"Use a PIN code" for browser plug-ins and keyboard concerns

Tell us what features would make LastPass even better and vote for features that are most important to you

Moderators: admin, anatoly_LP, chantieLP, JoeSiegrist, robyn

"Use a PIN code" for browser plug-ins and keyboard concerns

Postby BillB » Thu Sep 18, 2014 4:38 pm

The "Use a PIN code" feature of mobile device apps is a great way for us to keep our master password saved (mine is high entropy and a pain to enter on an iPhone keyboard*) under a four digit numeric code that only allows a small number of bad tries before deleting the stored password. It would be equally useful for those of us who use LastPass in a supported environment. I can't save my password on my work computer because, although security is very good on the device, there are IT administrators who can access my machine by breaking my password or by other means. If I could protect the local password blob with a PIN restricted to 3 or 4 tries, it would be far more convenient and secure for me and i suspect for many others.

thanx. bb

*it also occurs to me now that i hope you have disabled the use of advanced keyboards in LastPass. SwiftKey and others work by recording keystrokes and, if allowed, send that data up to their servers. Yikes.
BillB
 
Posts: 4
Joined: Thu Sep 18, 2014 4:27 pm

Re: "Use a PIN code" for browser plug-ins and keyboard conce

Postby lionheartedbear80 » Sat Sep 20, 2014 3:54 pm

*UP VOTE*
I came into these forums just to see if this feature was on the roadmap.
PLEASE! This is huge.
Without a PIN to protect individual actions we are left with rather poor choices. A) Enable AutoFill, leaving the browser leaving the browser vulnerable to unauthorized access or B) we use a short/weak master password, C) have to type our (long, complex) master password for every action.

A PIN, whose lifespan could be tied to the "Don't reprompt me for X amount of time" setting, would balance security and convenience as a 'middle layer' of authentication.
lionheartedbear80
 
Posts: 2
Joined: Sat Sep 20, 2014 1:06 pm

Re: "Use a PIN code" for browser plug-ins and keyboard conce

Postby Feanor » Sun Sep 21, 2014 6:34 am

I second this. Its also a vulnerability or annoyance for your own home PC and laptop. I don't want to have to put in my master password every time I load my browser but I also don't want to have to lock down my entire system just to protect the browser plugin.

viewtopic.php?f=12&t=145655&p=488065#p488065
Feanor
 
Posts: 18
Joined: Sun Sep 22, 2013 9:36 am

Re: "Use a PIN code" for browser plug-ins and keyboard conce

Postby BillB » Wed Nov 26, 2014 7:38 pm

Can we get LastPass or Administrator response?
BillB
 
Posts: 4
Joined: Thu Sep 18, 2014 4:27 pm

Re: "Use a PIN code" for browser plug-ins and keyboard conce

Postby jpenny84 » Wed Nov 26, 2014 8:53 pm

BillB Wrote:Can we get LastPass or Administrator response?


LastPass has responded to this idea in the past. You can use the search feature to find those threads if you wish. Basically they don't want people relying on PIN numbers for security on the desktop extension. The reason why PINs are allowed on mobile is because the time savings are much greater.

Once you develop muscle memory, entering your master password really isn't that time consuming.
jpenny84
 
Posts: 7389
Joined: Tue Mar 06, 2012 9:10 pm

Re: "Use a PIN code" for browser plug-ins and keyboard conce

Postby BillB » Sat Dec 13, 2014 7:17 pm

So we're given a choice of more security or no security? And you didn't address the case of those of us who use LP in managed environments where some IT tech can break our logon password and thereby get to our LP if we've left it with pw saved. When engineers make these kind of decisions for all of us I'm reminded of why we have the keyboard we do. []{}|||
BillB
 
Posts: 4
Joined: Thu Sep 18, 2014 4:27 pm

Re: "Use a PIN code" for browser plug-ins and keyboard conce

Postby BillB » Sat Dec 13, 2014 7:18 pm

btw--my masterpassword is VERY high entropy. Muscle memory aside it takes awhile to enter.
BillB
 
Posts: 4
Joined: Thu Sep 18, 2014 4:27 pm

Re: "Use a PIN code" for browser plug-ins and keyboard conce

Postby maxmusi1231 » Sun Nov 29, 2015 2:17 pm

Anything new? I want to enter my Masterpassword only after e.g. 3 hours of inactivity, but want to enter a PIN on every single autofill... Isnt that possible? Would make me feel way better.
Thanks
maxmusi1231
 
Posts: 1
Joined: Sat May 25, 2013 8:58 am

Re: "Use a PIN code" for browser plug-ins and keyboard conce

Postby canedrew55 » Thu Jan 28, 2016 3:55 pm

PIN code for the browser plug-ins would be great. I use the PIN feature on mobile and on Windows 10, but would love to be able to use it in Chrome as well.
canedrew55
 
Posts: 6
Joined: Fri Aug 14, 2015 10:59 am

Re: "Use a PIN code" for browser plug-ins and keyboard conce

Postby andrewcrystal588 » Thu Apr 21, 2016 5:41 pm

I assume that no progress was ever made with this but as with many others I think this would be a great addition.

I've been playing around with security tools this week (after getting my laptop stolen last weekend!) and was really impressed with nCrypted Cloud not least because of the pin feature. On the desktop every time you lock your PC or the password protected screen saver comes on you have to re-enter your PIN to allow dropbox folder access again (or at least any that you've encrypted). If you enter the wrong PIN 5 times then the device is unlinked immediately and no access is given to files until it is relinked.

I know you can use MFA etc. on lastpass and kill sessions etc. but the only problem with all of those is that you either need to have been logged out in the first place or the device has to be connected to the internet to receive the 'killswitch' instruction. The addition of the PIN security system like nCrypted means that even in the worse case scenario of a stolen laptop where lastpass had been left logged in AND they can get into your windows account AND ensure there is no internet connection, providing the screen saver lock was on they would still not be able to access your LastPass data without the PIN and they'd only get 5 chances before they are locked out.

Seems like a worthy addition to me.
andrewcrystal588
 
Posts: 3
Joined: Mon Apr 18, 2016 10:33 am

Next

Return to Feature Requests

Who is online

Users browsing this forum: No registered users and 12 guests