Not respecting setting to auto log out

Have questions about LastPass, or having problems using it? Ask for help here!

Moderators: admin, Israel, anatoly_LP, chantieLP, robyn, JoeSiegrist

Re: Not respecting setting to auto log out

Postby lapass » Sat Feb 08, 2020 1:12 pm

Yup. It started to happen to me as well. OSX with Chrome and Firefox. This is really bad.
lapass
 
Posts: 1
Joined: Sat Feb 08, 2020 1:11 pm

Re: Not respecting setting to auto log out

Postby jpenny84 » Sat Feb 08, 2020 1:15 pm

straygecko Wrote:I reported this to Lastpass in July of last year and Lastpass has only logged me off a handful of times since then. I told them it was a serious security issue and they said they would pass on "my suggestion" that it was a security issue that needed to be fixed. Its a real problem when your security software vendor doesn't take security problem reports seriously. Its clear the issue isn't that its difficult to recreate its a lack of commitment on the part of Lastpass to thoroughly investigate bugs.


The main attack vector with this is casual access to an unlocked computer. Do you know what else someone with access to an unlocked computer that most likely has administrator rights can do? View and/or download all your personal files, install malware, browse through email and social media accounts, etc.

The bigger issue here is that people aren't password protecting their operating systems and locking them when not at the machine.
jpenny84
 
Posts: 9111
Joined: Tue Mar 06, 2012 9:10 pm

Re: Not respecting setting to auto log out

Postby sam756 » Sat Feb 08, 2020 1:49 pm

glennd Wrote:Hi,

We are working to get a 'hotfix' released as soon as possible.

Unfortunately, this issue took a little longer to catch as the feature works correctly the first time or two before failing, so initial attempts to reproduce it in response to support tickets failed. If you have read the recent Lifehacker article you will see the author mentions he was unable to reproduce the issue too.

As soon as I have confirmation that the extension update is approved and being published I will post an update to this thread

Glenn Dobson | Community Leader, Social Support
LogMeInInc.com


Hi Glenn,

Speaking for myself, I specifically linked to this thread in my support ticket to show that it wasn't isolated. As a software engineer, I know it doesn't have to be reproducible by everybody to still be a bug. The fact that a bunch of people reported it at the same time should have been enough to merit a real reply. In email and twitter my simple questions such as "can you please confirm you saw the forum thread and see this isn't just me" went unanswered. For a paying customer, this is bad that it took over a week to just acknowledge it.

Can you please address these concerns?

thanks
sam756
 
Posts: 7
Joined: Tue Feb 04, 2020 6:13 pm

Re: Not respecting setting to auto log out

Postby straygecko » Sat Feb 08, 2020 1:58 pm

jpenny84 Wrote:The main attack vector with this is casual access to an unlocked computer. Do you know what else someone with access to an unlocked computer that most likely has administrator rights can do? View and/or download all your personal files, install malware, browse through email and social media accounts, etc.

The bigger issue here is that people aren't password protecting their operating systems and locking them when not at the machine.

I am well aware of computer security issues having worked in the field for decades. My computer is locked and password protected when I leave it. There is still no excuse for not taking reports of automatic logout not working seriously. Its purpose is different than locking the computer. Security breaches usually are a combination of errors and I expect security vendors to take bug reports for security features seriously so their error is not the one that adds to the possibility of a security breach.
straygecko
 
Posts: 20
Joined: Fri Jan 29, 2016 11:59 am

Re: Not respecting setting to auto log out

Postby sam756 » Sat Feb 08, 2020 2:09 pm

straygecko Wrote:I am well aware of computer security issues having worked in the field for decades. My computer is locked and password protected when I leave it. There is still no excuse for not taking reports of automatic logout not working seriously. Its purpose is different than locking the computer. Security breaches usually are a combination of errors and I expect security vendors to take bug reports for security features seriously so their error is not the one that adds to the possibility of a security breach.


Yes, well said.

Let's not bicker amongst ourselves about what security lapses are more important than others. IMO, we should stay focused on the bad customer service and lack of transparent communication that have made this more of a debacle than it should have been.

LP has recently been in the news for denying that an outage took place (customers couldn't access their vaults), then admitting it long after it happened. You would think they would want to reassure customers that they have their act together.
sam756
 
Posts: 7
Joined: Tue Feb 04, 2020 6:13 pm

Re: Not respecting setting to auto log out

Postby Rhinebeck1234 » Sat Feb 08, 2020 2:49 pm

I am having same problem with auto logout not working. Mac using Chrome. Not auto logoff after 10 mins according to my setting. My attempt to resolve again today unsuccessful. Last Pass is only auto logging out during computer logout. After a Restart and then log in to Last Pass, it stays logged on. Must manually log out.
Rhinebeck1234
 
Posts: 2
Joined: Sat Feb 08, 2020 11:15 am

Re: Not respecting setting to auto log out

Postby metzmatt » Sat Feb 08, 2020 6:29 pm

This is still a problem. I tried removing the extension and re-installing it, but that did not solve the problem.

Serious, SERIOUS issue!
metzmatt
 
Posts: 1
Joined: Sun Apr 13, 2014 6:22 pm

Re: Not respecting setting to auto log out

Postby adonson42 » Sun Feb 09, 2020 9:02 am

Same problem here. Tried clearing cache, reinstalling, no help. Last pass has to address this. This is serious
adonson42
 
Posts: 2
Joined: Sun Feb 09, 2020 9:00 am

Re: Not respecting setting to auto log out

Postby GSPerkins » Sun Feb 09, 2020 9:48 am

Same problem, across several computers, running Brave browser but also seeing in Chrome and Edge for Windows 10. Noticed this behavior about 1-2 weeks ago. Confirmed binary is installed, but no changes.
GSPerkins
 
Posts: 2
Joined: Sun Jan 30, 2011 1:29 pm

Re: Not respecting setting to auto log out

Postby Nusaram » Sun Feb 09, 2020 4:30 pm

For me, this problem definitely started with v4.41.0 of the extension for Chrome released on Jan 28; I'm running Windows 10 x64.

In addition, I am also getting a new tab opened with the intro info on how LastPass works. Very annoying.

At first, I tried removing the extension and then reinstalling it, but the issue still persisted. That's when I searched here and saw it was happening to others, so I knew it was not just an issue on my PC.

My setup is such that LP will auto-login when I launch the first instance of Chrome. In this case, after logging in, the auto-logout does work; furthermore, I do not experience that new tab issue showing the "How It Works" info.

But after it logs out (either automatically or manually by me), when I login manually, autologout no longer works. In addition, that's when the "How It Works" page gets displayed.

LP is not very good at communicating here on this forum so I, too, submitted a ticket.
Nusaram
 
Posts: 30
Joined: Sat Apr 26, 2014 5:45 pm

PreviousNext

Return to General Support & Troubleshooting

Who is online

Users browsing this forum: jbenk7 and 32 guests