On-screen keyboard (security challenge master pass entry)

Tell us what features would make LastPass even better and vote for features that are most important to you

Moderators: admin, anatoly_LP, chantieLP, JoeSiegrist, robyn

On-screen keyboard (security challenge master pass entry)

Postby smratsky » Mon Sep 16, 2019 10:24 pm

I'd like to see an on-screen keyboard added to the security challenge (i.e. at the point you're asked to re-enter your master password). I don't understand why this password entry field isn't considered vulnerable to keyloggers when the main login page is.

This is the digital equivalent of installing a high security deadbolt on the front door of your house, but leaving the old, crappy pin tumbler lock on the back door. It's a pointless exercise - the house remains just as vulnerable to a determined adversary as it was before you started. Sure, one or two opportunists might look at the front door, give up and move on to the neighbour's house, but any experienced criminal will look at all the possible entry points and select the easiest option.

I'm quite confident the LastPass team is more clued in on security vulnerabilities than your average punter, which makes it all the more surprising that this issue would be overlooked. Equally concerning is the fact LastPass failed to take any action (not even a reply) when the issue was raised by a forum user back in 2015 (viewtopic.php?f=12&t=171355&p=568355&hilit=security+challenge+keyboard#p568355).

The security of any system, digital or otherwise, is only as good as its weakest link. I really think LastPass is a great tool, but my confidence in the company's development/feature prioritisation processes is shaken when I see issues like this haven't been taken seriously.
smratsky
 
Posts: 4
Joined: Sun Feb 24, 2019 6:36 pm

Return to Feature Requests

Who is online

Users browsing this forum: No registered users and 17 guests