"Use a PIN code" for browser plug-ins and keyboard concerns

Tell us what features would make LastPass even better and vote for features that are most important to you

Moderators: admin, anatoly_LP, chantieLP, JoeSiegrist, robyn

Re: "Use a PIN code" for browser plug-ins and keyboard conce

Postby martyl1000 » Thu Jun 16, 2016 9:55 am

I'd find this really useful, too.

Thanks.
martyl1000
 
Posts: 1
Joined: Mon Jun 22, 2015 12:53 pm

Re: "Use a PIN code" for browser plug-ins and keyboard conce

Postby Taijutsu » Thu Jun 30, 2016 12:50 pm

+1 on this feature.

Have it work just like the mobile. The expectation are the same and actually you could make the case that a laptop is more vulnerable than a phone. A modern phone will implement file encryption and be able to safely secure the device. A laptop is generally not encrypted, mileage varies, but generally not.

A phone you generally keep in your pocket where a laptop you are more likely to step away and leave open. I know you could argue lock screen but physical access to a computer could be compromised more easily.

I would say this is my #1 feature request because I can see how easily my stuff could be leaked out.
Taijutsu
 
Posts: 1
Joined: Wed Mar 05, 2014 2:40 pm

Re: "Use a PIN code" for browser plug-ins and keyboard conce

Postby jpenny84 » Thu Jun 30, 2016 3:04 pm

Taijutsu Wrote:+1 on this feature.

Have it work just like the mobile. The expectation are the same and actually you could make the case that a laptop is more vulnerable than a phone. A modern phone will implement file encryption and be able to safely secure the device. A laptop is generally not encrypted, mileage varies, but generally not.

A phone you generally keep in your pocket where a laptop you are more likely to step away and leave open. I know you could argue lock screen but physical access to a computer could be compromised more easily.

I would say this is my #1 feature request because I can see how easily my stuff could be leaked out.


A low entropy PIN code is not an ideal security feature. PIN codes on mobile devices are an option primarily due to screen based soft keyboards.

You can set your session to time out automatically if someone gaining access to a computer is a concern: https://lastpass.com/support.php?cmd=showfaq&id=153
jpenny84
 
Posts: 6945
Joined: Tue Mar 06, 2012 9:10 pm

Re: "Use a PIN code" for browser plug-ins and keyboard conce

Postby josh219 » Thu Jan 26, 2017 11:39 pm

I would like to have the OPTION(=CHOICE) for using a PIN also. I am a paying customer and this is a feature that I want. I'm not paying for someone else to force their philosophy on me. Come on guys, this can't be very difficult to actually implement. Why can't you trust your users to make the right decisions for THEIR own security. Get over yourselves and listen to you customers or you'll find that they leave you for another vendor that does.
josh219
 
Posts: 1
Joined: Thu Jan 26, 2017 11:35 pm

Re: "Use a PIN code" for browser plug-ins and keyboard conce

Postby paultparker » Wed Feb 15, 2017 8:29 pm

Long-time Premium user here. I have to say this is the first thing that has made me seriously consider leaving LastPass. Since there is no PIN option and my master password is far too long and complex to type all the time, I have to leave some computers with LastPass simply permanently enabled. Is that really more secure?? I rather don't think so. Or I guess I could downgrade the strength of my master password. Also a significant security loss.

It is well-established that security that is not usable is not security at all. Users will simply not use it. For example, by never logging out.
paultparker
 
Posts: 3
Joined: Wed Oct 12, 2011 3:09 pm

Re: "Use a PIN code" for browser plug-ins and keyboard conce

Postby user290 » Tue Mar 14, 2017 1:45 pm

I also agree that this would an excellent addition. I agree that the choice is either, leave your DB unlocked all the time, or key in your, (should be) long passphrase every time. This is tedious and time consuming for those of us who have complex pass phrases. A PIN, after a notification of the trade off, would be a good compromise.
user290
 
Posts: 2
Joined: Tue Mar 14, 2017 1:43 pm

Re: "Use a PIN code" for browser plug-ins and keyboard conce

Postby user290 » Tue Mar 14, 2017 1:48 pm

paultparker Wrote:Long-time Premium user here. I have to say this is the first thing that has made me seriously consider leaving LastPass. Since there is no PIN option and my master password is far too long and complex to type all the time, I have to leave some computers with LastPass simply permanently enabled. Is that really more secure?? I rather don't think so. Or I guess I could downgrade the strength of my master password. Also a significant security loss.

It is well-established that security that is not usable is not security at all. Users will simply not use it. For example, by never logging out.


Exactly! I'm a Premium user as well. It seems that there are several of us who would like this feature. Seems like it would be easy enough to implement. They should just enable it already and display whatever notices they feel are necessary to remove their perceived liability.
user290
 
Posts: 2
Joined: Tue Mar 14, 2017 1:43 pm

Re: "Use a PIN code" for browser plug-ins and keyboard conce

Postby Stoposto » Thu Apr 27, 2017 6:20 am

On year 2 of my Premium and have recommended Lastpass to anyone who mentions they forgot a password or username or worry about internet security.

While I like Lastpass and its engineers to have a vision of the ideal system for the ideal user, its also important to remember that many of use Lastpass not because its the most secure solution but because it strikes the best balance between secure and convenient.
The most secure solution for everyone would be to remember 100+ different passwords and not use a cloud or vault, with one point of failure security (someone get your masterpassword and you dont use 2 step authentication, you are screwed my friend).

The thing is we are willing to use and pay for Lastpass because the above solution would be waaay too cumbersome for most people, while Lastpass makes things simpler and easier.

So while I agree with the Mod that obviously its less secure to use a PIN than full password each time, its also a question of convenience like all other optional (and wonderful) tools and features Lastpass offer, like Authentication, like Yubikey, like TouchID on iOS or PIN only for mobile.
Some offer more security while some offer convenience at the expense of security. I think having the option to Lock your Lastpass extension with a PIN, as an optional convenience feature (which would greatly increase security for those of us who click the "remember password" box) would greatly increase the security of said scenario.
It would easily be a feature hidden away in the settings with the rest and which had a warning, in the same way "remember password" have. I even wonder why you have "remember password" feature? if your sole reason for not implementing this PIN is "its bad for security", as that feature is the worst offender of that statement. I would also argue those of us going into the advanced settings for these conveniences are fully aware of the risk we might pay, for using said features.
Unlike Lastpass's "remember password" which negates all security, yet its there each time a new user logs in for the first time, and the way you deal with it is 1 warning label first time its used.. You know lots of people use this incredibly insecure feature yet you argue that helping to negate that insecurity with a secure 4 number PIN would be wrong?
Stoposto
 
Posts: 1
Joined: Wed Apr 05, 2017 9:27 am

Previous

Return to Feature Requests

Who is online

Users browsing this forum: No registered users and 4 guests