Client was able to see my Password - HELP please !!!!!!

Customer forum for LastPass Enterprise

Moderators: admin, azitnay, anatoly_LP, chantieLP, JoeSiegrist, robyn

Client was able to see my Password - HELP please !!!!!!

Postby mdsvtr19367 » Mon Aug 06, 2018 9:38 pm

Good Evening ,

quick question please ............ I ( Shared ) an account ( subscription service of mine ) and did NOT select to have them be able to see the Password to the Account that I gave them access to.

They sent me a Screenshot when they were trying to sign into the account that I granted to Access to , and my Password to Login was being shown .

Did I not do something correct, when I intially sent them the Invitation to my account ?

Thank you for the help
mdsvtr19367
 
Posts: 4
Joined: Sun Aug 05, 2018 8:09 pm

Re: Client was able to see my Password - HELP please !!!!!!

Postby FlyingHawk » Mon Aug 06, 2018 11:05 pm

The "don't show recipient my passwords" feature is just a gimmick. It's fundamentally impossible to be reliable.
It only prevents the recipient from seeing your password directly in the LastPass UI. It can't do anything once the password is filled elsewhere.
You should not depend on this feature to protect your password at all.

See official docs:
https://lastpass.com/support.php?cmd=showfaq&id=1416
https://helpdesk.lastpass.com/sharing-4-0/#h3
FlyingHawk
 
Posts: 776
Joined: Wed Mar 18, 2015 12:04 pm

Re: Client was able to see my Password - HELP please !!!!!!

Postby mdsvtr19367 » Tue Aug 07, 2018 7:32 pm

FlyingHawk , thank you for your reply

I had no idea that you could Not 100% block the recipient from seeing your password.............. I just learned this the hard way yesterday

Is there any way that you know of , to prevent someone from being able to see your password? Thanks so much for your help :)
mdsvtr19367
 
Posts: 4
Joined: Sun Aug 05, 2018 8:09 pm

Re: Client was able to see my Password - HELP please !!!!!!

Postby FlyingHawk » Wed Aug 08, 2018 1:32 am

Unfortunately, no. If the recipient needs to use your password, it's fundamentally impossible to 100% block them from extracting it.

The proper way to handle shared access is to have the authentication system allow some sort of delegated access, so you can have some other people access your account through their own account, never using your own password.

If the authentication system doesn't have this feature and you don't have control over the authentication system (e.g. a typical third party web service), then it's simply impossible to give others access without also giving them a good chance to see your password without too much difficulty.
FlyingHawk
 
Posts: 776
Joined: Wed Mar 18, 2015 12:04 pm


Return to LastPass Enterprise

Who is online

Users browsing this forum: No registered users and 4 guests