Page 2 of 2

Re: multiple e-mail accounts

PostPosted: Sat Jan 14, 2017 4:09 pm
by jorhett
ggonline Wrote:Can login/passwords be reshared or copied? Can they be shared by someone other than the original owner? I sure hope not. I believe some can be shared in a hidden form (click the link to login without revealing the actual data).


Copy/paste works fine. And View Source and various other Javascript tools will show you "hidden" passwords trivially. This is documented by LastPass in their UI and FAQ Important Note Regarding Hidden Passwords https://helpdesk.lastpass.com/sharing-4-0/

ggonline Wrote:If restricted to one owner-shareduser link and aliases are used for display purposed only, it might work. Aliases would be like a custom name for an email sender not related to any authorization data/credentials, like an brand or tracking name for advertisements. [...] Also, a security and management restriction, the account could only be managed via a single master login. Aliases could not be used to login to the LP acct, only for the one-level of indirection from the owner. That would make it work with and respect 2-factor login for LP itself, and seemingly restrict it to classic plaintext login/password authentication.


Exactly!

ggonline Wrote:The actual login/password/authorization would be a button or dynamic and encrypted link available only via LastPass (in other words NOT reshareable or unless without of LP). The non-owner could use it only from LastPass and not copy or see the actual details.


Unfortunately this isn't possible with today's technologies as described at the link above.

Which goes back to the point about LastPass not being a security enforcement company. They enable password storage and sharing. They cannot prevent a bad actor.

People are human. They give an e-mail address to someone in their own organization, and they want to use it exclusively--not track that jo@their-org.com is also joten12fabio@gmail.com. They are sharing to a person, not an e-mail. LastPass needs to stop asking organizations to manage multiple e-mail accounts to work around limitations in LastPass.

Re: multiple e-mail accounts

PostPosted: Sat Jan 14, 2017 4:21 pm
by jorhett
Okay, let me make this proposal really simple for everyone here. LastPass provides support for corporate account to share entries with a person. When that person is logged into LastPass, they can see both the corporate account shares and their own personal shares. This is described at https://enterprise.lastpass.com/getting ... l-account/

Now, the way LastPass is set up today requires them to add a whole bunch of blahblah@gmail.com accounts to their Enterprise account. This makes auditing who has access to the shared passwords difficult. When a person leaves the company, it's not always easy to identify who in the list of Enterprise users should be removed. So companies get flagged for audit issues concerning use of LastPass. (this has happened at 2 out of the 3 corporate accounts I'm associated with)

You can see the interface here https://enterprise.lastpass.com/users/. As you can see, who are the people in the e-mail column on the left? Who knows? Yes, there is a Name field but it isn't always consistently maintained.

If they could share the passwords to the person's corporate e-mail, they would be completely unambiguous as to who to remove when they leave the company.

Again, as said many times before, this doesn't change the trustability of the person they share the passwords with. LastPass can't handle that. It ensures easy share to a known address, and easy audit of shares.

Re: multiple e-mail accounts

PostPosted: Tue Feb 05, 2019 12:04 pm
by manuelromeroc158
I want to go through here, to tell you that I also need what jorhett is proposing for a long time. My employees complain about having to use two different lastpass accounts, one for the company and one for their personal information, that does not make sense.