May 10, 2013

What Do You Want to Know?


Hey LastPass-ers - we want to hear from you!

We're looking to build more of a conversational series of blog posts, especially for Fridays, where we post answers to your questions, spotlight helpful tips, conduct polls, and more.

So to kick off the series, what would you like to know more about from LastPass?

To prompt some potential topics:
  • What LastPass features would you like to know more about?
  • Which technical concepts would you appreciate more information on?
  • What's going on in the news or the tech community that you're curious about?
  • If you had the chance to chat with a LastPass team member, what would you ask them?
Post questions in the comments or send them our way via Facebook, Twitter, or Google+. For questions that we end up choosing, you have a chance to snag a LastPass T-shirt!

121 comments:

  1. admin username and password to all servers and databases please :)

    ReplyDelete
  2. When you are going to make an api!

    ReplyDelete
    Replies
    1. We don't currently have plans to make a public API but we appreciate the feedback.

      Delete
  3. do you have plans on combining last pass and xmarks into one piece of software?

    ReplyDelete
    Replies
    1. It's something we're still looking at but unfortunately do not have an ETA on when this may happen.

      Delete
  4. Only really what lastpass is doing to keep our data as safe as possible!

    ReplyDelete
  5. if lastpass wouldnt exist what would you use?

    ReplyDelete
    Replies
    1. any other alternative password manager

      Delete
  6. I find the "secure notes" incredibly irritating. If I've got credit card info there, for example, I want to be able to select it and paste it into the appropriate fields in a web form - instead I have to open it in a separate window and copy/paste the information. Perhaps I'm missing something?

    ReplyDelete
    Replies
    1. Yup, you're missing something. Data you want to be able to paste should go into form fill profiles. There are built in fields for credit cards, for instance. I'd recommend setting this up to require you to re-enter your password.

      Delete
    2. Thanks -- the problem seems to be that I imported a bunch from another password program (windows - safewallet) and they didn't get into the form fill profiles. I guess I'll have to hand retype every one -- that's about 50 entries :-(
      Appreciate the advice!

      Delete
    3. Got any easy way to convert a secure note into a form fill?

      Delete
    4. As mentioned previously, form fill profiles are the best way to accomplish this - secure notes are "static" while form fill profiles are "dynamic" and can be used to fill in data as you browse. Unfortunately there's no way to convert a secure note into a form fill profile.

      Delete
  7. If I have to visit the vault, it would be nice to have the click to copy feature there as well otherwise I have to reveal my password for a second in order to copy and paste it.

    Will this feature be coming?

    ReplyDelete
    Replies
    1. Thanks for the question, Alex. In the vault you can right-click on an entry and use the "copy username" or "copy password" options - we'll consider spotlighting these options.

      Delete
  8. How can you keep lastpass free? How do you make your money? Because $12 a year (which I do pay to support you) doesn't seem like a lot.

    ReplyDelete
    Replies
    1. This. I am curious how profitable you guys are with such a low price point. Don't get me wrong, I looooove the fact that it's only $1 a month :)

      Delete
    2. wait for it, it will come :)

      Delete
    3. ...waiting...haha. I am paying the small $1 a month as well, so glad to do so. Love the program so much.

      Delete
  9. 1) Does the LastPass team have any ideas or plans for an update UI? The extension menu is okay, but it is inconsistent across browsers/OS and sometimes acts flakey.

    2) Does the LastPass team have any ideas or plans for something similar to Google's “Open Sesame” QR Log-in Feature (google it)? I really wanted something like that -- being to log into an account by opening an app on my phone and the screen displaying a symbol for authentication.

    ReplyDelete
    Replies
    1. Thanks for the feedback and suggestions. We are looking at improvements to the UI/UX, although don't have an ETA on when changes will be rolled out. We don't currently have plans for something along the lines of Google's Open Sesame but I've passed it to the dev team for their consideration.

      Delete
  10. Do you have a list of sites that don't work with Lastpass or have glitches? And are there any plans to fix them? For example with chase.com not on mobile you have to refresh a few times cause auto logging in brings you to a blank page.

    ReplyDelete
    Replies
    1. Thanks for the feedback, we do have an internal system for tracking these. There are known issues with Chase.com, we recommend not using autologin - instead, from your vault, you can right-click and select "Go To URL". We do continue to look at improvements on difficult logins. These tips can also be helpful: http://blog.lastpass.com/2013/04/master-those-complicated-logins-with.html

      Delete
  11. Dear Folks,
    I want to know why lastpass on an ipad can't work like lastpass on a PC. I am totally spoiled. I am so used to just clicking lastpass for my username and password info, or not even doing that, just having lastpass automatically do it for me, that using my ipad and being required to manually cut and paste it from another app is just a drag. I have some programming experience, so I know there are some things where "you just can't get there from here", but is this really the best we can do? Lastpass has been fussing at me about insecure passwords lately. Using the ipad a lot makes we want to go back to one name and password for almost everything, because there is no automated way to put that stuff in, and a different one for each is just a huge hassle. That's my $0.02, I love your app on the PC, it has greatly simplified my life.

    ReplyDelete
    Replies
    1. iPad apps can't really interact with each other like that. They're very securely walled off from each other which is why lastpass has an built in browser. I know they can do things like open a link from the gmail app in the chrome app but I think only simple interactions like that are allowed.

      I have no experience developing for mac/ios but that would be my guess. =/

      Delete
    2. Unfortunately, as Alex mentioned, we're restricted by the platform itself so aren't able to integrate as well with other apps and browsers as we do on the PC browsers. Perhaps we can look at improving the copy-paste functions to make it easier to get to - thanks for the feedback.

      Delete
  12. Dallas: Use Fill Forms -> Add Credit Card. Then personally I select "Require Password Reprompt" on it for extra protection.

    ReplyDelete
  13. What was the toughest lesson that the LastPass team has learned while developing the service?

    ReplyDelete
    Replies
    1. Interesting question, Jesse, perhaps our CEO, Joe, will share some thoughts.

      Delete
  14. I would love to see more development of last pass to log in to apps on the mobile version. Also the mobile app should default so it closes periodically and is not open for days. It took me a long time to figure out how to reset set it for a password prompt.

    ReplyDelete
    Replies
    1. Thanks for the feedback, Mary. If you're using Android, we have two options, the input method: https://helpdesk.lastpass.com/upgrading-to-premium/lastpass-for-android/lastpass-input-method/ and copy notifications: https://helpdesk.lastpass.com/upgrading-to-premium/lastpass-for-android/#Using+LastPass+to+Login+to+Apps+on+Android to help with filling apps. Unfortunately iOS is more restrictive. Perhaps we'll spotlight the mobile workflow and how best to use the apps in one of our posts!

      Delete
  15. When LastPass introduced free credit monitoring, my first thought was that LastPass has jumped the shark. "What on earth does credit monitoring have to do with password management?" would be my question. Even to this day, I still don't see why you'd branch out to that unless there was some kind of sweet payday in it for you.

    ReplyDelete
    Replies
    1. This is a great suggestion, Michael, thanks for the comment. A short answer is that identity theft ties in with online account management, and is one more way we can provide value for our users in protecting their sensitive data. We'll consider expanding on this in a post.

      Delete
  16. How come Lastpass does not implement a Livechat feature when asking questions?

    ReplyDelete
    Replies
    1. Thanks for the suggestion, we'll consider this as we continue to evolve and improve our customer service.

      Delete
  17. @Michael Paul: According to Lastpass Helpdesk:

    "LastPass now offers free credit monitoring alerts for all users in the United States. The service provides real-time protection, notifying users who enable the feature via pop-ups and email alerts if their credit report suddenly changes. These alerts allow users to proactively monitor their credit report and provides an early warning system for signs of identity theft."

    As an ID theft sensor, this is as logical as monitoring lists of leaked accounts - nothing explicitly password-related, but quite a good indicator of problems.

    ReplyDelete
  18. Really annoying RSS feed, I will unsubscribe. Your feed have NO news, some sucked from finger info. And you want to ask us to write more garbage for this feed? NO! I need news from LastPass, not just bla-bla-bla!

    ReplyDelete
    Replies
    1. We're sorry to hear that, we'd welcome thoughts on the types of news you would like to see, you can also send ideas to the team directly: https://lastpass.com/supportticket.php

      Delete
  19. Are you working on better streamlining the UI in Chrome, like it is on Firefox ?

    Will we be able to create custom fields for Secure Notes ?

    ReplyDelete
    Replies
    1. Thanks for the feedback, UI is a priority moving forward although there are currently no ETAs on updates. We may add custom fields for secure notes in the future.

      Delete
  20. What do you see as the future of mobile, since android, iOS, win8, and winphone8 all don't allow add-ons or plugins? Will users ever have smooth lastpass integration in the mobile space comparable to the desktop?

    (Please don't suggest a lastpass-developed browser container as a realistic alternative to Safari or Chrome.)

    ReplyDelete
    Replies
    1. Interesting question, we'll look at discussing the mobile workflow and possible changes.

      Delete
  21. I'd like articles on workflow: managing hundreds of passwords, tweaking password entries, the art of form fields, that kind of thing.

    ReplyDelete
    Replies
    1. Nice! Me, too.

      Delete
    2. Thanks for the great suggestion, David!

      Delete
    3. Hey David - we're spotlighting this post this week. If you want to claim your LastPass Tshirt, send us an email at marketing[at]lastpass.com. Thanks!

      Delete
  22. I would like a way of sorting individual sites or Safenotes into folders as a group, rather than having to do it one at a time. For example, having check boxes to allow you to select a set of items and apply an action to them or being able to select and drag multiple items. I know that you can always use Search to find Safenotes, but I like to sort things into folders for neatness.

    Another cool feature would be a way of sharing particular folders with others, rather than individual sites / notes.

    ReplyDelete
    Replies
    1. Thanks for the feedback, you can right-click+shift to select multiple site entries at once and then perform an action for all of them. Sharing of folders is available in our Enterprise set-up - we'll consider further improvements of the end user product.

      Delete
  23. 1. I'd like to see a feature that automatically times-out a tab opened to look at my vault or a particular url edit page so that if I walk away from my computer and forget to close the tab, my data isn't just sitting there for others to see.

    2. I'd also like better integration with my iPhone apps or a more elegant workaround than what currently exists -- especially when I need to copy both my username and password from the LastPass app to another.

    ReplyDelete
    Replies
    1. Thanks for the feedback, we'll continue to look at improvements where possible.

      Delete
  24. There are some sites that "refresh" part of the page after a given option is selected or focus chances (i.e. tabing away) (outlook web access and Salliemae.com come to mind immediately). I have the the data autofilled from a saved site, but this autofilling doesn't trigger the webpage the same way as hand entering the data and tabing away, so I often have to click on the field and tab away, or reselect check boxes so the website knows I selected it. Any way to fix this?

    ReplyDelete
    Replies
    1. It'd be best for the team to test this, please submit details to https://lastpass.com/supportticket.php if you'd like to take a closer look.

      Delete
  25. Why does my custom field Job Title not override Title? Title is a useless field for most of the forms I fill out - My Job description is Mr.?????

    ReplyDelete
    Replies
    1. Form fill relies on the way that certain fields are coded on a page. We can look at better handling certain fields if you'd like to pass any specific reports to the team: https://lastpass.com/supportticket.php

      Delete
  26. I'd like to know when you're going to acknowledge and fix this usability bug please:

    https://forums.lastpass.com/viewtopic.php?f=13&t=80546

    ReplyDelete
    Replies
    1. Thanks, I've passed it along to the team.

      Delete
  27. I would like to see a password generator on the web tool. I can not install the browser plug ins at work would would like access to this feature.

    ReplyDelete
  28. Have you considered offering a service similar to "Simplenote" for notes saved in our lastpass vault, complete with a public API or OSX/windows/linux/mobile apps to hold notes? I would love to replace Simplenote with a secure solution.

    ReplyDelete
    Replies
    1. It's not something we've considered previously, but thanks for the suggestion.

      Delete
  29. When will you offer a reseller program for those of us that own businesses and want to resell your products?

    ReplyDelete
    Replies
    1. It's something we're considering, thanks for the request.

      Delete
  30. This comment has been removed by the author.

    ReplyDelete
  31. Hi,

    While classic sites use "2-step authentication", what is LastPass wating for ?

    Thank you.

    ReplyDelete
    Replies
    1. Umm... waiting for you to enable it on your account? http://blog.lastpass.com/2013/05/multifactor-authentication-what-it-is.html

      Delete
  32. Password generator in LastPass is good but I have been reading recently that it is better to use pass phrases instead of complex passwords (see nice illustration http://xkcd.com/936/). What is your take on this?

    ReplyDelete
    Replies
    1. I am curious about the same topic

      Delete
    2. Great topic, we do encourage passphrases but we'll look at potentially fleshing this out in a post.

      Delete
  33. 1. I suspect you only store encrypted data so mining it might be difficult, but I'd love to see some stats pulled using your giant database. i.e., "Popular sites with the worst password policies", or, "Banking websites that promote good password hygiene".

    2. It seems that the hardest part of good password security is getting people to care. LastPass does a lot to lower the friction of good password practices, but I don't think it's enough. What else is LastPass working on to promote better security? What should webmasters be doing?

    ReplyDelete
    Replies
    1. Thanks for the great questions, we'll consider these for our posts.

      Delete
  34. Would appreciate some useful explanation and clarification of SSL, especially how secure is it. How secure is SSL on company networks ie can someone (like a domain aadminustrator) on a company network sniff passwords and usernames when I am using LastPass?

    ReplyDelete
    Replies
    1. Thanks for the request, we'll consider diving into this topic.

      Delete
  35. Is there any chance for LastPass to implement a Secure Desktop for their password manager to prevent the possible use of keyloggers or other malicious spyware?

    I know it's being discussed for Firefox's native password manager to always enable a Secure Desktop in Windows (the same thing that UAC uses) to make sure of its integrity and security as a password manager so I'm curious if LastPass has anything in mind for implementing that for its browser plug-in or if nothing else - its desktop application.

    Thank you for any possible response and thank you for your continued support in what is easily my favorite password manager. Keep up the good work!

    ReplyDelete
    Replies
    1. We don't currently have plans to implement something along those lines, but we may give it more thought in the future.

      Delete
  36. A list of websites that LastPass will and/or will not work on. I find that LastPass works most of the time on most websites, however, there are a few that it just will NOT work on and I would love to know that from a fellow LastPass user. Perhaps that website's administrator would change their process so LastPass would work.

    Also, I would love it if there was a place for people to put ideas about the product or features that could be developed and then voted on, kinda like AppThemes Idea Exchage (http://ideas.appthemes.com/).

    (sorry for such a long response but these are some good ideas, I think)

    Another thing I would love to read is a daily or weekly blog/article/e-mail that talks about security on the internet. For example, the latest BIG WordPress attack and how it could have been prevented, tips & tricks of keeping your system safe, (just general and educational news).

    And finally, I promise this is it, something to allow us, the customers and the general public to start a conversation. Something like SoulPancake's Conversation (http://soulpancake.com/conversations).

    Thanks.

    ReplyDelete
    Replies
    1. Thanks for the feedback, Ben. We do have an internal list of sites LastPass has trouble with, as we look at improvements. We have considered a place for users to vote on new features, we were previously using the forums to gather feedback. Great suggestions for article types, we'll consider these!

      Delete
  37. Once I've saved a new site with a LastPass-generated password, is it OK for me to delete the "Generated Password for..." entry?

    ReplyDelete
    Replies
    1. From my experience, I'd say yes. However, you have to be sure that the newly-generated password is displayed in the original entry for the site.

      Delete
    2. As mentioned above, as long as the new password is stored in the original entry for that login, then yes, it can be deleted. You can undelete an entry up until 30 days later, if needed.

      Delete
  38. One of the nastiest features of LastPass I have noted is that it tries to automatically log in to sites just after logging out. This can be turned off by going to Preferences -> Advanced - but whenever there is a browser update or changes to some of the browser settings, LastPass again goes to the default. I think by default the setting for automatically logging in to sites should be disabled.

    ReplyDelete
    Replies
    1. Thanks for the feedback, will pass this to the dev team.

      Delete
  39. For sites that have security questions, would like to be able to R-Click to see the question and copy the answer so I can paste into the browser.

    ReplyDelete
    Replies
    1. There are some technical hurdles here, but it's a good feature for us to explore further, thanks for the suggestion.

      Delete
  40. Like to see you enhance the 'auto-fill' feature of LastPass. I love this feature as it is though! Maybe work on making it a more intelligent system by querying the user for input regarding new fields that appear in forms.

    ReplyDelete
  41. I would like to know more about identities and form fill profiles (FFP). Why is it that I only see some FFP when I view all identities? Shouldn't each FFP be bound to a specific identity?

    ReplyDelete
    Replies
    1. Also, how do I move FFP between identities?

      Delete
    2. This is a bug that i reported ages ago whereby all FFPs are visible in all identities. Not fixed yet

      Delete
    3. This is a bug that i reported ages ago whereby all FFPs are visible in all identities. Not fixed yet

      Delete
  42. From the security challenge "Multifactor authentication score":

    "One point is deducted if you permit offline storage of your vault, another point is deducted if you allow mobile devices to access your vault, and a final point is deducted if you have any trusted devices that allow bypassing of multifactor authentication."

    Where do I find these settings so that I may disable them? If a computer/security geek like me is confused by much of LastPass' functionality, how do you expect the average Joe to ever use it?

    ReplyDelete
    Replies
    1. Thanks for the feedback. To address your questions, offline access can be toggled in your LastPass Icon > My LastPass Vault > Settings > click the multifactor authentication option that you're using. In the same Settings dialog you'll find the "trusted devices" tab that you can toggle whether certain devices can bypass multifactor.

      Delete
  43. Why do some browsers let you right-click and copy a password, where others you can't?

    At a higher level, some general info about your datacenter setup, growth plans, etc. would be of interest

    ReplyDelete
  44. Functionally Lastpass is excellent however GUI of mobile apps / extensions (windows) are not so good, why?

    ReplyDelete
    Replies
    1. Thanks for the feedback, this is a priority of ours moving forward.

      Delete
  45. I would very much like to know about the security behind the LastPASS Android app. Especially what are the security implications of choosing the app to store your master password (protected by a PIN) for easy login, and for allowing offline access.

    ReplyDelete
  46. What are your plans for the LastPass Android app? I love having access to my LastPass database on the go, but it looks ugly and functionality of the app is clunky. I would love to see an updated Holo theme and a revamp to the functionality.

    ReplyDelete
    Replies
    1. Thanks Chris, use of the Holo theme is on our radar.

      Delete
    2. I'd love to see a LastPass Android keyboard that doesn't want to take over as my default keyboard. At the moment, I use Tiny Password ( https://play.google.com/store/apps/details?id=com.tinycouch.android.password ), importing my LastPass data via CSV export and Dropbox periodically - It encrypts my password data, has a pattern lock required for each use, you get to it via the standard Android 'choose input method' keyboard switcher, so it works anywhere, and it switches back to my default keyboard after it closes.

      It's pretty much exactly what I want out of a password manager, if a little simple. The only downside of not being able to automatically sync with LastPass - I'd happily pay for mobile access to LastPass if you guys come come up with something similarly simple but unintrusive.

      Delete
    3. Thanks for the feedback, Richard, I've passed this to the dev team for their consideration.

      Delete
  47. Even though 'generate' passwords is very, very good and safe, but it has its limitations. LastPass does not work every where, every time. So, I think, most of you have common passwords which you can use quickly specially on smart phones and tabs/pads etc.
    What last pass should do for such common passwords is encrypt them or something more safer so that LP Users stay safe and common passwords stay safe.
    I hope i've been able to get across!!

    ReplyDelete
    Replies
    1. While this would be convenient, what ultimately matters is the password you're using to authenticate on the site itself, because that site may be vulnerable to a hack and your "easy" password would then be compromised. And if you've used that easy password elsewhere, it puts you at risk. Generating passwords is the best option. If you're running into cases where it's not working with LastPass, we'd appreciate feedback: https://lastpass.com/supportticket.php

      Delete
  48. Is the Lastpass wallet ever coming to Android? I assume not as it has been over a year.

    ReplyDelete
    Replies
    1. We don't have an ETA, unfortunately.

      Delete
  49. I would like to understand why Lastpass works better on my home computer running Internet Explorer on some sites, but other sites it works better on my work computer, running Chrome. For example, just recently on my bank's website, AutoFill only puts in my login info, not my wife's, on my Chrome computer. But on the Internet Explorer, it correctly puts the one I choose. But regardless, I really like Lastpass, mentioned it in my book, and it will be mentioned in an upcoming article I wrote to be published in July.

    ReplyDelete
    Replies
    1. We're sorry to hear of the trouble, Samir, the team would be happy to help you investigate: https://lastpass.com/supportticket.php

      Delete
  50. I submitted this on the Google+ feed, but had not seen a response when others were responded to so I thought I would repost it here:

    +LastPass I would like to know if you have plans to develop the android Firefox plug in to have more full functionality similar to the dolphin browser. That is the only thing that prevents me from using Firefox on android.

    ReplyDelete
    Replies
    1. Thanks for reaching out, we do offer an addon for Firefox mobile: https://helpdesk.lastpass.com/upgrading-to-premium/lastpass-for-android/firefox-mobile/ although it's more limited in functionality than the Dolphin addon. We'll continue to look at improvements where possible.

      Delete
  51. Often when I log into LastPass I immediately launch a number of web sites - if one of those has "Require Password Reprompt" set I have to re-type my master password even though I typed it mere seconds earlier.

    It would be awesome if LastPass could either:

    (a) Have the "Do not reprompt for (x hours)" option appear on the initial login screen.

    (b) Somehow detect that I typed my master password only a few seconds earlier and not bother me to re-type it (a very small window eg 10 seconds would be sufficient).

    Thanks!

    ReplyDelete
  52. A specific way of storing IT log on's and application passwords. Not every password is for a web site!

    ReplyDelete
  53. When adding a site, Last Pass often grabs the full URL which is then useless. Could this be truncated so it's just the domain value (i.e. google.com instead of google.com/login?8329083nsd) by default? Issue is that the full value is often wrong and won't work with your autologin feature, but if you know to truncate the entry to just the domain the LastPass autologin always works.

    ReplyDelete
  54. What's the optimum length for a secure password? I know some sites limit the length, but for those who don't, how long is best when using the LastPass secure password generator?

    ReplyDelete
  55. A couple suggestions for the "LastPass Security Challenge!"

    1) Allow me to delete some of them from here, or pull up the exact same view in the vault (either is fine. A checkbox for deletion would Be A Real Good Thing, which can then xfer info back into the vault, if better from a security point of view)

    Why: I have 58 on this list almost all of which qualify as garbage. I have no idea where they came from (though i can often guess which site they are *supposed* to connect to), but they are not valid entries. I can probably do this via the "vault", but the password being zero and "all these have the same password" is a useful context to spot the bad sites.

    2) Allow one to mark sites as "low security" so they don't factor into the "duplicate" rating. You have to log into almost ANYTHING to post a comment. I have a small number of pswds I use for these. I really don't CARE about security here. I am not overly worried somehow with the idea of someone somehow, magically, getting the pswd from my one-time comment post on "JrandomBlog" and connecting that (again, magically) to my three-time comment postings on "Heretherebeblog". Why would I care? Someone posting up "fake" comments "from me"? Why would I care, there's a huge chance I'll never ever visit either of those blogs ever again.

    Why: about 270 of these irrelevancies or close-thereofs.

    3) Allow me to identify some sites as "medium security" if they are the same site, with different logins. the obvious example of this is about four "spam" e-mail accounts associated with yahoo. i use them whenever i am forced to enter an e-mail address to register and gain full use of a site, but they aren't used in any "official" manner and i could live if someone hacked them. So the fact that all four share the same pswd is of no significance. I don't use the "low security pswd", but hacking one and somehow connecting it to the others is both not a big likelihood and next to no major significance. they aren't "me".

    Why: probably about 5-15 of these accounts sharing 2-3 pswds.

    4) Allow me to make items in the group for changing next time i access -- and when i do, have last pass pop up a reminder for me to change the pswd until i actually do it or tell it to "go away."

    Why: it would make the securitization process more flexible to match my own time-usage of the sites.

    With these changes, i could get a real idea of my security state in terms of what *I* consider needing protection, as well as implementing that protection.

    ReplyDelete
    Replies
    1. Thanks for the great suggestions. We're in the midst of improving the security challenge, so we'll take these into consideration.

      Delete
  56. Hi! I really love LastPass, and I would love to see some blogposts which go into the technicalities of how lastpass is secure & why you don't have access to my data.

    I know this info can be found on the forums ( like how EXACTLY the encryption works, how I can login with my password on your website without you knowing the actual password, regarding OTP's (https://forums.lastpass.com/viewtopic.php?f=12&t=22959 & https://forums.lastpass.com/viewtopic.php?f=12&t=21649) and how sharing passwords works (https://forums.lastpass.com/viewtopic.php?f=12&t=76696)), but this info, consolidated in a larger post, would definately help me to convince other people that indeed there is very little risk in using your service.

    ReplyDelete
  57. I constantly get the Software-Update screen, but after installing Nightly 24.0a1 20130525062525 nightly there ist no compatible Lastpass.

    Will ther be an update to Lastpass soon, so that I can upate my browser??

    ReplyDelete
  58. I just signed up for LP a few days ago and it is packed with glitches! It just doesn't work! I'd rather remember my passwords!

    ReplyDelete
  59. I must admit I haven't gone through all the blogposts and haven't thoroughly googled this so I apologise in advance. My question is if someone has gained access to my computer (not physically) but through a hack/trojan/whatever and my browser is logged in to lastpass wouldn't this attacker be able to access my profiles/secure notes the same way I do (I just activated re-prompt for master password while thinking of it) or get a screen capture when I'm looking at them? And now that I've activated re-prompting for master keyword I will be typing it a lot making life easier for a keylogger, it does not re-prompt me to use my google authenticator. An On screen keyboard is an option I guess and a yubikey for good measure. Well those are my concerns, would be great your input on this old thread, sry.

    Kind regards,

    Premium user.

    ReplyDelete
    Replies
    1. Thanks for reaching out. Multifactor authentication like the Google Authenticator and the YubiKey help because even if a screencapture software or keylogger captures your master password, they can't login to your LastPass on another machine without also having your multifactor authentication. I'm not aware of any hacks that allow malware to just take over LastPass in the browser. You can also set up the autologoff options in the LastPass Icon > Preferences menu so that your session times out and no one can sit down at your computer and just start browsing to your web logins.

      Delete
  60. Edit for above post

    Excuse the typo's, grammar. Non-native speaker, it would be great to get your input on my noted concerns....on this old thread.

    Edit for above post

    Premium user.

    ReplyDelete