Should have different passwords or accounts for Forums

Tell us what features would make LastPass even better and vote for features that are most important to you

Moderators: admin, anatoly_LP, chantieLP, robyn, JoeSiegrist

Should have different passwords or accounts for Forums

Postby GbizzleMcGrizzle » Tue Jul 16, 2019 3:45 pm

Hi,
Y'all should take a page from the dark web marketplaces when it comes to security. Anyway you should have different passwords OR accounts for using the forum so for example You LastPass Username is UserA and my password is PassA. b. Either the forum should be UserA/PassB or UserB/PassB. It keeps from people phishing for forum information and therefor compromising the while LastPass account and every other password saved.
Just my two cents as a former hacker/fraudster
GbizzleMcGrizzle
 
Posts: 2
Joined: Tue Jul 16, 2019 3:39 pm

Re: Should have different passwords or accounts for Forums

Postby jpenny84 » Tue Jul 16, 2019 5:02 pm

There is no forum password because it's single sign on.
jpenny84
 
Posts: 8860
Joined: Tue Mar 06, 2012 9:10 pm

Re: Should have different passwords or accounts for Forums

Postby GbizzleMcGrizzle » Tue Jul 16, 2019 7:15 pm

That's like saying I never use credit card on the app store because I only had to type in the numbers when I setup my account.

The whole point is that having a forum that requires you to use your Master Password to login is a huge potential security flaw. Which is why would never find a "reputable" marketplace on the dark web use the same account and password for the forum as to access all your bit coins.
It's a security flaw waiting to be abused. Especially because I'm assuming most people using any password manager are less OpSec minded than those on dark web marketplace with tens if thousands of bitcoins to lose

Also these forums use PHP which constantly us finding security flaws and they're not always so quick to fix
GbizzleMcGrizzle
 
Posts: 2
Joined: Tue Jul 16, 2019 3:39 pm

Re: Should have different passwords or accounts for Forums

Postby jpenny84 » Tue Jul 16, 2019 10:44 pm

The forum does not require a LastPass master password, because they use SAML single sign on. The LastPass session itself is what authenticates you. This is why forum sign-on is automatic when you are logged into the extension.

https://en.wikipedia.org/wiki/Security_ ... p_Language

Company representatives have explained how SSO on this forum works, so a search should bring up those relevant topics. Feel free to file a support ticket and argue with the company directly about it, if you wish: https://support.logmeininc.com/lastpass ... s-lp010121
jpenny84
 
Posts: 8860
Joined: Tue Mar 06, 2012 9:10 pm


Return to Feature Requests

Who is online

Users browsing this forum: MSN [Bot] and 18 guests