The most important thing you can do to improve your security is to use LastPass. It’s more convenient and more secure than a notebook in the desk drawer or any password system that relies on your memory. Once you have confidence in LastPass (or any password manager), you can use unique random passwords (the ones that look like this: g88*GZ&&HwRx) for every website. There will be far less of a chance that you’ll be hacked by someone running algorithms to guess your password, and you won’t have to worry about other accounts if one of your passwords leaks out in a large-scale hack of a big company.
LastPass is a free app. Sign up for it at www.lastpass.com. On a computer, most of you will use the Chrome extension that puts a LastPass icon in the upper right corner. There are LastPass apps for iOS and Android phones and tablets, and you can always get to your information from the LastPass website. Most individuals have a free account; there are a handful of features that might make you want to pay a few dollars for a premium account. LastPass makes money from its business and enterprise services.
LastPass has a long history. It is tested and secure. In the next article I’ll talk about the pros and cons of using Google Chrome to manage your passwords instead of LastPass – perhaps a bit easier than LastPass and definitely a step up from storing your passwords on Post-its. There are other password managers (Dashlane, 1Password) and many of them are just fine. They work similarly to LastPass. If you’re interested, you can read an exhaustive comparison of all the leading password managers at The Wirecutter. If you’re already using something else, keep using it. But let me cut through it: if you’re starting from scratch, LastPass should be your choice.
We’re going to talk about how password managers work, and some of the specific LastPass features that make it wonderful.
How LastPass works
LastPass is a place to write down your passwords and save them so you can find them later. It’s a notebook where you can look things up, with a design that’s perfect for passwords and confidential information. It’s more convenient than the notebook in the drawer because it’s easy to search for things and you can get to it easily from all your devices.
All password managers work in the same way. Your private information is stored in a vault that only you can open. There is a master password used to open the vault – a unique complicated password that only you know. You can’t open the vault without it. (In another article we’ll talk more about two factor authentication and security keys, which provide additional security.)
That’s why there are three important principles for LastPass and other password managers.
(1) The master password has to be unique and very secure. It’s like a combination to the safe that holds all your money and everything dear to you. If someone can guess your master password, all your secrets are exposed and life is no longer worth living.
(2) You must never forget the master password. The safe cannot be opened without the combination. LastPass customer support cannot look up your password. They can’t help you change it. For all intents and purposes, if you forget the password, the vault cannot be opened. Ever.
(3) You must never forget the master password. You’ve got that, right? Let’s not have any terrible mistakes.
You can open up your LastPass vault on any device – computers, phones, or on the LastPass website. All of your passwords are there on every device, magically kept in sync. The service is built in a way that makes LastPass very, very secure. Basically, LastPass encrypts all your passwords and secure info on your computer, using a security key that only you know – your “master password.” Then it transmits the encrypted blob to LastPass online servers. LastPass never knows your master password. The company literally cannot decrypt your data. If LastPass is hacked and bad guys (or the NSA) break into the LastPass servers, you’re still safe because the bad guys would only get heavily encrypted blobs that they could not decrypt.
When you connect to your LastPass account from another computer or from your phone, it downloads your encrypted blob and decrypts it on the device using the master password and voila! you have your passwords. Changes are synced quickly so your LastPass vault is always up to date, regardless of what device you use. It’s a very clever, very safe system.
LastPass is a notebook to save passwords. I want you to have that in mind because LastPass is widely misunderstood. You see, LastPass and the other password managers also do some cool tricks. The best one: when you get to a website with a password field, LastPass tries to fill it in automatically for you. When it works, it’s a great trick.
Sometimes the trick doesn’t work. Websites can be designed in a number of ways that prevent login names and passwords from being filled in automatically. When that happens, I hear people complain – “LastPass is buggy, it’s broken, it sucks.”
The cool tricks are not the point. If LastPass can’t fill in a bank password automatically, that’s not a bug in LastPass. That notepad in the drawer doesn’t fill in passwords automatically, does it? If you have to look up a password in the vault or add one manually, LastPass is still doing its job – no complaints, no regrets.
Why LastPass is particularly swell
Getting started with LastPass is easy. Once it’s running in Chrome, it will offer to save passwords when you fill in your login name and password on some website. The next time it will offer to fill it in automatically. You can open the LastPass vault and add passwords and other information any time.
Here are some of the LastPass features that you might want to explore once it’s up and running.
Reach for the upper right corner. The LastPass icon in Chrome provides easy access to a wealth of features and information. You can search for anything stored in your vault. You can open the vault with a single click. If you’re on a site that LastPass recognizes, the menu under Show Matching Sites will try to fill in password information automatically or copy your login name or password to the clipboard. If you’re signing up to a new site, you can generate a secure password and fill it in with a single click.
Automatically update passwords. On several dozen of the most popular websites, you can update your password with a single click. In the LastPass vault, click on the wrench icon for sites like Facebook, Amazon, Google, and many others, and look for “Auto Change Password.” LastPass will show a progress bar while it logs in behind the scenes, changes your password to something secure, and saves it to your LastPass vault, all automatically.
Share your passwords and provide emergency access. LastPass has built-in tools for sharing any or all of your passwords, as well as a process for providing emergency access for someone you trust if you become incapacitated or die.
Store credit card details and other confidential information. LastPass Secure Notes can hold any kind of information. There are specific forms for credit cards, insurance information, bank accounts, and much more. You can attach pictures and files to anything in the LastPass vault – pictures of a credit card or passport, for example.
Write down security questions and answers. You can add notes to any item in LastPass. If a site asks for security questions and answers, write them down in LastPass on the card with the password for that website.
Spend some time on the LastPass website. LastPass makes it easy to get started but it becomes far more useful if you spend a few minutes learning how it works. You are trusting it with crucially important information. It’s worth an investment of some time. Start here. Watch a couple of short videos, read a little bit about something that might be helpful to you.
Start using LastPass. You’ll feel safer and you won’t be as worried when the next big hack is announced.
How can I correct a mistakenly entered a wrong password in a site my computer. My wife uses the old password on her computer and it works but not on mine. I deleted the site with the wrong password from computer, reentered the site it now the site won’t open.
There are many places where a password might be saved. If you’re using LastPass, do a search in the LastPass Vault. If you’re using Chrome, click on the three dots in the upper right / Settings / Passwords. Good luck!
I downloaded LastPass to see how it works.
I loaded one item with password, then-exited the app.
Upon retrying the app i clicked and Last Pass i saw the entry and password. I never was asked to use vault password to get into the app?
How safe is this app if you do not have to have password to get into the vault?
If a local copy of your vault is decrypted and on your computer, how is this safe? Could this database be hacked? Any program, extension, app could be looking for such data.
The local copy of your database is also heavily encrypted. I can’t speak to the technical details, but as I understand it, LastPass is syncing an encrypted SQLite database. It is stored encrypted on your hard drive and only decrypted when the master password is supplied. My guess is that it is only decrypted for the specific purpose necessary – filling in a password field, say. It’s not that an unencrypted copy is opened and stored on your hard drive.
One of the things that makes Lastpass more secure is that they do not store your master password. You must remember it. I have tried Dashlane, 1password, and Lastpass. Lastpass is the best for me. I might also add that anything could happen to me at any time. So, I regularly export my Lastpass vault content, print it, and put it in my home safe, and shred the previous one. That pretty much covers me for the vast majority of situations.
A suggestion for remembering your master password:
1. Create a file with dozens of lines of what might be passwords.
2. Hide your master password amongst them
3. Add 1, 2 or 3 characters at the beginning or end.
4. Change 1 or more characters in the password to something else
5. Change capitalisation of one or more letters in the password.
6. Reverse a couple of characters.
7. Do any or all of the above.
8. Email it to yourself with a title you will remember
9. Do similar with hints as to what you did and hide them within other hints.
10. Send that file to a different email address.
Now you CAN retrieve your master password with a bit of work.
You can also create another file called “reminder”, say, which contains just a number – the line number of the correct hint.
Admittedly the above is overkill but it is easy to disguise your master password so you should be able to find it but is extremely unlikely someone else will.
Glad to find ! site. Just read this entire blog.
I have used LastPass since shortly after its release in 2008, over 10 years. Early on it had some creative options; like even printing out a paper puzzle to carry in one’s wallet that only the user could decipher to recall the master password. I learned what it could/could not do and used it on most of the popular platforms and with most of the popular browsers. I was very happy until recently – not that I have given up just yet. But am now writing on a Mac using Firefox and now have, unintentionally, THREE different LastPass icons on my screen – all wanting separate logins! I understand why and how, but I pity all the non-techies.
It was obviously created by a few dedicated and talented coders. But, as is the norm, success brought value and value brought buyers. My first clue was the tripling of the Premium subscription price with the buy-out by LogMeIn.
I think Jon (Jan 19) has it right. Now it has all the trappings of corporate bosses more interested in “screen-eye-appeal” than functionality. I coped with this mentality for years with one of the largest EMR companies. So many coders with so many bosses at crossed purposes with mixed motives.
madpeepsmadisonpeople (Feb 20) has picked up the scent also. The bigger the player and the longer their reach then the greater the temptation to “out-source” (with risks) and to “data-mine”. For a review of security issues see: https://en.wikipedia.org/wiki/LastPass
Has LastPass become too big to trust?
5 stars to Bruce’s post: https://www.brucebnews.com/2019/01/its-not-just-your-computer-everything-is-too-hard-to-use-and-its-not-your-fault/
Thank you for the info, Bruce. I use both ios on an iPhone and Windows on a PC, so I decided yesterday to try LastPass and have spent several hours today trying to climb the learning curve. The info is your article and the comments is invaluable and convinced me to carry on. Thanks again.
Absolutely amazing, this page and support requests. The cross-issues people are getting due to browser /device set-ups (which have little, or nothing to do with LastPass), then the *demand* for support because they had paid for a product – even though, for example, they forget their vault password (which is, obviously, the one thing that has to be remembered for everything to work) and so on. I mean, wow, overwhelming..:) Anyway, just thought I’d comment and mention my new-found respect for user and technical helpers; they are the true champions! xD
You’re absolutely right! But then, I would think so, wouldn’t I? (grin) This was my sympathy note to people who are understandably confused by today’s world: It’s Not Just Your Computer – Everything Is Too Hard To Use (And It’s Not Your Fault)
Dear BRUCE BERLS,
I was looking at what safari made me do to access Lastpass. Install an app and not provide the standard Extension:(:(
I looked for the version number and saw they had introduced list of third parties
THE REAL Last pass site has a ex Extension for Safari, it been block, download fail after 20 min that Apple is how I believe Apple is breaking antitrust laws.
should I ry again?
BTY
(Safari Browser no long hrs show URLs in search window ..!?
Whats with that? pure evil
here is a tiny sample of the ratF@##ers)
[copy+patse]
Third-Party Software Licenses
Portions of LastPass software use third-party libraries; their licenses are reproduced here in accordance with their licensing terms. These terms only apply to the libraries themselves, not LastPass software.
We thank the many developers of open source software for their contribution to the world.
Copyright ©LastPass 2008 – 2020 – All rights reserved.
32feet.NET
https://www.nuget.org/packages/32feet.NET
Copyright (c) 2003-2012 Alan McFarlane Peter Foot
Licensed under the MS-PL License
https://opensource.org/licenses/MS-PL
A C++ Implementation of the Rijndael Encryption/Decryption method
http://www.codeproject.com/Articles/1380/A-C-Implementation-of-the-Rijndael-Encryption-Decr
Copyright (c) 2002 George Anescu
Licensed under the MS-PL License
https://opensource.org/licenses/MS-PL
••THE LIST IS A MILE LONG..!
(I am trying to boycott google and Use the new browser, Brave :):) and it worked flawless until a few days ago. I trashed chrome and firebox)
This lossy Frankenstien App is put in the “menu Bar” stupid and break nearly every everything.
Apple bullies users to Do it their way, and then “their way” is what users worry to learn, a trap of the filmalar and time management. who wants to learn another complex way to do the same thing, and tray trap in Apple antitrust world.•• My opinion••” I can’t see any other reason for such ploys
I looked for the version number and saw they had introduced list of third parties
I’m not going down this road
I clicked a link that claims to be an ofiacl
Hi! We are here to help you.
Type your question here, or browse topics below to view answers or reach a support agent.
Search results available, use TAB key to navigate
Clear search querySearch
Amazon AppStream 2.0 App Integration
Copy this answer
Set up an app integration so that your user can sign into this app using the same credentials that they use for LastPass.
This is new to me?
LogMeIn (LastPass) to be acquired by Private Equity Firms
by Martin Brinkmann on December 18, 2019 in Internet
LogMeIn announced yesterday that it will be acquired by Private Equity Firm for approximately $4.3 billion in an all-cash transaction.
You should be able to log in to LastPass and see your vault when offline. As for online access, there is an option in Advanced settings to stop LastPass working in different locations. Make sure France is enabled.
I haven’t read every post here so maybe this has been pointed out before but just in case here is my own experience…
I have never encountered the problem of not being able to login to LP because of a forgotten password, my own password is very secure but memorable. However, I have a different wrinkle. I have tried to use Lastpass when abroad in France on holiday, (I’m UK based). Even with the correct Lastpass master password I was refused entry because I was in a new location. I was sent an email with verification details in it which I had to respond to before entry would be allowed. And you know what is coming here don’t you? I couldn’t access my emails because I couldn’t get at the extremely secure email client password held in Lastpass.
I have pointed this out to Lastpass Support but they really couldn’t take in the issue and just advised me the same thing each time. Access your email for the verification process. No help, no comprehension, apparently my own fault.
This is a fatal flaw and the only way around it I could see was to actually create a unique separate email account only for Lastpass verification giving it a simple memorable password. This account would only be used in the event of having to go through that ridiculous process of verification. If it requires its own email account just for the rare need to access it under these circumstances then it is really over the top and becoming unusable.
I can understand the idea of verifying if access is attempted from a remote place but it would be better to at least allow the option of verification of user via mobile text message just as credit cards and banks do.
I have now found that Eset Internet Security which I have used for many years and have found to be both powerful and incredibly good value can be updated to Smart Security Premium for only a few $ more. This is a lot less than Lastpass per year. And, guess what, SS Premium has its own password manager built in! Guess what…
Tedious writing from a world class blowhard. If you can’t get views without deceptive click bait headlines, get off the net and save us the tedium and yourself the hosting and domain costs. Your “apology” for your behaviour only makes things worse – it makes it clear that you are aware of your fraudulent misrepresentation and chose to proceed anyway. Having proven yourself so untrustworthy at our introduction, what on earth makes you think we should value the rest of your ramblings?
Wow, I’m preening just a bit – not just a blowhard but a world-class blowhard! I didn’t realize I had reached that level. Thank you!
Don’t forget to subscribe. I’m going to be writing a short followup about LastPass and now I think the headline should be “Tedious Ramblings About LastPass,” to balance this article. Keep an eye out.
I used to be an Avid fan of Lastpass, I would tell everyone about how great it was, but that was then and this is now
Lastpass is one of the WORST applications I have had the misfortune to rely upon
It started to go downhill when they increased the whitespace so that on a 15″ laptop you have to scroll on their dialog box, this is what happens when you give your developers 28″ Screens and they write software that is used on Laptops. Just HUGE amounts of whitespace, BTW a 15″ laptop is still the most common device out there.
Next comes performance, Lastpass seems to turn browsers into snails, makes their memory go through the roof and makes everything go slow slow slow.
Next comes function, well when you get “invalid response” upon trying to save a website you are pretty screwed, so you go to the website (where you are forced to use your master password to login to the site OR the Forum, this is a huge security breach, the idea of the master password is that it is stored in your head, the LAST password you will have to remember.
When you finally get the vault open again the AWFUL bloated big icons and massive whitespace, just makes the page unreadable, as if that was not enough it has this “let me show you around” crap, you select NEVER show me again but Lastpass fails to remember this. so every time you login it is taking up screen estate.
So I tried the mobile versions, on an Iphone, it just does not work the way you would want, keychain does work so you abandon Lastpass.
I tried different browsers, Opera, Brave, Chrome in addition to Firefox, it does not work well on any of them, slow and clunky, poor UI, just awful.
Then we come to plugins browser extensions, these are screwed, I mean forget all the identities, bank accounts and all that, what is the first thing you want LastPass to do, STORE A WEBSITE PASSWORD, but the SITES menu option has GONE, the save all entered data has been buried three levels deep and even if you use it , Lastpass will not save it giving you the wonderful “invalid reponse” error.
I partly blame the rapid “flipping” of this company, it has been sold so many times it is hard to keep up.
The software developers are obviously keeping cards close to the their chest so the new owners can’t improve the product, the coders probably say “security risk” and the manager goes “oh shit I better leave this well alone”
What needs to happen here is for the code to be properly documented, the team then need to be split up and the whole thing rewritten to be lightweight and functional.
Right now this product is begging for a competitor to take an export and import it, except guess what, if you export all your data, yes it is YOUR data, they do not give you all of the data stored, notes are not there, not all fields are exported, so you are screwed again.
I tried contacting support, apparently the original developer is in there shutting down any negative posts, I asked people if I pay will they fix this, the answer came back, save your money.
If you have not implemented LassPass, take my advice, FIND ANOTHER PRODUCT, ANYTHING IS BETTER THAN THIS.
As for the clickbait headline, what makes my Jaw drop is how this awful product is still alive.
An update a few months ago slowed LastPass to a crawl in Chrome. It’s really noticeable and a problem.
I sadly agree much so. This has been my grip for a long time…and since v4.0 (v3.0 was the best in design and performance). The overuse of whitespace makes this not pleasant to use. However, I’m too entrenched to switch…several 100’s of entries between my spouse and I. For the most part it still does what I need/want and works…and it does make password security easy and secure. But, I have to watch for the gotcha’s! like when I am logging in to a new site, LP asks to save my new randomly generated secure PW…and it doesn’t. I frequently save that newly generated PW to the clipboard as a backup in case LP doesn’t finish its job. The emergency backup features are nice, we use the family plan and can cover for each other in the event of the unexpected.
One think I like is saving EVERYTHING else I have…all my CC’s, licenses, software keys, important receipts etc. in the secure notes so I have a record. I still push it to anyone I can because there are so many people I work with regularly in IT that don’t use anything…just the same password over and over and over…
I also don’t like the way LogMeIn works…like their products for the most part, but I don’t think the developers use their own stuff much. It doesn’t show in the design.
I’ve long been in the habit of saving complex passwords to notepad just in case. It’s gotten better recently, as long as you punch the button to update LastPass before touching anything else on the page – but better safe than sorry!
I just read that you have to download to iPhone through the App Store–you have to download the App. .
Absolutely. In fact, Lastpass wrote a blog post a few days ago about the Safari extension, with step-by-step instructions about how to get started and what to expect. https://blog.lastpass.com/2019/01/change-safari-extension.html/
I have not signed up for LastPass. I have this question. all of these posts reference Chrome. Safari is my browser. Does it work on Safari? Is it preferable to use Chrome? How big a deal is it to change browsers?
I am using LastPass successfully on PC, but can’t get it to work on iOS 13 with Chrome. Have downloaded the app, and tried to get the extension going but no success. Instructions say to open the app, and then tap the Tools button at the bottom. But there is no Tools button and I don’t find anything promising in the adjacent settings button. Any suggestions?
I don’t have an iPhone to test, so I’m not sure. Do some Googling, somebody has to have been in this position.
Thanks for the article and replies to comments Bruce – quite instructive.
Now for the dumb question. If LP stores my vault information on their servers (ie there is no local storage on my devices) and for some reason LP servers are out of service, is my vault (and therefore vicariously my access to sites needing passwords I have stored in the vault) effectively inaccessible? Many thanks in advance.
As I understand it, there is always a copy of your vault on your local device – it’s heavily encrypted, but it’s stored locally. You can use LastPass on a PC or phone in airplane mode.
The encrypted vault is synced to the LastPass servers online. If you get a second device, the encrypted vault is copied to local storage on the second device where it can be decrypted.
Try my site. Let me know what you think it needs.
https://whatthepass.com
How do I encrypt the Chrome LastPass vault?
Not sure whether this will answer your question: your computer has a single encrypted copy of the Lastpass vault. It’s decrypted when you put in the master password, and stays decrypted for as long as you want. If you run Lastpass in Chrome, it decrypts the vault and makes it available while you’re browsing in Chrome. There are settings for when it closes the vault – it might keep it open all the time, or close it when you close Chrome, or close it when you haven’t been active for a certain length of time. (Look under Account Options / Extension Preferences.) Once the vault is closed, you’re back to just the encrypted vault on your hard drive. You’d have similar options if you used LastPass in another browser – there’s just the one vault, and it’s up to you how long it stays decrypted.
A few months ago I began subscribing to a Lastpass account and got beyond the point in the process where I had made up a Lastpass password when I was interrupted and had to stop before completing the process. Days later I returned to the project, but found that my email address is not eligible because it already had already been associated with the password I had previously chosen, but had not written down yet. How can I just cancel everything I did with Lastpass before and start over?
See if it works to reset your account. There’s no direct link to the article but google “lastpass reset account” or search for it here: https://support.logmeininc.com/lastpass
As soon as I get access to my lastpass vault again I’ll be extracting my data and never going back. I’ve used LP since 2015 and have relied on it heavily, and trusted it. Now I can’t login due to a 2FA issue and it has been 4 days since I logged a support ticket. No response. 4 days without access to all of your passwords and secure notes? It’s a worrying time but I guess I can reset 100+ passwords and just forget about the secure notes? It’s my fault for putting faith in a third party, I should have had a backup. But my advice is to steer clear of LastPass.
I’m constantly running into websites that have restrictions on the special characters that can be used within passwords. And some that don’t allow them at all. Does LastPass have the ability to detect that when using the password generator feature for those websites?
Not in my experience, but it has checkmarks on the little window that generates secure passwords so you can turn on or off special characters and set the length. Plus some helpful checkboxes to generate passwords that are easy to say (for memorization), or easy to read (avoiding 1/l, 0/O, and the like).
Today I have lost the ability to log into LastPass.
1) I have NOT changed my Master Password
2) I used LastPass yesterday without issue
On any device I now get:
‘Please review the information you entered and try again.’
When I attempt to login.
Have I been hacked?
Hello.can.I.you.assist.me.to.log.in.,I.don’t.have access to.my email.or.password I lost everything in landslide I can even.remember ,I use to log into sure thru authentication code sent.to.my.phone but today my account was log out I don’t know.How I can’t access it I have try the.emails.and password I can remember but it’s not going thru.kindly assist me to.recover it I still.have my.phone number with.me.thanks
I can’t help, sorry. Good luck!
click bait
Absolutely clickbait! But only the stupid headline. The article is filled with nutritious, tasty content made with only the finest quality ingredients.
Good article and with great comments for more info about LastPass.
Message to Maria from LastPass customer support: Keep Calm and Keep helping LastPass Users. There are lots of bad fruits in the world (aka Mr. Weber) and they are not going anywhere. The rules are just rules. Remember remember the lastpass master password until they come up with another type of login like fingerprint or eye scanning, or whatever….
nice review of lasspass ..got my answer .thnxx
Great review of last pass.
One question is if your spouse uses the same computers and does not wish to use LastPass, is this a problem? I was concerned that she might mistakenly click and change her passwords etc.
Thanks for a great review
Thanks! if you and your wife each log in separately to the computer with your own names, LastPass will be separate for each of you. Each of you can choose whether or not to use it.
If you share a single login, you’d want to be a little more careful. Perhaps you would only log into LastPass when you’re using the computer, and set it to log out after a certain amount of time or when the browser is closed. There are several options in the settings. It’s less convenient when you have to type in the master password repeatedly but maybe it’s worth it. Good luck!
Eh, I don’t do subscriptions. I’ll buy software but not subs, sorry. Tired of this shitty model. Somehow I figure I’ll live just fine without it.
Tried Last Pass awhile back. It assigned and saved my passwords and still kept asking me if I wanted it to assign passwords that I had already responded to. I tried logging in, logging out, then logging in again; repeatedly. Always had to enter my own password and Last Pass just kept on asking, despite my saying yes and it indicating that it assigned and saved passwords. My opinion was that if one function is broken it is proven unreliable
Once you’ve lost trust, the world has lots of other options and it makes sense to move on. Most people don’t run into that problem and my experience with my clients leads me to think that LastPass is as reliable as the competitors – I’ve run into different glitches with each of them over the years. Try 1Password – the Wirecutter and a number of people I know swear by it.
Okay, I’ll check out those suggestions. Thanks.
I have a website where I enter a username and password. I hit Enter and then another screen displays where I enter a PIN. I haven’t been able to get the free version of LastPass to handle this correctly. It saves the password but then overwrites it with the PIN. So when I bring the site up again, it automatically enters the PIN value in the password field.
It might just be a bug. LP doesn’t handle some websites correctly. That’s why I think of it primarily as a notebook to look things up, with the auto-fill a nice bonus that sometimes work. If you edit the card in the LP vault, make sure it has the right thing in the password field. It might have “auto-fill” checked in the advanced options. But also see if maybe your browser has separately saved the PIN/password – maybe Chrome or Firefox is the real culprit.
Ok, kinda get it….but what if I’m using Chrome lets say, and someone gets on my laptop. And then goes to my banking site and Lastpass automatically fills in the password etc? Am I missing something here?
Everybody gets to pick their own level of paranoia.
* If someone steals your laptop, they can’t get into it without your password. For some people that’s enough.
* You can set LastPass so it doesn’t log in automatically when you start the browser. You always have to put in the master password. I do that on my laptop.
* You can set LastPass so it logs out automatically – after a certain amount of time, or when you close the browser.
* For each site, you can change whether it automatically logs you in.
Most people never look at those settings, but they’re there.
“When you connect to your LastPass account from another computer or from your phone, it downloads your encrypted blob and decrypts it on the device using the master password and voila! you have your passwords” – this is not the correct sequence in which these happens.
1. you log in with your email and password
2. lastpass finds your encrypted blob by your email and sends it to your desktop
3. with the provided password in step 1, it tries to decrypt the key now
Thank you very kindly , Bruce!
I believe in gathering all the facts I can before using certain programs. I wasn’t finding this scenario addressed anywhere else. Appreciate the quick response! 👍
Again, first and foremost – Everyone needs to understand the master password concept!
I see the recurring theme here of blaming them for “poor customer service”, when they are actually giving you just the opposite.
If these companies had access to them, we as users would not be protected! If they don’t have them, they can’t be hacked for our passwords!
I’d be upset if it was as simple as that, to give them an email addy or have them toss it right to you via SMS!
That’s all well and good for your social media or your voice mail. Not for your “Password to ALL Passwords”! Esp those who bank online etc. I dont do that, tho.
Best bet? Write it down! Write it on more than a few posties!
Don’t label it or title it “Here’s My Master Password”, of course.
If someone finds one, hey, it’s a bunch of characters – could be anything! 😉
Place a few strategically around your home. Tape one to the back of a dresser, stick one inside a book, put one in the garage. A CD case. The options are endless!
It is unfortunate to see that some have had other programs affected.
I hope not to see that. but it’s the chance we have all taken using any applications over the years.
Looks like I’ll be giving it a shot now!
You’re absolutely right. FWIW, I wrote an article recently about an important new LastPass feature, Mobile Account Recovery – access to the account thru the mobile app if you forget your master password. https://www.brucebnews.com/2019/06/lastpass-mobile-account-recovery-and-emergency-access/ Good luck!
Me too, Im unable to recover my LastPass account despite having my email address and the phone SMS verification available to me. LastPass is not providing a good solution to recover account, I am now unable to see my password from LastPass.
My iPhone FaceID suddenly did not work and I was ask to type in my master password which I could not remember since using the FaceID. I remember some characters of my password but 2 or 3 of them could be wrong. So now I end up struggling to know my passwords. LastPass please help us by recovering our password either by our email or SMS verification.
Greetings Bruce!
Hope I can trouble you for some advice before I install and test out LastPass. ☺️
I’ve never used used a password saver before. Just my brain.
Been searching for some specifics, and “The Google” is not being helpful.
1) Do I *always* have to allow it to generate a random password?
Can I keep some existing passwords as is?
2) I’m one of a dying breed who uses an 8G Samsung J2 Prime.
(Up from a Samsung Stardust.)
It may be older, but still has a removable battery – and it’s not rooted! 😀
(Too bad the camera is awful, & that it has less user space than the Stardust 4G!
Not many choices for inexpensive phones with Safelink.)
… I digress.
Will this work for an older phone?
I read about some problems with Samsung integration.
3) I cannot fit many user added apps at one time.
(They don’t REALLY all move to your SD card to save space, big myth, of course!)
I’m constantly removing and reinstalling apps to fit in a game, use cleanup/maintenance or to use an Uber.
THE BIG SCARY QUESTION!
If I delete LastPass for any reason – will all of my passwords go back to my original ones? 🤞🤞🤞🤞
^^^^^^^^^^^^^^^^^^^^^^^^^
Just thinking about redoing ALL of my original passwords for every site gives me brain freeze!
I was going to give up on this entire plan.
Then I found your site.
… and I like your style! 👍😎
Thank you so much!
Peace. ☮️
🎵🎵🎵🎵🎵🎵🎵🎵
LastPass does not require anything of your passwords, and does not change them if you do or don’t use the program. Think of it first as a notebook to record your passwords, simple or complex, self-chosen or generated. It also does some cool tricks to help you improve your passwords and fill them in – but it’s first and foremost a notebook to write them down. I can’t speak to an older phone, but remember you can use it from the website, regardless of whether you have the app installed on your phone or computer. Good luck!
@Mr. Weber
How passive aggressive are you! Everywhere I have read anything about LastPass, it clearly states the main password cannot be reset and you must make sure you remember it. This is a security feature to make sure your passwords are safe from others gaining access, including LastPass staff. If you were stupid enough to ignore this and forget your password then that’s your problem and not that of LastPass!
I pity any Support Staff that have to deal with you!!!!!!!
Why was the article named, “These Shocking Facts About LastPass Will Make Your Jaw Drop” ? I must have missed something, please enlighten me.
Thanks,
John
Silly attempt to imitate a clickbait headline so people would read it, nothing more.
The biggest hole imo is that if you login in to LastPass’ browser plugin for 24 hours, and walk away from your browser for 5 minutes, say by accident, then anyone can open your vault and search for specific info. Access to vault should be excluded from master password exemption.
To the comment from: Useless LastPass says…Not sure what pop up you mean. I don’t have to use my windows password.
Now my own comment: I have been using LastPass for over 3 years and do not have one single complaint! Used on computer and mobile and has made my life much easier. Remembering safe, secure, long, and many of them is not secure. So LastPass takes care of that for me. Not every app is perfect and pleases everyone so the best is to lean and dig deep as to what it can do. There are so many options and ways to sort that it simplifies all of the sites that I subscribe to. I have deleted in error but can always recover. The customer support has always answered my inquiries in a timely fashion and I do like the reminders that pop up because I can’t remember everything. Thumbs up for me.
2019-05-05 10:02
Me, to LastPass
How do you expect to be able provide support to anyone who “secured” their email with LastPass, and cannot now, as a result, recieve email? Why do you insult users by avoiding them, using GetHuman to run interference for you, who can only assist those who can get email? Why do you not even have a customer service PHONE Number? You should consider allowing GetHuman to have you CALL the user, if you don’t want to give out your phone number. Advising people they must log in to get help logging in is STUPID!!
2019-05-05 10:07
Me, to LastPass
Add my cellphone number so I can get hep via SMS (text): (***) ***-****. I am trying this means because I cannot sign into LastPass, despite your assumption implied in your directions: “To add or change SMS recovery phone number: Sign in to LastPass.”
2019-05-12 11:00
from Martha, at LastPass
Hello there! Happy to assist you!
If you have saved your email password in LastPass and cannot log into your email, you should attempt to login offline to get your offline cached data. Otherwise, you will need to recover your email via your email provider first, then verify.
Thank you!
Martha
2019-05-12 16:49
Me, to LastPass
Still not paying attentiion, I see. I have already recovered my email via my email provider, as I had noted, without your “help”.
If you want to BE happy, try actually assisting.
2019-05-05 10:24
Me, to LastPass
Since you are unable to help any user who “secured” their email with LastPass, and cannot now log in, perhaps I should start sending my complaint to all the sites who review LastPass, until the word gets around that you stupidly do not provide support, other than via email. I shall make a point of revealing that you thoughtlessly do not provide any meaningful customer-support.
2019-05-12 07:31
from Maria, at LastPass
Hi, Thank you for contacting LastPass Support! We are delighted to assist you!
Can you please clarify the issue? Are you not able to login to your vault? What is the error you get when you tried to login at http://www.lastpass.com? Please give us more info so we can help you. Thank you for using LastPass! Have a good one!
Best, Maria
2019-05-12 08:04
Me, to LastPass
The hint you supplied did clue me in to which word I used for my login password; many iterations of variations on it do not work to allow me to log into Lastpass, much less to its vault. I will need to reset my login password, but you do not provide a way to do that. I contacted my email provider and did re-establish use of it without any help from you. They have good customer support; you suffer by comparison.
I had used LastPass for Facebook as well, so I had to change my password there to access it again; unlike you, they DO provide a way to do so. Having gotten around these hurdles, I find little need to use LastPass, and less desire to do so, given that you cause more problems than you solve. Unless you can advise me how to change my LatPass login password, I shall uninstall it, and recommend to others not to use it.
2019-05-12 19:52
from Maria
Hi, Try to login to your online vault (www.lastpass.com). If you cannot login, please follow the instructions at https://support.logmeininc.com/lastpass/help/recover-your-lost-master-password-lp020010 for the complete steps in password reset.
There is no OTP saved on your account so this option will not work. See more information about OTP’s at https://lastpass.com/support.php?cmd=showfaq&id=4616
If password recovery is not working, sorry but your only choice is delete your account (https://lastpass.com/delete_account.php?np=1) and start over using the same email. If you require faster response times and in-depth support needs, please sign up for a LastPass Premium membership.
We cannot send you a temporary password by verifying your identity or reset your master password. Let me know if you need more help. Thank you!
Best, Maria
2019-05-13 08:15
Me, to LastPass
Award yourself and the firm a Major FAIL. No need to thank me for pointing out a glaring shortcoming. Continue to suffer your humilation for as long as this shameful situation continues.
It’s like Fight Club: the number one rule of LastPass is, do not forget your master password. If you don’t know your master password, the company cannot help you – end of story, full stop. I’ve been the bearer of those bad tidings for several unfortunate clients. It’s depressing. It’s also the reason that LastPass is secure. Sorry you had to go through that!
@Jose. You should have a screen lock on your phone and it’s best to log out of LastPass when you are not using it .You only need passwords on a phone every now and then,most apps stay logged in.
How secure is last pass on a mobile phone God for bit u lose your phone, how will protect me then?
It’s just like on a computer. By default, you can’t open it without the master password. You can set it up to open with your fingerprint instead. I have it set up on my phone so it won’t open unless I touch an NFC enabled Yubikey to the back of my phone.
form fills disappeared … I’ve been using since Joe released it. Just me … price has gone from 12 per year to $36 per year in less than a year!! It’s just me …300% increase in less than a year !!!
I am forced to change because feature disappear and money … retired now!
LastPass for Business is terrible and just plain useless! And here is why:
1. It forces you to use Windows Login password as your LastPass Master Password. Sometimes IT people just asked you for your Windows Login password because they need to set up a new computer for you.
2. Ok, I can live with the above by temporarily changing the Windows Login password.
3. Most of the site I use in my corporate network use my Windows login and password to log in. And guess what, the LastPass Master password can’t be the same as any of the password it manages. Now it becomes an chicken and egg problem…
4. And you can’t get rid of that stupid pop up asking you to change your LastPass Master Password to your Window Login password. just keep popping up….
I have absolutely no idea what you’re seeing. That’s not the way LastPass works at all. I’d be interested in seeing a screenshot of that popup, if you can do that.
Not just Chrome, I mostly use FireFox. Sometimes, but very rarely Microsoft Edge. Oh. I guess that I sometimes use Internet Explorer. I need feedback about all of these interfaces.