Have I Been Pwned Integration?

Tell us what features would make LastPass even better and vote for features that are most important to you

Moderators: admin, anatoly_LP, chantieLP, JoeSiegrist, robyn

Pawned passwords

Postby we4321 » Thu Jan 17, 2019 12:21 pm

I would like to request feature to take all your stored passwords and check them against Pwned Passwords(https://haveibeenpwned.com/Passwords) in one go. This feature is already present in an alternative product. This feature would allow LastPass users to know if their password has been compromised in the open.
we4321
 
Posts: 2
Joined: Tue Feb 23, 2016 2:04 am

Re: Have I Been Pwned Integration?

Postby FlyingHawk » Thu Jan 17, 2019 12:31 pm

I support this as well.
LastPass's current breach/vuln reporting functionality is very limited and lazy.
Have I been pwned and Pwned Passwords integration is especially useful for combo list like the recent Collection #1. Otherwise users cannot know (or at least very difficult to know) which of their accounts are affected.

I suggest everyone here also open a support ticket to ensure your voice is heard.
https://lastpass.com/supportticket.php
This forum is now mostly abandoned by LP.
FlyingHawk
 
Posts: 776
Joined: Wed Mar 18, 2015 12:04 pm

Re: Have I Been Pwned Integration?

Postby Symo85 » Thu Jan 17, 2019 12:44 pm

FlyingHawk Wrote:I suggest everyone here also open a support ticket to ensure your voice is heard.
https://lastpass.com/supportticket.php


Great idea...I've just submitted this as an improvement to the lastpass vault:

Hi,

With security breaches happening all the time, often there are combo lists that are discovered and the source/site of the breach is not clear. haveibeenpwned.com (HIBP) have a feature that lets you check if a password has been compromised, one can then be sure not to use that password again. 1Password has a feature to check your stored passwords against the HIBP database. It would be good if LastPass did too. A lot of people (myself included) are requesting this feature on the forums (viewtopic.php?f=7&t=321495). We have been listed in a recent combo breach known as 'Collection #1', because it is a combo breach is is impossible to know which passwords (if any) have been compromised (without a feature that connects LastPass with the HIBP API to do the check).

Could this feature please be added. I am a paying LastPass user, but without this feature I will likely move to 1Password, as this is a key feature to staying secure (i.e. knowing which passwords if any have been breached).

Cheers
Symo85
 
Posts: 7
Joined: Tue Mar 19, 2013 10:39 pm

Re: Have I Been Pwned Integration?

Postby sc73 » Thu Jan 17, 2019 12:51 pm

I support this feature request. I'd recommend checking both usernames/emails and passwords since the API allows for checking both. I sometimes append a unique identifier to my email, so it'd be hard to check all those too. With each site having a unique password it would take a ton of time to manually check each password, one by one, on the HIBP website.

It'd be nice if LastPass notified us of breached usernames/emails and passwords in our account. I realize, because LastPass doesn't have access to those, that it'd be impossible to push a notification automatically, but it would be cool if it checked all credentials upon login (or at login after a specified interval of time). But even just building it into the Security Challenge tool would work (LastPass reps have stated in the past that they're already doing this with another service, perhaps they can add HIBP though).

Thanks for all your work LastPass! Hopefully this can be added as well. I think we'd all feel more comfortable knowing our data has been checked against breaches and being notified so we can take action!
sc73
 
Posts: 3
Joined: Tue Jan 15, 2019 12:04 pm

Re: Have I Been Pwned Integration?

Postby trafsta » Thu Jan 17, 2019 1:38 pm

FlyingHawk Wrote:I suggest everyone here also open a support ticket to ensure your voice is heard.
https://lastpass.com/supportticket.php
This forum is now mostly abandoned by LP.


Thanks. I have submitted an improvement ticket also.
trafsta
 
Posts: 2
Joined: Thu Jan 17, 2019 10:44 am

Re: Have I Been Pwned Integration?

Postby equinox » Thu Jan 17, 2019 1:41 pm

FlyingHawk Wrote:I suggest everyone here also open a support ticket to ensure your voice is heard.
https://lastpass.com/supportticket.php
This forum is now mostly abandoned by LP.

Excellent. Done and done.
equinox
 
Posts: 10
Joined: Thu Feb 11, 2016 10:12 am

Re: Have I Been Pwned Integration?

Postby peter589 » Thu Jan 17, 2019 3:25 pm

+1

Actually surprised to find out this is not already implemented.
peter589
 
Posts: 2
Joined: Tue Jun 12, 2018 4:23 am

Re: Have I Been Pwned Integration?

Postby davidtheolastpass57 » Thu Jan 17, 2019 4:27 pm

Hi
If you are on Twitter like, reply and RT this request to lastpass support.

https://twitter.com/FireAndIce1505/stat ... 82080?s=19
davidtheolastpass57
 
Posts: 2
Joined: Thu Jan 17, 2019 4:33 am

Re: Have I Been Pwned Integration?

Postby VKat720 » Thu Jan 17, 2019 4:55 pm

Upvoting this request as well. I would like LastPass to securely integrate a verification with HIBP for users.
VKat720
 
Posts: 1
Joined: Thu Jan 17, 2019 4:53 pm

Re: Have I Been Pwned Integration?

Postby nycadmin744 » Thu Jan 17, 2019 6:34 pm

Registered to Up Vote
nycadmin744
 
Posts: 1
Joined: Thu Jan 17, 2019 6:34 pm

PreviousNext

Return to Feature Requests

Who is online

Users browsing this forum: No registered users and 7 guests