Dec 17, 2013

LastPass & Changes to Google Chrome

The LastPass extension for Google Chrome has been updated today to address significant changes that Chrome is rolling out.

Starting in early January, Chrome is shutting off all extension updates that occur outside of the Chrome web store, in an effort to tighten security.

The update is now posted on the Google Chrome store, and we are automatically transferring over our users - most LastPass users will not need to take any action since the changes are happening behind-the-scenes.

However, some LastPass users may see a prompt for permissions to be granted to LastPass the next time they launch Chrome:


If you see this prompt, please press “Allow”. If you see this prompt, a download will start automatically - we start this download because we detect that functionality was lost in the transfer, and the download allows us to add back this functionality.

Again, most users will not need to take any further action, and the prompts for permission are not a cause for concern.

Our updates will allow LastPass users to continue running the extension without issues when Chrome is updated in January 2014, and we will update our community if any other changes will affect LastPass.

Best,
The LastPass Team.

66 comments:

  1. It'd have been nice to display that you need to reset sesame permissions forcefully after the update. Sure had me scramblin' for my USB device at the office yesterday.

    Didn't even start the update at home because I know I'd lock myself out -- worse still, I can't log in with my browser right now (using my saved credentials)

    ReplyDelete
    Replies
    1. Hm, we haven't seen this in-house - did you have the device mark as trusted, and it prompted you for the key?

      Delete
    2. All my trusted computers required authentication with sesame after the update. Luckily I caught this before leaving with my laptop. The 'trusted computers' list in settings still doesn't identify them with a timestamp so there are multiple identical entries.

      Delete
  2. Was the LP extension capable of communicating with native applications already? Or is this new functionality that is required because you want to keep LP updated outside of the Chrome Store?

    ReplyDelete
    Replies
    1. We were previously communicating with an NPAPI component, which requires no additional permissions. However, Chrome is phasing out NPAPI, as posted at http://blog.chromium.org/2013/09/saying-goodbye-to-our-old-friend-npapi.html - so we've switched to a native messaging host, which requires an additional permission (NACL).

      Delete
  3. What happens if you hit deny by accident

    ReplyDelete
    Replies
    1. Go to your LastPass Icon > Tools > About - hit enable native messaging - it should allow you to complete the download.

      Delete
    2. When I go to your LastPass Icon > Tools > About Mine says "Version: 3.0.20
      Built: 2013-12-16 22:21:02
      Binary Component: false (Native Client only)" with a link to "Install Binary Component.

      What action should I take?

      Delete
    3. Please select the "install binary component" link - are you then able to complete the download?

      Delete
    4. I think I'm all set now. It now says Version: 3.0.20
      Built: 2013-12-16 22:21:02
      Binary Component: true (NPAPI version 2.5.5, built Oct 31 2013 14:11:45)

      Is this correct?

      Delete
    5. Yep, that looks correct, as long as you don't see an "enable native messaging" button.

      Delete
    6. I dont want to install the Last Pass software on my PC. I share a PC with my family under 1 account and I dont want extra software. Will this still work as normal otherwise? Like it used to.

      Delete
    7. Yes, you can continue running it as-is, if you have no need for the extra functionality.

      Delete
    8. What are some examples of the EXTRA functionality?

      Delete
    9. The binary component adds the following functionality:

      Idle timeout
      Copy Username/Password/Notes to clipboard (not supported on Linux)
      Faster encryption and decryption
      Share login state between other browsers (not supported on Safari for Windows)
      Fingerprint authentication (not supported on Mac OS X or Linux)
      Smart card authentication
      Import from a file
      Export to a file
      Import Wi-Fi passwords (not supported on Linux)
      Export Wi-Fi passwords (not supported on Mac OS X or Linux)
      Import from Safari and Opera Password Managers
      Add attachments to secure notes

      Delete
    10. There are three problems here. First, it would't happen "by accident" but would happen when a user cancels so he/she could research this and get back to it. Second, the FAQ now addresses it, but says that canceling will keep the prompt from coming back, rather than having this explanation. And third, this should not be buried in the comments, but part of this post itself.

      The ONLY fair assumption here is that a person who is researching this didn't know why the prompt appeared and therefore canceled it to research it. That exacerbates the problem since the FAQ entry is one that does nothing to solve the problem, and does not end the research but starts it all over again.

      Delete
    11. You are a TRUST company. Don't give us a reason not to trust you. Communication is critical around change. With all of the Social Engineering and Phishing scams out there, you need to understand that we don't give trust freely anymore. Please ensure that you provide information prior to a change in a complete manner where we are likely to see it. Provide the information at the source... Your application that pops up in our face needs to be that vehicle.
      Spend more time on your Communication Plan, as you would with your daily build, unit tests or DR strategies (please tell me someone there knows what these mean!). You services people - we like to know what's going on with our private & confidential information.

      Delete
  4. I didn't install the downloaded file. Clicked away by accident as had multiple windows open. Should I reinstall?

    ReplyDelete
    Replies
    1. You shouldn't have to do a full reinstall. As long as LastPass is still installed you can click the LastPass Icon > Tools > About, and click the "enable native messaging" link. The download should start again, and once complete you should be all set - let us know if you see any trouble.

      Delete
  5. I guess the big question is, WHY? Why does LastPass need to update itself outside of the Google Chrome Store? Why do we need yet one more bit of software that needs to skirt around the sandbox because it says it knows better?

    According to the blog you linked to, apps are not effected. There is an app in the Chrome Store, but you recommend the extension, so you are intentionally shooting your own foot.

    What is so bad about doing your upgrades via the Chrome Store?

    ReplyDelete
    Replies
    1. We are now doing all upgrades via the Chrome Store going forward, this change was to facilitate that.

      Regarding the App versus Extension -- unfortunately we have a company violating our trademark as an App -- and Chrome's store lists Apps before extensions (rather than how it should sort -- by popularity). So we made the App to ensure people see us when they're searching for LastPass and know which to install.

      Delete
    2. This seems to be an even bigger problem. Is these a bigger article on this? How can people recognize the incorrect one? Where are things at to have that App removed from the Chrome Store?

      concerned... very concerned

      Delete
  6. I downloaded the native program, but it installs extensions for all browser. I don't want this. So I guess my question is do I need to program for LastPass to work? I though everything was done in javascript, why does LastPass need to run any normal programs on my computer?

    ReplyDelete
    Replies
    1. Binary features like filling in HTTP Auth / Basic Authentication sites are why it's necessary, if you don't need those features you can avoid installing it.

      Delete
    2. that's good to hear. Please don't make a native part mandatory - some of us using the company provided computers will be forced to choose whether to use it, then. unfortunatey I can't really "legally" have this plugin extension installed.

      Delete
  7. Last Pass is difficult if one does not read every detail in the "How to" rulebook.
    I have found over the past few years it is wonderful when it's working right, but a handfull of times over each year I go mad attempting to access my account (Premium).
    The only way to 'talk' to them is by email, which is only a day or TWO fast, and by that time, well, you know what it is like when you cannot access a password.
    It continually tells me I have the same password for a few different websites, but e.g.: Amazon, Audible, and Kindle all REQUIRE one password.
    There ya have it.

    ReplyDelete
    Replies
    1. We're sorry to hear that, John - we do prioritize Premium support tickets with faster response times. However we're happy to be of help if you're still seeing problems. I've noted these sites for testing. Let us know if we can be of further help?

      Delete
  8. Clicking 'Install Binary Component' on LastPass Icon > Tools > About just downloads a zip file. Is it expected nothing more happens? The zip file contains a Installer program, that gives an error when executed: ''Browser extensions installation failed, please see /tmp/lpinstallstatus". But no such file exist.

    On LastPass Icon > Tools > About it still says that no binary component is installed.

    This is on a Mac (Mavericks)

    ReplyDelete
  9. What had me confused with this update was that I never installed the binary component on my computers before and I only ever installed the Chrome extension (not the app), yet this update asked me to install the binary component. I clicked Allow for the request to add additional permissions, but declined to download the binary component. Please explain for my use case

    1) why I was asked to download the binary component?
    2) do I need to download the binary component?

    Thanks, and please try to communicate such changes better in the future.

    ReplyDelete
    Replies
    1. Apologies for the confusion; you do not need to download the binary component. We default to asking to install it because it makes LastPass faster and allows us to provide extra functionality (see above) - you can leave your set-up as is. Let us know if we can address further questions or concerns.

      Delete
  10. This comment has been removed by the author.

    ReplyDelete
  11. The install closed all my Chrome windows and they weren't restored on restart. Irritating as I had lots of research open. Love the product but the communication of these changes to users has been BAD.

    ReplyDelete
  12. I'm sorry, but I don't understand this blog post. I received the "additional permissions" prompt (but only today, four days after this blog post), and clicked "allow". Chrome then downloaded a Windows executable file (lastpass.exe). What does this file do, and why do I need it? Anyway I don't have administrator access on my work computer, so I can't run it. Will my access to LastPass be affected?

    ReplyDelete
  13. This doesn't entirely make sense. If LastPass is moving everything to the Chrome web store, then why are we being asked to download a binary executable outside of the Chrome web store?

    ReplyDelete
  14. Lastpass app for Windows Phone 8 saves few minutes of my precious time every day. I am addicted to this app.
    Thanks lastpass developers.

    ReplyDelete
  15. I see that installing the binary component adds certain functionality, but what does allowing native communication do if we do not install the binary component? Is there a way to go back and disable native communication if we chose to not install the binary component? I can't find an option to do this within the preferences. Thank you.

    ReplyDelete
  16. I am getting this today. Any reason why?

    No webpage was found for the web address: chrome-extension://hdokiejnpimakedhajhdlcegeplioahd/lp_toolstrip.html?browseraction=1
    Error code: ERR_FILE_NOT_FOUND

    ReplyDelete
    Replies
    1. same here... differecne between 32 and 64 bit maybe? i AM USING CHROME ON DIFFERENT COMPUTERS.

      Delete
  17. On May 16, 2011 you stated clearly in a blog post that you would have "Several security reviews per year and that you would share those results with the public". What's happening with that?? I feel like your security has become a mess because of how defaults are handled for browser extensions as well as all the different browser's you're trying to support and methods to get your days inputted. Also, Android users should be told that every app they have installed has access to the clipboard without any additional permissions - so in other words your clipboard feature is HORRIBLE.

    ReplyDelete
  18. sadly i lost fingerprint log-in feature , although it works in firefox , uninstall lastpass and the extension and reinstall didn't help me also i press allow when the pop-up appears but in vain, any suggestion

    ReplyDelete
  19. how can i get the lastpass icon on my google chrome toolbar?

    ReplyDelete
  20. UM... when I enabled that "upgrade," a few different extension viruses by Spigot were added to my Chrome browser. I removed Chrome, reinstalled it, and got rid of the malware using Malwarebytes.

    ReplyDelete
  21. Same problem as above...I lost my fingerprint log-in with the Chrome update. The fingerprint reader works for other programs, and for windows and user log-in, but it's broken in LastPass. I get the request to swipe fingerprint, and immediately after that is done the password sign-in screen pops up. So I type in the password, which eventually becomes a nuisance because it's a very secure password and not easy to type.

    ReplyDelete
  22. This comment has been removed by the author.

    ReplyDelete
  23. How does LastPass compare with 1Password on a MacBook Pro retina using chrome browser?

    ReplyDelete
  24. Hello! I have a bit of a problem that I (after a quick look) didn't see answered in the comments already. I use 2 different Chrome user profiles a personal profile and a work profile. I have a LastPass account for each work and personal.

    I've noticed with the new download that if I log into the extension for my work account on my work Chrome Profile and then go to my Personal Chrome Profile that LastPass is logged into my work account on both. This happens in reverse as well. It used to be that each LastPass extension for each Chrome Profile acted independently. Is there a simple fix I'm missing here?


    tl;dr LastPass extension logs into same account on any Chrome Profile I'm logged into.

    ReplyDelete
    Replies
    1. Hi Kevin: In the LastPass Icon > Preferences > Advanced, in each profile, uncheck the 'share login state' option. Then try again - does it work the way you'd prefer now?

      Delete
    2. Thanks so much for this tip, this was driving me crazy.

      Delete
  25. Hi,
    Am getting the below error in Last pass plugin in chrome after a cleanup with CCleaner. Hos do I fix this issue.
    chrome-extension://hdokiejnpimakedhajhdlcegeplioahd/lp_toolstrip.html?browseraction=1
    Error code: ERR_FILE_NOT_FOUND

    ReplyDelete
  26. Finally, someone that is having the same issue I am after using CCleaner. It seems after using CCleaner, all the Chrome settings get erased and it logs out of Chrome. So I have to relogin and then it loses the settings on all my extensions and wants to reinstall LastPass. This is a big problem, but seems to be more of a Chrome problem than a LastPass problem. I end up using the vault to get my chrome (gmail) password and then use it to sign in to chrome.

    ReplyDelete
    Replies
    1. Have you tried setting an exception for LastPass in CCleaner? Typically you can whitelist a service so that the cleaner ignores it and doesn't cause issues. If problems persist, please get in touch with the support team directly: https://lastpass.com/supportticket.php

      Delete
  27. HI,

    Re-posting my query which I had posted on 31-Jan-14. Kindly revert ASAP with a fix.

    Am getting the below error message in Last pass plugin in chrome after a cleanup with CCleaner. How do I fix this issue?
    chrome-extension://hdokiejnpimakedhajhdlcegeplioahd/lp_toolstrip.html?browseraction=1
    Error code: ERR_FILE_NOT_FOUND

    ReplyDelete
    Replies
    1. Please follow the below steps:

      1) Fully uninstall LastPass from Program Files
      2) Fully uninstall LastPass from Google Chrome
      3) Download and install https://rodan.lastpass.com/lastpass_x64pre.exe
      4) Install https://rodan.lastpass.com/dl/inline/pre.php

      If problems persist, please get in touch directly with the LastPass support team by opening a ticket at https://lastpass.com/supportticket.php

      Delete
    2. Thanks a ton.. its working fine now as per your guidelines... :)

      Delete
  28. LPChrome_mac.crx doesn't work, since Chrome won't allow extensions to be added externally. So I can't install the binary version. Opened a ticket on this. Second question: will binary version allow import of my Keychain data?

    ReplyDelete
    Replies
    1. Running the full Mac installer: https://lastpass.com/installer should allow you to install the binary component, and then import. Please let us know if you have trouble with the full install.

      Delete
  29. i have this version installed on chrome:
    Version: 3.1.1
    Built: 2014-02-15 07:53:23
    Binary Component: true (Native Messaging version 3.0.15, built Nov 23 2013 14:33:22)

    but lastpass no longer autofills fields, nor can i prompt lastpass to fill, i have to copy and paste everything now manually. what gives?

    ReplyDelete
    Replies
    1. Hello: Can you try installing the prebuild from the Chrome webstore at https://lastpass.com/dlpre and confirm if this problem continues?

      Delete
    2. actually in the meantime, i uninstalled and reinstalled with binary from the lastpass "all download options" page and that seems to have resolved the problem

      Delete
    3. Thanks for the follow-up, let us know if any issues reappear.

      Delete
  30. Hi I'm using Lastpass with chrome, recently I am unable to open/edit a Vault entry of form fill entry that I have ticked as require Password prompt. In the past when clicking these entries in my vault, a popup window would open asking me to enter my master password. This popup does not appear anymore.

    Can you please advise how I can fix this.

    ReplyDelete
    Replies
    1. Hi Darren: Thanks for the report. Thus far I can't reproduce - are you seeing this with the latest download from the Chrome webstore? Please submit a detailed report to the team: https://lastpass.com/supportticket.php and we can test / debug further with you.

      Delete
  31. I tried to add an attachment, but when I clicked on the paper clip :Last Pass said I needed to install the binary version. I just did that, and now the attachment option doesn't appear. What do I need to do to do an attachment?

    ReplyDelete
    Replies
    1. Is this with Chrome? Can you check your LastPass Icon > Tools > About to confirm which version is installed and if binary is showing as successfully installed? Please report details to the team here: https://lastpass.com/supportticket.php and we'll investigate further.

      Delete
  32. We provide best services to any kind of windows 7 related problem if any need please go through this site and solve your problem online ,provide tall free number .
    windows 7 problems
    Thank you
    Aalia lyon

    ReplyDelete
  33. This comment has been removed by the author.

    ReplyDelete