Feb 7, 2013

LastPass 2.0.20 Released for All Browsers, Featuring an Automated Security Score

We're excited to announce a LastPass addon update for all browsers! The release comes with several changes, big and small, as we continue to improve the core functionality of our password manager and bring more features to help you better manage your online life.

The latest update includes:
  • An automated security check that displays your score in your vault
  • Easy access to the password generator in the main LastPass addon menu
  • Automatic clearing of data filled by LastPass on logout
  • Performing hashing in binary component to speed up login, with the recommendation to increase password iterations to 5000
Included in the latest release are also a number of bug fixes and incremental updates as we continue to make LastPass even more robust, more effective, and more awesome for our users.

Feature Spotlights


In this release, we're making password management a more active process, so you know when to make changes that will improve your online security. Good security is about being proactive and mitigating risk, and our newest features will help you accomplish both.

Automated Security Check Score

One of our best loved features, the Security Check analyzes all of your stored passwords and gives you a score from 0-100 based on the strength of your passwords, the frequency of duplicated passwords, and the use of other LastPass security features. It also makes recommendations on how to up your score and improve your overall security with LastPass.
Now, your current score will be displayed on the left of your vault at all times in the "Security Check" menu option, a daily reminder of how far you've come and how far you may have to go in improving your online security.

An Accessible Password Generator

The LastPass password generator helps you create strong, unique passwords as you register for new accounts and update old passwords. We've made this feature even more accessible by including it in the main addon menu.
Now, even if you're not on a site registration form and you still need to generate a password, you'll have a super-secure, unique password in just a few clicks.

Automatic Clearing of Fields Filled by LastPass

A frequently-requested feature, LastPass now offers the option to have all fields filled by LastPass cleared when you're logged out of LastPass. Previously, if your LastPass session was still active in the browser and a login page was open, any stored logins would be filled in automatically, and the data that LastPass filled would stay filled regardless of whether LastPass timed out.
If you enable this new preferences (in the LastPass Icon menu, in the Preferences menu under the "Advanced" tab), if LastPass times out or is logged out, any data filled will be cleared at that time.

Password Iterations Can Be Increased Due to Increased Login Speed

This all gets a bit technical, but what's important is that we've updated LastPass to speed up the login process by performing hashing in the binary component.

Because login is now faster, we also recommend increasing your password iteration (PBKDF2) count to 5000. PBKDF2 is, essentially, a "password-strengthening algorithm" that makes it difficult for a computer to check that any one password is the correct master password during a brute-force attack. More iterations make it even more difficult for a computer to attempt to brute-force the password.

All new LastPass accounts will have a default of 5000 password iterations, while all current users can increase their count by logging in to their LastPass addon, opening their vault, select the "Settings" menu, and using the "Increase Iterations" option.

And More:

Other notable fixes in the latest update include:
  • Maxthon browser support (in beta)
  • Perform hashing in binary components to speed up login, with password iterations recommended to be set at 5000
  • Auto-clearing of data filled by LastPass on logout
  • A fix for NTLM authentication in IE
  • There were also a number of updates for LastPass Enterprise, which we'll spotlight in a follow-up post.

We're Moving Right Along!


Over the last several months we've pushed out a number of releases and updates that help us continue to offer valuable features and improve the overall LastPass user experience. Here's a recap of some of the notable changes:
  • Windows 8 App: We fully support Microsoft's new OS, in both desktop and "metro" mode. LastPass can be downloaded just as before in desktop mode, while our LastPass Windows app is now available in the Windows Store for use in "metro" mode.
  • Windows Phone 8 App: Our Windows Phone app recently got an overhaul, with support for Windows Phone 8. We've reset everyone's trial, if you want to try out the new app!
  • LastPass Sentry: We've partnered with PwnedList to offer Sentry, which performs daily searches of PwnedLists's database of leaked accounts for matches to LastPass accounts. The feature alerts users to potential risks and indicates which passwords need to be updated.
As always, we owe a big "Thank you!" to all the users who continue to use LastPass and help spread the word. More exciting features and improvements are on their way, so as always, stay tuned!

- The LastPass Team