Why are sites being supported on an per-site basis?

What do you love about LastPass? What do you hate about it? Tell us why you like it, why you don't, and why.

Moderators: admin, anatoly_LP, chantieLP, robyn, JoeSiegrist

Why are sites being supported on an per-site basis?

Postby Avian00 » Mon Sep 01, 2008 10:01 am

First, let me say I find your product quite compelling! It clearly has much potential, and I look forward to how it develops! Keep up the great work!

I'm a little confused about something. In your version 1.28 announcement, you say 2 things that trouble me:

2) "We now cover nearly 1500 TLDs properly, some TLDs like com.ru were missed before"
1) "Potential security issue with exposing your zenbe.com account only to the zenbe.com web interace resolved; was a specific attempt at getting zenbe.com to work"

What I'm wondering is this:

By quantifying your level of support with a finite number, and by announcing a for a particular site's compatibility, you seem to be indicating support for sites is being done a per-site basis. Why is this? Why is your software not simply taking the domain name from the URL and mapping that to Username and Password fields and automatically filling in the web form? In my brief experience with 1Password, the software simply runs in the background (with apparently no prior knowledge about any of the sites I visit), and the instant it detects that I've submitted username and password form data, it simply grabs them and stores them for later automatic filling. Does LastPass not operate on this same principle? If so, why the need to configure the software for compatibility on a per-site basis? This seems troublesome with potential a lot of overhead. What happens if a site re-arranges its forms at a later date? Would LastPass fall apart and not know what to do?

I look forward to your feedback.
Avian00
 
Posts: 4
Joined: Thu Aug 28, 2008 7:07 am

Re: Why are sites being supported on an per-site basis?

Postby JoeSiegrist » Mon Sep 01, 2008 10:34 am

Avian00 Wrote:I'm a little confused about something. In your version 1.28 announcement, you say 2 things that trouble me:

2) "We now cover nearly 1500 TLDs properly, some TLDs like com.ru were missed before"


One of the features that we wanted to do that no other password manager has done, is allow you the option of easily seeing passwords you created for other hosts in the same domain -- this worked great until we hit a TLD that we didn't know (like com.ru) so we were showing different domains as the same in that case -- TLDs do not change very often, and I'm not concerned about keeping up with this, and think it's a good approach (though we need to make it clear to people that we order based on best URL match, then best hostname match, then last usage, then alphabetical, so they really don't need us to be 'hostname specific')

Avian00 Wrote:By quantifying your level of support with a finite number, and by announcing a for a particular site's compatibility, you seem to be indicating support for sites is being done a per-site basis. Why is this? Why is your software not simply taking the domain name from the URL and mapping that to Username and Password fields and automatically filling in the web form? In my brief experience with 1Password, the software simply runs in the background (with apparently no prior knowledge about any of the sites I visit), and the instant it detects that I've submitted username and password form data, it simply grabs them and stores them for later automatic filling. Does LastPass not operate on this same principle? If so, why the need to configure the software for compatibility on a per-site basis? This seems troublesome with potential a lot of overhead. What happens if a site re-arranges its forms at a later date? Would LastPass fall apart and not know what to do?


We have bent over backwards to make everything 'generally applicable'; we don't want to have a product that will break when the next generation comes around -- that being said, when we've exhausted what we could be seen again, we've contemplated doing something custom for that site. Our hope is at worst for these sites, you can still cut&paste your passwords out, easier than other products, and if what we're doing works you'll be able to automatically login when you otherwise couldn't.

This still may not be the answer though; and we're exploring with ways the community can help us stay on top of sites that go out of their way to break password managers.

Thanks,

Joe Siegrist
LastPass
JoeSiegrist
 
Posts: 4185
Joined: Wed Aug 20, 2008 10:40 am

Re: Why are sites being supported on an per-site basis?

Postby Avian00 » Mon Sep 01, 2008 11:33 am

Thanks for your quick and informative feedback. I have a couple follow-up questions, if you don't mind:

JoeSiegrist Wrote:One of the features that we wanted to do that no other password manager has done, is allow you the option of easily seeing passwords you created for other hosts in the same domain


That sounds interesting. What about TLD's that have multiple hosts/subdomains but share the same account information? A prime example is google.com which shares the same credentials across all of its services (like mail.google.com, calendar.google.com, reader.google.com,etc...). Can LastPass use this principle in revers? Perhaps with a *.google.com wildcard so I don't end up with 10 LastPass entries for my unified Google credentials?

JoeSiegrist Wrote:We have bent over backwards to make everything 'generally applicable'; we don't want to have a product that will break when the next generation comes around


I have another question slightly related to this point. Will LastPass more 'generally applicable' in the sense that it goes beyond simply managing web-site logins? I'm also interested in something that could hold information like bank accounts and PINs and other various bits of important data I must remember but must remain secure. Obviously I could currently use LastPass for this task, but only in a way which seems counter to its intended use, since it is a URL-centric system.
Avian00
 
Posts: 4
Joined: Thu Aug 28, 2008 7:07 am

Re: Why are sites being supported on an per-site basis?

Postby JoeSiegrist » Mon Sep 01, 2008 6:43 pm

Avian00 Wrote:Thanks for your quick and informative feedback. I have a couple follow-up questions, if you don't mind:

JoeSiegrist Wrote:One of the features that we wanted to do that no other password manager has done, is allow you the option of easily seeing passwords you created for other hosts in the same domain


That sounds interesting. What about TLD's that have multiple hosts/subdomains but share the same account information? A prime example is google.com which shares the same credentials across all of its services (like mail.google.com, calendar.google.com, reader.google.com,etc...). Can LastPass use this principle in revers? Perhaps with a *.google.com wildcard so I don't end up with 10 LastPass entries for my unified Google credentials?


Yes this is exactly what it's for; '.com' is a TLD, so XX.com and YYY.XX.com are shown together to try to share accounts if the login and password are the same.... We hate having 50 accounts with different saved passwords for each, we thought 1 was more appropriate (and more likely to be managed).

Avian00 Wrote:I have another question slightly related to this point. Will LastPass more 'generally applicable' in the sense that it goes beyond simply managing web-site logins? I'm also interested in something that could hold information like bank accounts and PINs and other various bits of important data I must remember but must remain secure. Obviously I could currently use LastPass for this task, but only in a way which seems counter to its intended use, since it is a URL-centric system.


Yes, that's definitely where we're headed, and I'd add to it that you'll see windows applications passwords stored as well.
JoeSiegrist
 
Posts: 4185
Joined: Wed Aug 20, 2008 10:40 am

Re: Why are sites being supported on an per-site basis?

Postby Avian00 » Tue Sep 02, 2008 1:30 am

JoeSiegrist Wrote:Yes this is exactly what it's for; '.com' is a TLD, so XX.com and YYY.XX.com are shown together to try to share accounts if the login and password are the same.... We hate having 50 accounts with different saved passwords for each, we thought 1 was more appropriate (and more likely to be managed).

Good to hear!

JoeSiegrist Wrote:Yes, that's definitely where we're headed, and I'd add to it that you'll see windows applications passwords stored as well.

That sounds interesting. I'd only like to add that I am a Mac & Linux user at home and a Windows user at work, so I hope you continue your track record for cross-platform compatibility as you continue adding more features like this.
Thanks again for your time and thorough answers.
Avian00
 
Posts: 4
Joined: Thu Aug 28, 2008 7:07 am


Return to Feedback

Who is online

Users browsing this forum: No registered users and 14 guests