Improve security for passwords

What do you love about LastPass? What do you hate about it? Tell us why you like it, why you don't, and why.

Moderators: admin, anatoly_LP, chantieLP, JoeSiegrist, robyn

Improve security for passwords

Postby guillaume376 » Wed Jun 26, 2019 4:08 am

Dear all,

I am definitely hooked to Lastpass and I really love the functionalities. One function seems odd, however: the ability to lock some passwords with the master password again. Would it not be better to force a 2AF instead (or to offer this option)?

Let's take the example of my online banking:
1. I open my browser
2. I unlock my vault with my master password
3. I go to my bank website
4. I reinsert my master password to get this extra secure password

My other UX proposal would be:
1. I open my browser
2. I unlock my vault with my master password
3. I go to my bank website
4. I insert a 2AF code to get this extra secure password
guillaume376
 
Posts: 2
Joined: Wed Jun 26, 2019 4:02 am

Re: Improve security for passwords

Postby TECH198 » Mon Jul 08, 2019 10:14 pm

2FA is addition security on top of a MP, not instead of, and shouldn't be treated that way. However, my presentation is always, the more complex the MP, the less of a reason you need 2FA..

As a result i don't use 2FA at all.. Although the amount of uncertainly is there without 2FA, that someone could see your passwords, that doesn't outweigh the fact complexity cannot be cracked NOW.

It may be in the future, and if so, then i'll worry about it then..

I guess that is the trade-off you make,, If one keep their phone on them "all the time", or unlock ever time, just to get an "already secure password protected by their MP," in their vault to a webiste your filling in, , it would be very annoying.... You have to draw the line somewhere... If you start making it secure universally, then people will complain "it's too difficult."

probably be god as an "option" though. for those who need it..
TECH198
 
Posts: 98
Joined: Mon Jul 08, 2013 5:23 am

Re: Improve security for passwords

Postby guillaume376 » Tue Jul 09, 2019 2:43 am

Dear Tech198,

Thanks for your reply. I mostly agree with you. :D

Currently, the security protocol when you tick "Require Password Reprompt" is the following:

MP -> Vault Unlocked -> MP -> Password unlocked -> twice the same security approach

My proposal would be to add an option e.g. "Require 2AF Reprompt" (only available if 2AF is activated) and you would get the following situation

MP -> Vault Unlocked -> 2AF -> Password unlocked -> two strong and different security approaches

It should not be a standard and remain like today. But there are some passwords/notes which need the extra-layer of security (e.g. access keys to servers, online banking, ...)
guillaume376
 
Posts: 2
Joined: Wed Jun 26, 2019 4:02 am


Return to Feedback

Who is online

Users browsing this forum: No registered users and 9 guests