Been Pwned database. And Apple plans to offer password monitoring in Safari for free as part of iOS 14 and macOS Big Sur. But LastPass’s new features could be beneficial to those who already rely on the service to help keep track of their passwords.