Careful: LastPass Remembers Generated Passwords Forever

I use LastPass Premium for storing hundreds of online passwords. However I don’t trust it with my most important banking passwords. For those, I use LastPass only to generate a complex password, then I encrypt the password and store it locally.

I was therefore not happy this morning to discover that LastPass was offering multiple passwords I had generated for PayPal:

LastPass generated passwords

One of those passwords was generated three years ago!

According to this LastPass FAQ article, a generated password will be replaced when you save the full entry in LastPass. But of course that is exactly what I am trying to avoid.

To deleted your generated passwords:

1. Open your LastPass Vault. Search the Sites for “generated”. Check the box next to each one, then choose Actions > Delete at the top.

LastPass generated passwords 2

2. Surprise! The passwords are still not gone. Click … More Options > Advanced > Deleted Items, then click Purge All:

LastPass generated passwords 3

In the future, I’ll try to remember to wipe these generated passwords as soon as I create them—or just use one of these sites for generating passwords:

http://passwordsgenerator.net/
https://identitysafe.norton.com/password-generator

2 thoughts on “Careful: LastPass Remembers Generated Passwords Forever

  1. ZenOne

    Mark,

    Great info.

    Curious, have you looked at RoboForm at all?

  2. Mark Berry Post author

    ZenOne, no, I’ve only used LastPass. I considered KeePass, which does not have cloud storage, but you give up some convenience with that.

Leave a Reply

Your email address will not be published. Required fields are marked *

Notify me of followup comments via e-mail. You can also subscribe without commenting.

This site uses Akismet to reduce spam. Learn how your comment data is processed.