The latest update includes:
- An automated security check that displays your score in your vault
- Easy access to the password generator in the main LastPass addon menu
- Automatic clearing of data filled by LastPass on logout
- Performing hashing in binary component to speed up login, with the recommendation to increase password iterations to 5000
Feature Spotlights
In this release, we're making password management a more active process, so you know when to make changes that will improve your online security. Good security is about being proactive and mitigating risk, and our newest features will help you accomplish both.
Automated Security Check Score
One of our best loved features, the Security Check analyzes all of your stored passwords and gives you a score from 0-100 based on the strength of your passwords, the frequency of duplicated passwords, and the use of other LastPass security features. It also makes recommendations on how to up your score and improve your overall security with LastPass.
An Accessible Password Generator
The LastPass password generator helps you create strong, unique passwords as you register for new accounts and update old passwords. We've made this feature even more accessible by including it in the main addon menu.
Automatic Clearing of Fields Filled by LastPass
A frequently-requested feature, LastPass now offers the option to have all fields filled by LastPass cleared when you're logged out of LastPass. Previously, if your LastPass session was still active in the browser and a login page was open, any stored logins would be filled in automatically, and the data that LastPass filled would stay filled regardless of whether LastPass timed out.
Password Iterations Can Be Increased Due to Increased Login Speed
This all gets a bit technical, but what's important is that we've updated LastPass to speed up the login process by performing hashing in the binary component.
Because login is now faster, we also recommend increasing your password iteration (PBKDF2) count to 5000. PBKDF2 is, essentially, a "password-strengthening algorithm" that makes it difficult for a computer to check that any one password is the correct master password during a brute-force attack. More iterations make it even more difficult for a computer to attempt to brute-force the password.
All new LastPass accounts will have a default of 5000 password iterations, while all current users can increase their count by logging in to their LastPass addon, opening their vault, select the "Settings" menu, and using the "Increase Iterations" option.
And More:
Other notable fixes in the latest update include:
- Maxthon browser support (in beta)
- Perform hashing in binary components to speed up login, with password iterations recommended to be set at 5000
- Auto-clearing of data filled by LastPass on logout
- A fix for NTLM authentication in IE
- There were also a number of updates for LastPass Enterprise, which we'll spotlight in a follow-up post.
We're Moving Right Along!
Over the last several months we've pushed out a number of releases and updates that help us continue to offer valuable features and improve the overall LastPass user experience. Here's a recap of some of the notable changes:
- Windows 8 App: We fully support Microsoft's new OS, in both desktop and "metro" mode. LastPass can be downloaded just as before in desktop mode, while our LastPass Windows app is now available in the Windows Store for use in "metro" mode.
- Windows Phone 8 App: Our Windows Phone app recently got an overhaul, with support for Windows Phone 8. We've reset everyone's trial, if you want to try out the new app!
- LastPass Sentry: We've partnered with PwnedList to offer Sentry, which performs daily searches of PwnedLists's database of leaked accounts for matches to LastPass accounts. The feature alerts users to potential risks and indicates which passwords need to be updated.
- The LastPass Team
When increasing the iterations to >5000 a warning is shown. It says, that it's not recommended use more than 5000 iterations because it might slowdown the login. You might want to increase that now too. ;-)
ReplyDeleteWe've updated it, thanks Jan!
DeleteWas this an update for all browsers? I checked Firefox and doesn't look like there is an update available...
ReplyDeleteUnfortunately AMO hasn't published the latest update yet, but if you use the download options at https://lastpass.com/download - or our direct download link https://lastpass.com/dl - you'll have the latest update.
Deletewhen will Chrome update the Lastpass Extension? Still shows up as 2.0.14.
DeleteAn automatic update from Chrome may take some time - otherwise, you can "force" an update from our download page directly, apologies for the inconvenience.
DeleteI just removed and then reinstalled the extension.
DeleteSame here... Firefox 18 under ArchLinux 2013 shows no update. Tried downloading the add-on from the LastPass site - still the same 2.0.0...
ReplyDeleteRegards.
Andrzej
Hi Andrzej: The version on LastPass.com/download should be the updated build, as should our direct download link (https://lastpass.com/dl) - if you see any further issues, please let us know (https://lastpass.com/supportticket.php), thanks!
DeleteHi Amber.
DeleteNow this is super weird.
I checked few hours ago. The link on https://lastpass.com download site was showing 2.0.0 version. I even downloaded it and installed it just to make sure it's not just a numeration typo. I had Lastpass 2.0.0 installed after that. Now I see Your reply and checked the site - 2.0.20 - it's all good. I guess it was a temporary delay in uploading the addon or something.
Regards.
Andrzej
I found the download at https://lastpass.com/misc_download.php, as already noted. It installed LastPass on all browsers.
ReplyDeleteall up and running in my google chrome :)
ReplyDeleteI can't thank you enough for supporting Windows Phone 8
ReplyDeleteWhen will Lastpass integrate in my iOS Chrome? :)
ReplyDeleteWe hope Chrome supports 3rd party addons soon :)
DeleteAny progress on allowing Yubikey on desktop and Google Authentication on mobile devices?
ReplyDeleteNo update, but dev is aware of the request, thanks!
DeleteI increased my password iterations to 5000 as recommmended, and now all my logins and passwords are blank or with weird characters!
ReplyDeleteTry logging out and back in, all data should then decrypt properly. If you see ongoing errors, please open a report with the team: https://lastpass.com/supportticket.php
DeleteLogging out did not work. Even at lastpass.com my passwords are blank. Even the names and urls are blanks!
DeleteSomething very wrong happened when I asked to change the iterations.
I do not recommend anybody to do that until you are absolute sure this issue is resolved.
I have opened a ticket. I hope you guys have a backup of my data.
Have the same problem.
DeleteAll my data is blank...
Logout/login not helped :(
P.S. I use Chrome 24.0.1312.57 m
DeleteThe same problem... :(
DeleteSame problem here, contacted support via ticket
DeleteFor anyone seeing this behavior, please contact support via a ticket (https://lastpass.com/supportticket.php) we are working to resolve the error that has affected a small portion of users. Thank you for your help and patience.
DeleteJust FYI, I opened a ticket with support but not much help there. I decided to follow the process at https://lastpass.com/revert.php to restore my account from a backup and that got me back to the way I was before changing the password iterations to 5000 (after the restore completed my account is working fine again but my password iterations are back to my original value of 500).
DeleteHow did you change the iterations? When I had this problem, I tried changing from my Chrome plugin Vault, ie click the plugin -> My LastPass Vault. After support reverted the change, I again updated the iterations to 5000 from the LastPass website Vault. This time it worked properly and here I sit. I suspect a problem with the plugin specifically caused the error.
Delete"How did you change the iterations? When I had this problem, I tried changing from my Chrome plugin Vault, ie click the plugin -> My LastPass Vault. After support reverted the change, I again updated the iterations to 5000 from the LastPass website Vault. This time it worked properly and here I sit. I suspect a problem with the plugin specifically caused the error."
DeleteThis is true! I updated the iterations through the website Vault and had no issue. The bug is in the plugin.
I am using Firefox 18.0.2.
Has this issue been resolved? I've avoid adjusting my password iterations after seeing so many people have issues.
DeleteBrent: To the best of our knowledge the issues have been resolved, if you make changes with any issues we of course will look into it ASAP - https://lastpass.com/supportticket.php
DeleteI just checked: LastPass version on my PC is 2.0.17. I check for updates… the message is: “No updates available”. I’ve always had this problem: Faulty update checking in LastPass.
ReplyDeleteAnother problem: I use LastPass in three browsers. At one point, I succeeded to have LastPass login automatically at the beginning of every browser session (because I trust security on my PC). That setting is not reliable, however. Sometimes, LastPass logs off automatically after I close the browser.
Ion Saliu
I just updated successfully by downloading the full installer. I am confident LastPass will make ‘updating automatically’ function properly at all times.
DeleteAlso, it appears that the login is automatic, unless:
1) I disable it;
2) I clean up my PC with some utilities that remove cookies.
Ion Saliu
SALIU.COM
Thanks Ion, we're glad to hear you were able to update with our full installer - automatic updates may be delayed for a bit. Yes, LastPass will autologin on browser startup unless you use the autologoff settings or if you have the browser set to clear browsing data / don't allow 3rd party cookies from LastPass.com.
DeleteCorrection: Automatic login does NOT work in Firefox; it has never worked (up to current version 18.0.2). I have to login to LastPass every time I start Firefox. I don’t use FF much, anyway (it loads very slowly my 3 home pages: MSN, iGoogle and MyYahoo — all 3 are graphics-intensive).
ReplyDeleteMore correcting: After I closed Firefox, I opened Internet Explorer (v9). LastPass did not login automatically.
Only Google Chrome abides by the setting ‘login automatically’.
I like the convenience, instead of typing my (complicated) LastPass master password!
I have the following installations:
LastPass Chrome Toolbar
Version: 2.0.21
Built: 2013-02-07 15:58:17
Binary Component: true (NPAPI)
LastPass Firefox Toolbar
Version: 2.0.20
Built: 2013-02-07 15:51:24
Fast Encryption: true (ctypes)
Internet Explorer 9 (32-bit under 64-bit Windows 7):
Plugin Version: 2.0.20
Plugin Built: 2013-02-07 21:19:21
Toolbar Built: 2013-02-07 21:19:21
Build Type PRODUCTION-BUILD
Please check your session ID: https://lastpass.com/debug.php between browser restarts in Firefox. If any errors persist, our support team: https://lastpass.com/supportticket.php would be happy to take a look.
DeleteThanks, Amber, for your prompt response.
DeleteI do not understand, however, why the whole process has to be that complicated. I do NOT recommend to anyone tampering with the LastPass debugger at the command prompt in Windows. Besides, iexplorer.exe is deeply buried to run it as the administrator!
LastPass will fix this issue, I’m sure (but not today!)
It is a lot more convenient to log in automatically, instead of typing a long, complicated master password any time I start a browser. It did work all right in IE9 up until 2012. Some products other than LastPass don’t work correctly in IE9 anymore. I’m happy that Chrome works correctly, though. It’s the browser I use most because it is fast and less error-prone that Firefox or IE9.
By the way –
DeleteFrom LastPass debug page for Firefox:
“Options > Options > Privacy tab, and for 3rd party cookies click "exceptions" and set an "always" exception for lastpass.com”
There is NO “3rd party cookies” on the Privacy tab, or anywhere else in Firefox Options.
I only found something regarding the installation of add-ons on the Security tab. In Exceptions, I added LastPass to allow installation of add-ons…
Right now, it appears that ‘automatic login’ works in all three browsers. I have the same session ID in the same browser (but different from browser to browser). I wonder what will happen tomorrow, or today AFTER I turn my PC off, then turn it on… There was this consistency problem with the ‘automatic login’.
DeleteJust an fyi it's standard protocol for windows to login as standard user and not administrator. Also command prompt does not run in administrator command prompt mode by default, especially even in windows 8 where you can see the obvious difference with one saying Administrator: Command Prompt and the other saying Command Prompt. Also, by default, windows is set to request permission for escalated admin privilege. So just to mention, it's easy to change these features as administrator but you need to know how to do it or else these are defaults. Also anyone capable of knowing how to run Administator command prompt should be aware of what it does and how it works since it's not default to run in admin mode for that in the first place nor admin to begin with even if you are the only and first person to install windows. So... I recommend none of that to my clientele because I don't need to since they call me in the first place obviously wouldnt know how to format their hard drive by accident
DeleteCan someone explain to me the security implications of the the "Security Check" being permanent and automatic? I've only run it a few times manually, but every time I did run it, it always came up with this big warning, asking me if I'm OK with my passwords being scanned as plain-text to judge just how good they are.
ReplyDeleteIf that's still the case, how the heck can I disable this automatic checker? That would mean it would ALWAYS scan my passwords as plain text and that completely defeats the purpose of using such a secured password manager.
I have this same question.
DeleteFor both the online security challenge and this automatic test, all of the decryption continues to occur locally (with a key we do not know). Your usernames and passwords never leave your computer in either case.
DeleteFor the online security challenge, we allow you to send hashes of usernames to pwnlist (not the actual usernames, just hashes) to see if they have been previously compromised. That remains opt-in and does not occur for this automatic test.
So in both cases, your private data remains local and safe. The intent is to increase internet security by making users aware of bad practices.
I love your service! I hope all my DATA will be secure in the future :)
ReplyDeleteThank you so much for Maxthon support
ReplyDeleteAfter the update the fingerprint reader login doesn't work anymore.
ReplyDeleteHave you tried disabling and re-enabling the fingerprint authentication with any further trouble? If so, please submit a report directly to the team: https://lastpass.com/supportticket.php so we can investigate further with you.
DeleteI can't seem to get Lastpass to work with IE 10 on Windows 8. I don't see the Lastpass toolbar, and when I go to enable it, a notice pops up that says, "do you want to disable this add-on" which is NOT what I'm trying to do.
ReplyDeletePlease try re-running the installer: https://lastpass.com/installer - please report any ongoing issues directly to the team: https://lastpass.com/supportticket.php so we can troubleshoot with you.
DeleteAnother thing you should add to your update post is that for Chrome, after the plugin updates, the security check will not give you a percentage until after you restart Chrome.
ReplyDeleteI'm a brand-new user, just downloaded last night. I run iOS on a Mac, Chrome is my browser. After installation, I can't get LastPass to work right. I can log in, but I can't generate new passords; all I get is a box that gives me the option to generate, copy and close. I can't save the new password. Also, when I'm in my vault, I can't change passwords within there. Tried it with Firefox, same issues. Seems to work with Safari. Please help! I would like to use LastPass, but I'm thinking it may not be a good fit for a Mac user.
ReplyDeleteWe're sorry to hear of the trouble, this is best addressed by the support team, if you haven't already please submit a report there: https://lastpass.com/supportticket.php so we can work with you directly - thanks!
DeleteCan you package sesame and pocket in a .deb and .rpm package? I believe this is the final step so I can use LastPass.
ReplyDeleteI don't agree with the change to the drop-down menu when choosing what profile to autofill with.
ReplyDeleteThis is the same type of change Microsoft made to the Windows 7 taskbar right click menu. It used to be right next to the button, now it's encased in a border and smaller, making it MUCH more difficult to quickly click on an entry.
Is there a way to revert this change? If not, then I may be forced to rollback, as this severely affects my ability to easily and quickly select an account to login with. (This is also part of the reason why I use Vista instead of 7)
Still waiting on a response if this is possible.
DeleteSuppose I can be glad it auto-fills by itself now.. usually. Still fairly terrible on sites where I have a handful of accounts.
Unfortunately there is no way to revert this change at this time - we do apologize for the inconvenience, and hope you otherwise continue to find LastPass to be helpful.
DeleteDownloaded the Safari Extension, double-clicked it to install, then restarted Safari; it continues to show version is 2.0.1.
ReplyDeleteWhen are you going to add auto-updating? Or at least auto-notification of updates? As it stands, if you don;t follow your blogs, you will never know when an update is available.
ReplyDeleteIn my case, Firefox, the browser is regularly checking for new versions of my addons.
Delete