Supress auto-submit on per-site basis

Tell us what features would make LastPass even better and vote for features that are most important to you

Moderators: admin, anatoly_LP, chantieLP, robyn, JoeSiegrist

Supress auto-submit on per-site basis

Postby Julian » Sat Jul 25, 2009 4:14 am

Can this already be done? It seems so obvious that I'm wondering if I just haven't found the right option in the vault records.

I use bookmarklets as my UI when logging in via LastPass (I find it vastly superior to the UI provided by the Firefox plugin) so I have the "LastPass Login!" bookmarklet in my browser and I just click it when I want to log into a site. That's great 95% of the time but a large number of my sites for financial institutions are what I call "random pick" sites where, as well as a user ID, the site also asks for (typically) three randomly chosen characters from the users password (here is a typical example:

Since it would be a really tough problem for LastPass to read which three characters are being requested and enter them then the best approach on these sites is to do a fill without the subsequent submit, i.e. in bookmarklet terms log in using the "LastPass Fill!" functionality rather than the "LastPass Login!" functionality. I believe this distinction is also preserved in the Firefox browser plugin where the notification bar offers two alternative buttons to press to either login (i.e. fill in the login fields and then submit the info to the site) or to just fill in the fields but not submit the info.

Here's my request. It seems crazy to require the user to manually remember to make this distinction at login time as to what LastPass button to press when it is almost always a site-specific decision and could be stored as a preference in a site's LastPass record. I suggest another tick-box option at the bottom of the <Edit site details> screen called "Never Auto-submit" which, if ticked, means that even if the user invokes the "Login!" functionality then LastPass will only fill the fields and won't automatically press the login button.

The improvement to the user experience is that the user now no longer needs to make a conscious decision at login time "Which is the right button for me to press for this site?". The user always presses the same login button and, providing that they have set the site record up properly, LastPass will know the right thing to do. My solution is also "fail safe" because if the default state of the "Never Auto-submit" option is to be unticked then the out-of-the-box behaviour of LastPass will not change at all when you roll out this upgrade so it can't confuse or upset existing users.

I would point out that right now LastPass can actually do damage, and has done in my case (admittedly aided by me having a very bad day and being really stupid). It's fairly easy on a random pick web site to accidentally hit the wrong button because 19 times out of 20 the user is likely to be doing a Login! and not a Fill! so it's quite easy to just hit the Login! button out of habit and, if a user does this, then LastPass will immediately submit an invalid login attempt to the web site. For a site which locks the account after 3 invalid login attempts then all you have to do is then subsequently mess up a manual login and make the LastPass mistake a second time and you're locked out. If LastPass offered the ability to supress any attempt to submit the login details on specified sites then the user would be safe from ever accidentally having LastPass use up one or more of their "three strikes and you're out" on a random pick web site.

Any chance of this being implemented or is it already possible some other way (short of also having the "LastPass Fill! bookmarklet on my browser which seems such a waste when I will only use it one time in 20 and, with such a small and elegant change, the "LastPass Login!" button could do it all)?

- Julian
Posts: 189
Joined: Thu Nov 27, 2008 5:48 pm

Return to Feature Requests

Who is online

Users browsing this forum: MSN [Bot] and 16 guests