Dec 1, 2011

Your LastPass account is safe on Carrier IQ enabled mobile devices

When we read what Trevor Eckard found regarding logging being done by an application installed by default on a number of HTC and Samsung based Android phones, we were concerned about just how far this Carrier IQ keyboard logging went.

We had to know if any of our users were at risk, so we could alert them to any danger. We replicated Trevor's findings, which he explained in his post on AndroidSecurityTest.com (the site seems to be intermittently down):  http://androidsecuritytest.com/features/logs-and-services/loggers/carrieriq/

He also posted a YouTube video, now making it's way through the media, showing his tests:



We saw the same log entries Trevor saw when dialing phone numbers, and receiving SMS, so that is confirmed.

We did not see any log entires when using the general keyboard though, including when typing into our LastPass for Android app and our LastPass for Dolphin HD app.   The LastPass pin code entry does not utilize the phone keyboard so that is safe as well.

This is very good news as your LastPass account - and most importantly, your master password - is safe on your Android phone even if Carrier IQ installed.

Please note that utilizing a multi-factor authentication device like Google Authenticator with your LastPass account would protect you even if an application was logging keyboard events, so it's highly recommended.

We'll continue to monitor the situation and assess potential risks to LastPass users.

The LastPass Team

Nov 28, 2011

Three Great New Features Added to Windows Phone 7 App

Our recent Windows Phone 7 update includes three new features to help round out your LastPass mobile experience. We've added support for pin-code prompt on reactivation, grouping of sites in the vault, and fast-app switching. Here are the specifics:

Pin Code Prompt

You can enable the pin code prompt in your app settings so that when multitasking back to the LastPass app, you're prompted to enter your 4-digit code. This provides an extra layer of security that's more manageable on your Windows Phone 7, since you won't have to re-enter your master password each time you reopen the app.

To enable the pin code prompt, login to the LastPass app to view your LastPass vault. Tap the ellipses (three dots) at the bottom of the screen to expand the menu options. Tap the "set pin code" option, and enter a 4-digit pin code. The next time you multitask away from and back to the LastPass app, you'll enter this pin code to regain access.

Grouping of Sites in the Vault

Previously, the Windows Phone 7 app displayed all of your stored data as a list in alphabetical order. With the latest update, your sites will now be organized by groups, the same way they are organized in the vault via your desktop browser addon.

Grouping allows you to better organize your data and more quickly sort through your sites for the logins you need.

Fast App Switching

Support for Fast App Switching allows you to easily switch between LastPass and other apps, helping to improve your workflow. To use Fast App Switching, hold down the back button and you will see all apps that are currently running. You can tap another app's icon to quickly switch to that app.

Plus more!

We made several improvements and bug fixes. For example, if you've enabled Google Authentication and are using it to login to the LastPass mobile app, we've improved support for switching apps when entering the Google Auth login code. We're working hard to bring more updates and improvements to our mobile apps and browser addons - stay tuned!

The LastPass Team