LivingSocial was hacked today, and more than 50 million customer names, birthdates, emails, and encrypted passwords were stolen.

Dashlane issued a Security Alert to notify our users that they should update their passwords. Luckily, LivingSocial forced a mandatory password reset, so that account is locked until you do so.

But with every breach, there’s more at risk than that one account. That’s where the problem of password reuse comes in. According to a poll that we commissioned with Harris Interactive, 62% of US adults reuse the same password for their online accounts, and less than half change their passwords regularly. If you thought your password wasn’t interesting, hopefully you see now why it is. 

If you reuse your passwords, hackers didn’t just get your LivingSocial password. (Yes, they were encrypted, but it doesn’t take a very good hacker to crack encrypted passwords.) They got the password that you use for your Facebook, Gmail, and maybe even your bank account. (Let’s hope not.)

So what can you do? Unique passwords for all your accounts sound unattainable without a good way to keep track of them. There’s a solution for that.

Dashlane gives you a secure place to store your passwords, encrypted on your device using the leading encryption standard, AES-256. We never store your Master Password anywhere, so you are the only person who holds the key to your data.

We also show you where your vulnerabilities are online: weak passwords, reused passwords, and passwords that are compromised. It’s all easily viewable in our Security Dashboard.

Once you know where your weak spots are, you can update all those passwords instantly by using our strong password generator. Dashlane auto-saves the new password to your account, and autofills it for you on the web the next time you need it. 

Dashane users don’t fret when breaches like this happen. They know it’s easy to fix and by doing their part to protect themselves, they’ve minimized the damage that hackers do.

LivingSocial hacked. Thank God I have @dashlane. It generated the old password. Just generated a new password.

— Joe Casabona (@jcasabona) April 26, 2013

Crazy not to use DL RT @dashlane: Security Alert: LivingSocial.com has been breached. Update your password & accounts where you reuse.

— Amish Jani (@amishjani) April 26, 2013

If you’re not using a password manager yet, hopefully this is the last breach that puts you in a scramble before you realize it’s not enough to rely on your methods and memories to keep up with passwords. Start using Dashlane today! 

Dashlane’s headed to NY Tech Day this Thursday, April 25th. Get your free tickets and come see us!

NY Tech Day is essentially a giant science fair for tech startups. It gets massive turnout with over 400 startups exhibiting for 10,000 tech enthusiasts. It’s a really fun day of strutting your tech-stuff and connecting face to face with users, media, VCs and other exhibitors.

Last year, we attended NY Tech Day just after our big 1.0 launch. (Happy Birthday to us!) Since then, Dashlane has gone through a lot of growth: we launched Dashlane Premium, our iOS and Android apps. And we’ve got even bigger plans in the works for 2.0!

If you haven’t already, register to attend NY Tech Day at Pier 92 and come see us! (It’s free to attend.) We’ll be there all day – going to for perfect attendance on this one – demoing our app and having a ball. And for those who can’t attend in-person, stay tuned on Twitter. We’ll keep you up-to-date on all the fun happenings. 

A large botnet is being used to brute-force passwords for a significant number of WordPress blogs. And by large, we mean large…

The botnet is estimated at using some 90,000 computers and tens of thousands of unique IP addresses in its increasing number of attacks. As is the case with brute-force attacks, conventional methods of stopping them, such as blocking IPs after several failed login attempts, won’t hold up. What’s stopping it?

Strong, unique usernames and passwords.

The attackers are targeting users with the most frequently reused usernames and passwords: admin, test, administrator, root; 123456, 11111, etc. By not using those credentials, Matt Mullenweg, founding developer of WordPress says, “…you’ll be ahead of 99 percent of sites out there and probably never have a problem.”

WordPress advises you to update your username and password to something strong and unique. WordPress.com users should enable two-step authentication. We add our strong support to that advice, plus one tip.

Use a password manager

Now is also a good time to set up Dashlane, a password manager that helps protect you against such attacks. When you have the ability to randomly generate and securely store your passwords – and autofill them instantly all over the web – you’re not dependent on having to create easy-to-remember (read: easy-to-guess) passwords or reuse them. And when you have a personalized Security Dashboard showing you where your weak spots are, you can be proactive about your online security. 

For the strongest passwords you’ve ever had – and never had to remember - get Dashlane today.

Today, we’re launching Dashlane version 1.7.8 for Mac and PC!

First off, we’ve made our update process smoother. After today, Dashlane will update quietly in the background. Once the update is complete, you’ll get a simple notification letting you know what’s new in the app!

We’ve also added autofill preferences to give you better control over Dashlane’s autofill. You can now enable/disable autofill on certain websites and even entire domains, right from within the browser extension!

 Also in this release, we made significant improvements to speed and memory usage, so Dashlane is faster and lighter!  Plus, we’ve fulfilled a lot of popular requests:

• Compatibility with Firefox 20!
• Smoother data import process, including CSVs and credential notes.
• Improved autologin & autofill on sites that have two and three-step verification.
• Clicking the impala in a web field toggles Dashlane pop-ups.
• Ability to manually unflag a credential in the Security Dashboard.
• Ability to disable the confirmation before logging out. Go to “Tools > Preferences > Security”.

That’s it for today’s release. Take it for a spin and let us know what you think! For support queries, please contact us at support@dashlane.com.

In October 2012, Dashlane partnered with Pwnedlist, the largest database of published online credentials, to enhance our Security Alerts feature. We’ve gotten some questions about how our Security Alerts work, so we think it’s worth clarifying our process.

When we launch a Security Alert, as we did yesterday for Netflix, it’s because login credentials were found online by Pwnedlist. In this case, they were in plain text (cringe). Pwnedlist reported on 3/16/2013, “A hacker known as Fugazi has published a list of account credentials that they claim belong to users of netflix.com. The data includes a list of passwords and emails. The passwords are in plaintext format.”

Our general rule is to push alerts for leaks that PwnedList (a very reputable source) considers verified. Since Dashlane makes it incredibly easy to change your passwords and even securely share that information – and Netflix accounts are often shared - we pushed an alert. The effort spent changing a password outweighs the damage cause by a leaked, or worse, a reused password. It’s what makes Dashlane a hackers worst nightmare.

Regarding Netflix, this leak was one among a couple that we received. We continue to strongly suggest that you update your Netflix password and any other accounts where it may have been used. Hackers love reused passwords. (They bank on them). And when it comes to your online security, safe is always better than sorry.