product icon

How do I change weak or reused passwords in my vault?

    If your security score in your Security Dashboard indicated that you have weak and/or reused passwords in your vault, you can change these at-risk passwords individually to improve your overall security score.

    Tip: To prevent storing weak and/or reused passwords in the future, you can use the built-in secure password generator for each site password you add to your vault as a best practice for good password hygiene.
    Note: This feature is not available for LastPass Free users. Learn how to upgrade to LastPass Premium, or view LastPass plans and pricing for feature information.

    Note: LastPass uses the industry-standard zxcvbn library to assist in calculating each password's strength. As a result, your individual passwords' strength and your security score for all of your passwords in your vault may vary. Individual password strengths can be 0-25-50-75-100 percent (or a different value if the individual password is reused on multiple site password entries) while the security score can be anywhere between 0-100. Learn more about password strength and security score calculation.

    Change from the Password Security page

    You can change your weak or reused password from the Password Security page by accessing from the LastPass browser extension notification or directly via the Security Dashboard within your vault.

    1. Navigate to the Password Security page from either of the following locations:
      Navigation Instructions
      Notification in the LastPass browser extension
      1. On the in-app notification from LastPass, select View password.
        Weak or reused password notification - view password
      From the Security Dashboard
      1. While logged in to LastPass, click the active LastPass icon active LastPass icon in your web browser toolbar, then select Security Dashboard in the menu.
      2. In the Security Score pane, select View passwords.
        Security Score pane
      3. Locate your desired at-risk password.
        Tip: If desired, you can use the "Filter by" option in the upper-right to display only weak, reused, or missing passwords.

      Result: You are taken to the Password Security page (in the Security Dashboard).

    2. In the right navigation under the "Actions to Take" column, select Change password.
      Password Security page
    3. Select Continue to site.

      Result: You are redirected to the site for your stored password and automatically logged in using your stored credentials.

    4. Once logged in to the site, change the password within the site's account settings.
      Tip: Use the LastPass built-in password generator to create strong, secure passwords. Learn how at Generate Secure Passwords.

      Troubleshooting: If you are unable to log in with your current credentials, use the Forgot Password recovery flow on the site to change your password.

    5. Return to your LastPass vault.
    6. Once your password has changed, you will be prompted by LastPass to click Update to change the password in your LastPass vault.
    Results: Your password has been updated on both the website and within your vault, and is now displayed as "Secure" on the Password Security page.

    Change from the Edit Password screen

    1. Log in to LastPass and access your vault by doing either of the following:
      • In your web browser toolbar, click the LastPass icon active LastPass icon and select Vault or Open My Vault.
      • Go to https://lastpass.com/?ac=1 and log in with your email address and master password.
    2. If prompted, complete steps for multifactor authentication (if it is enabled for your account).
    3. Select Passwords or All Items in the left navigation.
    4. Select on your desired at-risk password.
    5. Select Change password.
      Edit at-risk password
    6. Select Continue to site.

      Result: You are redirected to the site for your stored password and automatically logged in using your stored credentials.

    7. Once logged in to the site, change the password within the site's account settings.
      Tip: Use the LastPass built-in password generator to create strong, secure passwords. Learn how at Generate Secure Passwords.

      Troubleshooting: If you are unable to log in with your current credentials, use the Forgot Password recovery flow on the site to change your password.

    8. Return to your LastPass vault.
    9. Once your password has changed, you will be prompted by LastPass to click Update to change the password in your LastPass vault.
    Results: Your password has been updated on both the website and within your vault, and is now displayed as "Secure" on the Password Security page.
    Related Articles