unique identifier for the device

What do you love about LastPass? What do you hate about it? Tell us why you like it, why you don't, and why.

Moderators: admin, anatoly_LP, chantieLP, robyn, JoeSiegrist

unique identifier for the device

Postby daremo » Wed Oct 02, 2019 8:36 pm

I get emails that say The unique identifier for the device XXXXXXXX but that number is not something I can find. My trusted devices all have names/ labels. Could this email simply state that the device trying to log in is or is not part of that list? Or at least put the unique identifier you are referencing on that Trusted Device list? Help me identify what is happening please.
daremo
 
Posts: 4
Joined: Thu Aug 01, 2019 9:05 pm

Trusted devices and Unique IDs

Postby daremo » Sat Nov 16, 2019 5:16 pm

Excuse me while I reiterate the obvious in order to convey my perspective here.
The goal with the feature sets related to unique device IDs is to help users understand when an old device or malicious actor's device has access to an account when they should not.
The ways that this feature currently works does not only prevent motivated users from deciphering this, but more importantly it misses the opportunity for creating an experience that has unmotivated users to clearly understand when things are not right. The fact is most of the people who use the internet do not use password managers and most that do use them do so with very little understanding of security and motivation to pursue potential incidents. When a user like the later receives an email saying a device tried to log into your account and the unique identifier for the device is:xxxxxxxxxxxxxx... , they worry for a moment and then think to themselves, what is this number. When they cannot figure this out, they will disregard your email and slowly begin to build a tolerance for ignoring LastPass alerts. They will do this because it is over their head or not worth trying to figure it out. You have pages of people communicating this. On that note, the people willing to make a forum post about LastPass are your more informed and motivated users. The majority won't do this for you.

When you see a list of trusted devices in security> settings you should see a name that is uniquely created by the user for quick, easy reference AND the unique ID created by LastPass as a way to verify this. Both of those pieces of information should be very clearly displayed on each device and in all notifications about those devices, email and otherwise. It should be unavoidably clear when something is not right. It should not be a challenge to understand when you're a motivated, security and technically proficient person as many people who talk about this problem in different ways on the forum are.

I use LastPass because I believe in your perspective on security. Your track record for addressing security vulns is clear. It is a tool that does certain things and it does them well. The comments above bleed into user experience but they are about a set of functionality that is core to what you do. What Last Pass often does not as well is user experience and understanding how the common person thinks about passwords and keeping themselves safe. Not always, I'm not saying that but many things are much more difficult and less elegantly handled. The unique ID scenario is one. I believe in you all and your product. Thanks for all of your hard work in trying to make people safer.
daremo
 
Posts: 4
Joined: Thu Aug 01, 2019 9:05 pm

Re: Trusted devices and Unique IDs

Postby trogfield705 » Tue Mar 17, 2020 9:03 pm

daremo Wrote:Excuse me while I reiterate the obvious in order to convey my perspective here.



well that doesnt help. it doesnt answer the question. and security/settings does not exist or is not easily accessable/ not in an obvious place
trogfield705
 
Posts: 1
Joined: Tue Mar 17, 2020 9:02 pm

Re: unique identifier for the device

Postby Mechanic » Tue Jun 30, 2020 11:51 am

@daremo, is there a reason that using a VPN does not register the new device? I ask because I have roughly 2 of everything, phones, PC's, laptops etc. I cleared out my trusted devices and started over because LP showed I had a bout 40 devices and I wanted to update my security and verify authentication. I am now back up to about 25 and it seems whenever I access a browser on my PC it thinks it is a new device. Same with my phone, any new access is picked up as a different device. How am I to verify whether I added it or someone else? Or is the idea I just trust that LP is keeping me safe since I cant really tell from the long string number?
Mechanic
 
Posts: 5
Joined: Tue Apr 08, 2014 1:13 pm


Return to Feedback

Who is online

Users browsing this forum: No registered users and 11 guests