What Do You Want to Know?

 Hey LastPass-ers – we want to hear from you!

We’re looking to build more of a conversational series of blog posts, especially for Fridays, where we post answers to your questions, spotlight helpful tips, conduct polls, and more.

So to kick off the series, what would you like to know more about from LastPass?

To prompt some potential topics:

  • What LastPass features would you like to know more about?
  • Which technical concepts would you appreciate more information on?
  • What’s going on in the news or the tech community that you’re curious about?
  • If you had the chance to chat with a LastPass team member, what would you ask them?

Post questions in the comments or send them our way via Facebook, Twitter, or Google+. For questions that we end up choosing, you have a chance to snag a LastPass T-shirt!


  • Anonymous says:

    Edit for above post

    Excuse the typo’s, grammar. Non-native speaker, it would be great to get your input on my noted concerns….on this old thread.

    Edit for above post

    Premium user.

  • Anonymous says:

    I must admit I haven’t gone through all the blogposts and haven’t thoroughly googled this so I apologise in advance. My question is if someone has gained access to my computer (not physically) but through a hack/trojan/whatever and my browser is logged in to lastpass wouldn’t this attacker be able to access my profiles/secure notes the same way I do (I just activated re-prompt for master password while thinking of it) or get a screen capture when I’m looking at them? And now that I’ve activated re-prompting for master keyword I will be typing it a lot making life easier for a keylogger, it does not re-prompt me to use my google authenticator. An On screen keyboard is an option I guess and a yubikey for good measure. Well those are my concerns, would be great your input on this old thread, sry.

    Kind regards,

    Premium user.

    • Amber Gott says:

      Thanks for reaching out. Multifactor authentication like the Google Authenticator and the YubiKey help because even if a screencapture software or keylogger captures your master password, they can’t login to your LastPass on another machine without also having your multifactor authentication. I’m not aware of any hacks that allow malware to just take over LastPass in the browser. You can also set up the autologoff options in the LastPass Icon > Preferences menu so that your session times out and no one can sit down at your computer and just start browsing to your web logins.

  • Anonymous says:

    I just signed up for LP a few days ago and it is packed with glitches! It just doesn’t work! I’d rather remember my passwords!

  • TaugenX says:

    I constantly get the Software-Update screen, but after installing Nightly 24.0a1 20130525062525 nightly there ist no compatible Lastpass.

    Will ther be an update to Lastpass soon, so that I can upate my browser??

  • Laurens says:

    Hi! I really love LastPass, and I would love to see some blogposts which go into the technicalities of how lastpass is secure & why you don’t have access to my data.

    I know this info can be found on the forums ( like how EXACTLY the encryption works, how I can login with my password on your website without you knowing the actual password, regarding OTP’s (https://forums.lastpass.com/viewtopic.php?f=12&t=22959 & https://forums.lastpass.com/viewtopic.php?f=12&t=21649) and how sharing passwords works (https://forums.lastpass.com/viewtopic.php?f=12&t=76696)), but this info, consolidated in a larger post, would definately help me to convince other people that indeed there is very little risk in using your service.

  • OBloodyhell says:

    A couple suggestions for the “LastPass Security Challenge!”

    1) Allow me to delete some of them from here, or pull up the exact same view in the vault (either is fine. A checkbox for deletion would Be A Real Good Thing, which can then xfer info back into the vault, if better from a security point of view)

    Why: I have 58 on this list almost all of which qualify as garbage. I have no idea where they came from (though i can often guess which site they are *supposed* to connect to), but they are not valid entries. I can probably do this via the “vault”, but the password being zero and “all these have the same password” is a useful context to spot the bad sites.

    2) Allow one to mark sites as “low security” so they don’t factor into the “duplicate” rating. You have to log into almost ANYTHING to post a comment. I have a small number of pswds I use for these. I really don’t CARE about security here. I am not overly worried somehow with the idea of someone somehow, magically, getting the pswd from my one-time comment post on “JrandomBlog” and connecting that (again, magically) to my three-time comment postings on “Heretherebeblog”. Why would I care? Someone posting up “fake” comments “from me”? Why would I care, there’s a huge chance I’ll never ever visit either of those blogs ever again.

    Why: about 270 of these irrelevancies or close-thereofs.

    3) Allow me to identify some sites as “medium security” if they are the same site, with different logins. the obvious example of this is about four “spam” e-mail accounts associated with yahoo. i use them whenever i am forced to enter an e-mail address to register and gain full use of a site, but they aren’t used in any “official” manner and i could live if someone hacked them. So the fact that all four share the same pswd is of no significance. I don’t use the “low security pswd”, but hacking one and somehow connecting it to the others is both not a big likelihood and next to no major significance. they aren’t “me”.

    Why: probably about 5-15 of these accounts sharing 2-3 pswds.

    4) Allow me to make items in the group for changing next time i access — and when i do, have last pass pop up a reminder for me to change the pswd until i actually do it or tell it to “go away.”

    Why: it would make the securitization process more flexible to match my own time-usage of the sites.

    With these changes, i could get a real idea of my security state in terms of what *I* consider needing protection, as well as implementing that protection.

    • Amber Gott says:

      Thanks for the great suggestions. We’re in the midst of improving the security challenge, so we’ll take these into consideration.

  • Shea Bunge says:

    What’s the optimum length for a secure password? I know some sites limit the length, but for those who don’t, how long is best when using the LastPass secure password generator?

  • Anonymous says:

    When adding a site, Last Pass often grabs the full URL which is then useless. Could this be truncated so it’s just the domain value (i.e. google.com instead of google.com/login?8329083nsd) by default? Issue is that the full value is often wrong and won’t work with your autologin feature, but if you know to truncate the entry to just the domain the LastPass autologin always works.

  • Chris says:

    A specific way of storing IT log on’s and application passwords. Not every password is for a web site!

  • Jeff says:

    Often when I log into LastPass I immediately launch a number of web sites – if one of those has “Require Password Reprompt” set I have to re-type my master password even though I typed it mere seconds earlier.

    It would be awesome if LastPass could either:

    (a) Have the “Do not reprompt for (x hours)” option appear on the initial login screen.

    (b) Somehow detect that I typed my master password only a few seconds earlier and not bother me to re-type it (a very small window eg 10 seconds would be sufficient).


Get LastPass Now! Download