Apr 11, 2012

LastPass for Android Update, Featuring New Security Options

The latest in our string of mobile updates, our release for Android features a handful of useful new settings! Included in the update is an option to logoff your account when the LastPass app has been running in the background after a time limit of your choice, as well as the ability to check your login status when launching the app.

Both features will help you better secure your LastPass account, providing you the ability to control how long your session stays active and ensure your data is secure if your phone is ever lost or stolen. We've also added an oft-requested feature: generating pronounceable passwords!

Logoff when LastPass is in the background for X minutes

You now have the ability to kill your LastPass session when the app has been running in the background for a time period of your choice. Essentially the mobile version of "logoff after idle", you can set a time limit in your Preferences menu of the LastPass app.

With the time limit enabled, your LastPass session will be terminated when you multitask away from the LastPass app and it remains in the background for that period of time. When you tap back to the LastPass app, you'll be required to login again.

Check login status when launching the app

Within your LastPass account, we offer the ability for you to view and remotely kill active LastPass sessions. Accessible via your LastPass Icon by going to your Tools menu, the "Other Sessions" page allows you to see any browsers or devices where you're still logged in to your LastPass account. You are then able to select some or all of your active session and "kill" them, forcing your session to expire. This feature ensures that if you leave LastPass logged in somewhere by accident, you can later force that session to end.

On the Android, enabling "Check Login on Activate" in your Preferences menu ensures that, when the LastPass app is launched, a check is performed to see if the session was cancelled remotely using the "kill active sessions" feature. If we identify that the request has been made, LastPass will logoff and require the email address and master password to be entered again.

Generate pronounceable passwords

Included within the advanced settings of our password generator, you can now generate pronounceable passwords.

Pronounceable passwords are randomly generated but easier for typing on a mobile keyboard or sharing.

And more!

As expected there are also a host of improvements in the overall functionality and performance of the app. Also included in our release notes are:
  • Browser fixes for sites that use local storage like twitter.com, gmail.com, and others
  • The ability to enforce mobile Enterprise policies, such as: requiring pin code prompt, disallowing master password saving on the mobile app, implementing logoff when the app is in the background for X minutes, and enabling event logging
  • Faster shared folder decryption
  • A number of general bug fixes and improvements

As a reminder, the Android app is part of our Premium offering, but can be trialed for 14 days before upgrading for $12 per year.

We've got some exciting updates on the horizon, so keep an eye out for more posts.

The LastPass Team

11 comments:

  1. What about the Dolphin Browser versio? It sure would be nice to have this functionality there too. /M

    ReplyDelete
  2. Agreed with MM. The interface on my Android 4.0 ICS (Asus Transformer Prime) Tablet is still a little clunky to use LastPass. In the fact that you have to use the LastPass Browser to get access to your passwords, rather than the default Browser (or my recently installed Chrome Browser).

    Any chance of the changing this input method on ICS?

    ReplyDelete
    Replies
    1. Unfortunately we can't currently integrate with the default browser, other than through Bookmarklets. We'll continue to look at mobile improvements where possible, thanks for the feedback.

      Delete
    2. I love the way LastPass copies usernames and passwords into the notification area on Android devices. It's even better on ICS because you can remove the notifications easily once you've used them. I prefer this to using the LastPass browser.

      Delete
  3. I'd like to see the pronounceable passwords actually use the character requirements - when I tried it, I was getting all lowercase (Nook STR rooted). I'd say that "pronounceable" in that case would simply mean keeping the characters grouped - all uppercase together (or only one uppercase), all lowercase together, all digits together, all punctuation together.

    ReplyDelete
    Replies
    1. Currently, you're correct in that when generating pronounceable passwords, we ignore most of the other fields. We'll take your suggestion into account for a future release. Thanks.

      Delete
  4. Are the pronounceable passwords as secure? Given what we know about how password hashes are broken, could not someone figure out your pronounceable algorithm to reduce their search space?

    ReplyDelete
    Replies
    1. The range of characters used is smaller so it marginally decreases the security, but it's still a high number of possible combinations, especially with longer passwords, so it's still unrealistic to crack them.

      Delete
  5. I like the remote session kill feature. Even better would be if you could use it from the Android app.

    ReplyDelete