Jul 21, 2011

LastPass Gets a New Look for Mac Lion & Safari 5.1 Release

With the official announcement of OSX 10.7 Lion by Apple, we've released a new version of LastPass for Safari 5.1 - with a new look, too!

Apple has made some significant updates to Safari, some of which have affected how LastPass works. The native SIMBL extension is no longer compatible due to the changes to the browser, so we took advantage of some of the new features of their extension interface to make our Javascript extension much better.
For example, we have implemented a popover-style menu that significantly improves the usability and user interface of LastPass compared to previous versions. We have added a search input box on the main menu, which many users requested to improve searchability of logins. The password generator is also accessible from the main menu, giving easier access to new, secure passwords.
Once you've upgraded your system to Mac OSX Lion or your browser to Safari 5.1, you can install the new version of LastPass. First uninstall all traces of LastPass that you may have installed in your new Safari - copy-paste https://lastpass.com/lpsafari.dmg to Safari or another browser on your Mac, press "Enter" to start the download link and choose the "uninstall" package option.

Once complete, copy-paste https://lastpass.com/lastpass.safariextz to Safari and press "Enter" to run the installer. Ensure that extensions are enabled in the Safari Gear menu - Preferences - Extensions tab if the LastPass asterisk button doesn't appear after you complete installation.

Known compatibility issues with Safari 5.1:
  • Basic authentication logins are no longer supported - we are investigating possible workarounds.
  • The login state of the browser extension cannot be shared with the LastPass extension on other browsers.
  • Copy username and copy password do not work.
If you're running a 5.0.x version of Safari, you can continue to use the native SIMBL extension or you can upgrade to the new version but you will still see the previous menu bar rather than the new popover menu; this is only available once you upgrade to 5.1.

We believe our new Safari extension is a big step forward in our browser integration with Safari, and with the LastPass user experience as a whole. Our intent is not only to give LastPass a makeover, but to simplify access to your data and reduce the number of clicks you need to make to get the job done.

We know it's a big change for our users, and we welcome your reactions or suggestions via comments below or in an email to support@lastpass.com.

Thanks,
The LastPass Team

59 comments:

  1. Looks great! However I notice that when I choose the 'remember password' option it brings up the are you sure dialog which steals focus from the popover login window causing it to disappear; resetting the login process.

    ReplyDelete
  2. Will this user interface be ported over to other browsers?

    Safari usage has to be in the minority, so it would really stink to see no one else benefit from this hard work.

    ReplyDelete
  3. Looks really cool. Please port to FF and Chrome ;)

    ReplyDelete
  4. I miss the ability to manually pick a site. I know the idea is that search will find it for you but I've found that sometimes I can't remember the URL/name or provide something the search can locate.

    ReplyDelete
  5. People use Safari!? Looks nice (especially password generation and search on the main menu!). Hope it's coming to Chrome and FF soon!

    ReplyDelete
  6. "The version of Safari you are currently running does not have HTML5 database support enabled. As such, this login page will not remember your email and password, and other features such as automatic login on browser restart will not work. You may be able to fix this by adding --enable-databases as a parameter to your Safari browser shortcut. You may also be blocking all cookies, which causes Safari to disallow HTML5 database access."

    I get this when I click the LastPass button with the new extension. Any ideas what is happening? I have database support enabled and am only blocking cookies from 'third parties and advertisers'.

    ReplyDelete
  7. @anonymous, we are a 'third party'. If you block cookies your'e going to see this error message.

    ReplyDelete
  8. @Kappuru In what sense are you a third party?

    ReplyDelete
  9. I second what @John Childs said - this is a HUGE bug!

    ReplyDelete
  10. I feel like I'm flogging a dead horse here, but how about giving some attention to LP on the iOS platform? The LP Tab Browser for iPad is so 1990.

    ReplyDelete
  11. Does the LastPass team monitor this forum? At least acknowledge the problem.
    Like others, LastPass on Safari 5.1 doesn't remember email nor password. I changed prefs to allow all cookies and started Safari using Terminal with
    ./safari --enable-databases
    and the problem persists.

    Do you have a solution or are you working on one?
    Please let us know.
    -dick

    ReplyDelete
  12. In all honesty I love the way that LP on Chrome works as is, I need the binary feature for some of the systems that I use in my work place, so would love to see that issue resolved ASAP.

    I too like to be able to see the sites list, if that could be implemented as a check box option?

    Will have a look at Safari/LP on the next build and see if I can use it ... as it stands unfortunately not.

    ReplyDelete
  13. I avoid Safari like the plague. Port it over to Chrome and fix LP tabs on iPad.

    Then we'll all the happy campers.

    ReplyDelete
  14. Just wanted to say I think the new plugin's UI is beautiful, fast, clean and a huge improvement. Thanks Lastpass.

    ReplyDelete
  15. I'm still crossing my fingers that you will add a "memorable password" option to the password generator. It's the one option I really miss from 1password. It generated things like Beethoven4'statue or running-23toend!

    It made the instances when you were forced to type the passwords in manually (like AppleTV) much easier than completely random letters and numbers....

    ReplyDelete
  16. I really hope if SIMBL update for lion comes out, you guys will update the on with binary features. For now, I'll stick with safari 5.0 and chrome.

    By the way, I think the icon and text size and nearly everything is too big in this new look. Shrink it down and it'll be absolutely fantastic!

    Thanks guys!

    ReplyDelete
  17. Takes up way too much real estate and doesn't allow one click navi to recently used: far too intrusive.

    Have taken it off Safari.

    ReplyDelete
  18. @mattf

    You might want to check out an interesting read from Steve Gibson who does the Security Now podcast on Leo Laporte's TWiT network. He makes a valid point that password length trumps entropy. A password of "D0g.............." is actually stronger than "Fx83f0@$" since the first password is much longer than the second, and thus takes exponentially longer to guess through a brute force attack than the second one.

    He dubs it password "haystacks," or password "padding." Basically, you're padding a good random password with a long, but memorable, pattern. It turns good passwords into even greater passwords.

    Lastpass users should check it out. Very interesting stuff.

    https://www.grc.com/haystack.htm

    ReplyDelete
  19. Thank you for making it work with Safari 5.1, but I pretty much HATE the new UI:

    - logging in is fine
    - having a search only interface is insane, even then if I pick recent, or do type say 3-5 characters of the site I want - the font on the results is so big and, that with the ellipsis, say for mint.com I get "Mi... (usernameasfasfas....)" which isn't much help
    - having clicked the site I wanted, I now have to click again to actually launch (and now autofill doesn't always seem to work).
    - Finally the logged in and logged out state of the icon are too similar (I guess you are following apple's lead here, but I still dislike it)

    Basically the UI upgrade has taken a simple couple of clicks with a menu to more clicks and likely several key types. Not good!

    ReplyDelete
  20. @Anonymous, thanks for the feedback. To address a few points:

    - You can right click to do the 'default action'. This is launch for non-matching sites, fill for matching sites. In our next version, you will also be able to use the keyboard to more easily navigate the menu.
    - We were trying to stick to apple's guidelines about the icon. It has been a common complaint, so we will see if there is anything else we can do.

    ReplyDelete
  21. How's the TouchPad client coming along?

    ReplyDelete
  22. I liked it before (after a period of adjustment) and I like it now. Nice job!

    ReplyDelete
  23. Very nice new look on Lion/Safari 5.1!!
    An option to either search or show all sites would be great!

    ReplyDelete
  24. where are the last pass "Preferences" for autologoff in new Safari 5.1 for Osx Lion? I cannot reset the autologoff and it's driving me crazy! Thanks for Your help.
    john

    jadis70@sympatico.ca

    ReplyDelete
  25. My pre-Lion version of Lastpass would log me in, indicate when it was working, fill in forms and generate passwords seamlessly.

    Now it requires I login every time I open Safari, gives me HTML5 and cookie errors, and ignores my login attempts

    Progress??

    ReplyDelete
  26. there are problems with hierarchy and UX issues all over this.

    your designer seems to be very amateur, favouring tricks over substance.

    that fake blisterpack announcement graphic is very telling, it was recently a featured tutorial at tutsplus.com. your designer added nothing to the aesthetic, they simply followed the instructions - http://psd.tutsplus.com/tutorials/designing-tutorials/blister-packaging/

    ReplyDelete
  27. I get a 403 forbidden error when I copy and paste the link into safari

    ReplyDelete
  28. Exactly, I get 403, you bring the extension down?

    ReplyDelete
  29. The download link here and from the main page seems to be broken.

    ReplyDelete
  30. Please fix the link

    ReplyDelete
  31. Apologies, the permissions of the file on one of our servers was incorrect.

    Please try again.

    ReplyDelete
  32. @Bob Billingslea thanks for your feedback; I'll try the right click

    Yes more keyboard navigation would be a huge help (additionally currently hitting enter after typing the password sometimes seems to close the popup but not actually log you in). Also the font for the hidden password is tiny.

    Some sort of way to list all sites without launching the vault (maybe another twisty like recent sites), and every font (except for the hidden characters mentioned above) is way too big... 12 pt would be just fine - or give me an option to change it.

    ReplyDelete
  33. Yup, the right click works, though right click to launch an action feels very wrong, maybe option click?

    ReplyDelete
  34. And finally yes again on the logged in icon - being logged in to lastpass is something too important to not be visible at a glance; apple's UI guidelines be damned!

    ReplyDelete
  35. We like the new user interface on Safari, but we are having a problem with the LastPass session not logging off unless we manually log out. We have had it persist even after restarting the computer. We have it set to log off after Safari is closed, but it does not seem to stick to that. We miss the ability to have the LastPass session automatically log out after thirty minutes after Safari have been inactive. If no one has touched it for that long, we want someone to have to log back in to use LastPass. Hopefully this can be fixed.

    ReplyDelete
  36. I really HATE the new Safari extension! The old UI would display a submenu; that you could navigate by simply hovering your mouse over 'sites', then over your 'categories' and the the site you desire.

    The new UI forces you to remember/type part of the site name, or open the entire vault to gain access to our organized sites.

    I also don't care for the 30pt font in the extension - looks cartoonish as if designed for kids, or folk that are losing their eyesight.

    Bottom line: its more difficult to get direct access to our saved sites.

    ReplyDelete
  37. Second to the auto-logoff not working - I know this was a binary feature, but it is pretty critical

    ReplyDelete
  38. I just upgraded a week ago to 10.7 and Safari 5.1. I have tried several times to install the correct LastPass install file, and I cannot find how to access the LastPass "keychain" in the browser. None of my passwords appear to be there.

    ReplyDelete
  39. I still get a 403 Permission denied error message. Please fix it, and make sure it doesn't break again :-)

    ReplyDelete
  40. Apologies, please reinstall:

    https://lastpass.com/lastpass.safariextz

    ReplyDelete
  41. Really don't like it. I moved to Firefox :)
    Dear developers, please give us the old Lastpass back as it was on safari 5...

    Thanks

    ReplyDelete
  42. Yuusharo: Might be safe to temper the Haystack enthusiasm just a little.

    It's theoretically true, but there are 2 problems.
    1. Dictionary and brute force tools will adapt
    2. People are still the weak link and will choose pointlessly simple suffixes and password roots that make it merely a bump in the road for point #1.

    It may take a brute force tool a long time to search the whole keyspace serially.

    But a dictionary attack with rules will certainly have your "D0g" example in it, and apply a suffix search against it.
    D0g.
    D0g..
    D0g... etc

    Every time there's a password breach on a website, the passwords people are using will be mined for what the most common suffixes and prefixes are, and they'll be added to the dictionary and brute force data-sets.

    We feel unique, in isolation, in our clever password munges. But looked at in aggregate we're pretty common. One man's brilliant simple password is laid useless when 20/200/2000 other people across the globe are equally brilliant. And then one of them uses the password on a site that gets hacked.

    It's pretty hard to beat pure randomness for security. And with Lastpass entering the passwords for me, what do I care how long and random the password is? The .....'s may as well be random.

    If there's a risk to LastPass, I don't think it's haystacks, but more in the area of one-time passwords.

    ReplyDelete
  43. New design is okay. But I always used the padlock icon, since it is so obvious if its locked or not, so would like that feature back. Also would like the auto logout feature when in idle for x amount of minutes.

    ReplyDelete
  44. Add bother user at Mac OS X (Lion) with Safari 5.1 and the extension does not allow a successful authentication at al even with all other extensions uninstalled. No amount of complete uninstallation of last pass and re-install has worked for me. The same results on both my iMac and my MacBook Pro. I empaled support.

    ReplyDelete
  45. Sorry for the typos above. I noticed that an outstanding issue is with basic authentications. My account is 'Premium' and I can't manage a successful login except directly online or via my Android phone which thankfully works.
    Funny typo... I emailed support but above it looks like i wanted to type impaled (as in sharp object through abdomen) ... sorry about that ... lol.

    ReplyDelete
  46. It doesn't log out anymore! Doesn't recognize sites. Doesn't grab surnames and passwords from new sites.......not good last pass.

    It also looks terrible....very amateur....you clearly did this in 2 minutes.

    How about a logged in/out button that actually looks different from one state to another????

    Come on! This is the best you can do?
    Is the company going bankrupt? because if this is the future.....i'm done with last pass.

    ReplyDelete
  47. But what about subdomain??? All my websites that i need are subdomain of the same domain. LastPass doesn't work for it. Any alternative in mind?

    ReplyDelete
  48. logout after idle for X minutes is an essential part of the preferences - most people do not routinely close the browser completely - please bring this feature back.

    ReplyDelete
  49. Please add "Basic authentication"!

    ReplyDelete
  50. I'm still shopping around, I guess. After reading all the comments it seems I'll be spending too much time R & D'ng on my own. Especially after the changes Apple IOS5 & moving to upgraded Apple devices (ie. iPhone & iPad). I know I'm using latest Safari at the moment but have no idea what, if necessary, Lion..would/could be any different.....so confusing....makes me want to pull my hair out! All I wanted was to make ONE thing easier-----ONE PASSWORD!!.....but noooo, that alone is way complicated for me...I'm too tired now-LOL;-)

    ReplyDelete
  51. israel@lastpass.com
    i didn't know they were Jewish! Hat a bad example.

    ReplyDelete
  52. Installed several times but the lastpass button does not appear in Safari. Seems to need more work before its ready for prime time.

    ReplyDelete
    Replies
    1. The team can help you track down any ongoing installation errors - reach out to us at support at lastpass.com.

      Delete
  53. I’m not that much of a internet reader to be honest but your sites really nice, keep it up!
    I'll go ahead and bookmark your site to come back later on. Many thanks

    My blog - watch films instantly

    ReplyDelete
  54. Hi, I think your blog might be having browser compatibility
    issues. When I look at your blog in Firefox, it looks fine but when opening in Internet Explorer, it has some overlapping.
    I just wanted to give you a quick heads up!
    Other then that, fantastic blog!

    My blog post; how to take 3D images with your camera

    ReplyDelete
  55. Heya i am for the first time here. I came across this board and
    I find It truly useful & it helped me out
    a lot. I hope to give something back and aid others like you helped
    me.

    Here is my website ... ukulele play along songs

    ReplyDelete
  56. Woah! I'm really enjoying the template/theme of this site. It's simple,
    yet effective. A lot of times it's tough to get that "perfect balance" between superb usability and visual appeal. I must say that you've done a excellent job with this.
    Also, the blog loads extremely fast for me on Safari.
    Outstanding Blog!

    my blog post: We Buy Houses Repaupo Nj

    ReplyDelete