A "Forget Me" Bookmarklet

Tell us what features would make LastPass even better and vote for features that are most important to you

Moderators: admin, anatoly_LP, chantieLP, robyn, JoeSiegrist

A "Forget Me" Bookmarklet

Postby Julian » Tue Jun 16, 2009 5:17 am

This might make no sense whatsoever but ....

I've been playing with bookmarklets on my own home PCs, which are totally secure. I have found that I really never need to worry about logging on to LastPass once I've done the initial login, whenever I click a bookmarklet it just seems to work. This is great for my uses (I have obviously inadvertently set my account correctly for my use) because it's exactly the behaviour I need but it has occurred to me that if I accidentally created this situation at an internet cafe or at some other public computer then that would be a catastrophe.

What I was wondering is whether it would make sense to create an additional bookmarklet that the user could install when using a public computer. This new bookmarklet would only ever be clicked once at the end of the user's session and would essentially terminate the session on that computer "with extreme predjudice" just to make sure that the user doesn't mess something up doing it manually.

I'm not sure how much of this is too browser-dependent to be done by a single bookmarklet but the sort of things I was thinking of that this bookmarklet would do are:

1) Look for any other Lastpass bookmarklets installed in the browser and, if possible, uninstall them automatically or at the very least pop up a warning to tell the user that they must delete those bookmarklets and, once they've done that, run the "End Session" bookmarklet again.

2) Explicitly log out of the user's LastPass session.

3) Finally, try to log into a test area using a password that must be retrieved from the user's Lastpass store. If the login fails then the bookmarklet pops up a message saying "congratulations, everything is OK, you can now delete this last bookmarklet" but if the login succeeds then it pops up a warning saying that there still seems to be access to the user's data from that computer. Note that if the user failed to delete that last bookmarklet then it wouldn't compromise their security in any way.

Is the above possible and does it make any sense? If it's possible then it seems to me that it would be a nice extra security step for people using LastPass on public computers.

- Julian
Posts: 189
Joined: Thu Nov 27, 2008 5:48 pm

Return to Feature Requests

Who is online

Users browsing this forum: No registered users and 21 guests