How do I reset passwords on multiple websites easily?

This is a known problem without an existing solution. Some password management tools are working on it, but it is not complete or fool-proof.

For example: https://helpdesk.lastpass.com/generating-a-password/

Auto-Password Change will change a site’s password with a single-click. This feature currently supports 75 of the most popular websites. You can see the full list of supported websites below.

In general, though, when you use a password manager for all your accounts, 90% of the work you need to do is already done. You know which sites use that username/email, and you can avoid re-using passwords in the first place (or know which accounts use a shared password).


No, not really - they all have different processes for verifying your identity for password reset requests, and there isn't any standard for bulk password resets. For example, Apple may use a device which is registered to the account as a confirmation that it's you sending the request, while Facebook uses different schemes depending on whether you're changing your password from a device where you've previously logged in, or from a completely unrelated one.

Easiest way is probably to go through common websites (e.g. work through a list like https://en.wikipedia.org/wiki/List_of_most_popular_websites, ignoring any which you are sure don't apply) providing the email address you want to reset, and watching for reset emails. It's not perfect, but if you're changing the ones you know are sensitive (e.g. ones which have credit card details associated, or email accounts, or government systems), that's ok - you know that those accounts will have unique passwords, even if an attacker may be able to log into your abandoned MySpace (or other defunct social network) account with an old password.


One tip to help you out on your journey is that multiple sites have recently implemented the "well-known password change URL". This is something you can plug in to any (supporting) website that redirects to the page that lets you change your password.

Take the homepage of the site, and add /.well-known/change-password to the end. Examples:

accounts.google.com/.well-known/change-password
  -> https://myaccount.google.com/signinoptions/password

github.com/.well-known/change-password
  -> https://github.com/settings/admin

twitter.com/.well-known/change-password
  -> https://twitter.com/settings/password

meta.discourse.org/.well-known/change-password
  -> https://meta.discourse.org/my/preferences/account

Tags:

Password Reset

Have I Been Pwned

Recent Posts