Support arbitrary "extra passwords" per site (sec questions)

Tell us what features would make LastPass even better and vote for features that are most important to you

Moderators: admin, anatoly_LP, chantieLP, robyn, JoeSiegrist

Support arbitrary "extra passwords" per site (sec questions)

Postby katogeek » Mon Oct 28, 2019 12:54 pm

I have a simple proposal as to how LastPass could help support filling in security questions.

As we all know, security questions are quite insecure if used as presented. Backing up your 64-character random password with your E-mail and your childhood friend's name actually weakens security quite significantly. Of course, common advice for security-conscious people would be to just provide random answers for the security questions so that they effectively just become extra passwords.

LastPass currently doesn't support any way to help automate these security questions. Having to manually go into the entry in the vault, copy the correct security question answer, hope you didn't accidentally change something that might get saved, and then go paste it into the site can be tedious, especially if the site is requesting answers for multiple questions.

Proposal:

* Add a per-site key-value array. Along with the notes, allow each site to have a set of key-value pairs. The key could be the text of the security question, or at least something close enough to help you realize which one it is. (e.g. "childhood friend") The value would be any arbitrary string, but of course ideally (for this use case) would be a random string.
* When a user is on a site that is asking for a security question, they can right-click on the response field and choose LastPass. Along with the current options (fill password, etc.), another option would appear ("Extra Passwords" for example). This option would be a submenu that simply lists the "keys" from the key-value store for that site. Clicking on any key will fill the value into the field the user right-clicked on.
* When a user is on a new site that is asking them to generate security questions, they could right-click in the field for the answer to the question. Under the above-mentioned "Extra Passwords" option would be an extra option (first or last option, perhaps with a separator) that would say "Add New". This would open a dialog allowing the user to give a key and value. The mechanism for generating random passwords could be available in this window. Adding a new key/value would add it to that site's key/value pairs as well as fill it into the field on the form. This would simplify actually creating the security question answers.
* Bonus feature would be a global key-value store along with the per-site ones that is also available. This way the user can store arbitrary secrets in LastPass and fill them into Web forms as needed.

I'm not as familiar with how the APIs on mobile password managers work so I could see potential problems supporting this on the mobile platforms depending on what level of access the APIs have, but I would hope this would be doable there as well.

This functionality could have use cases far beyond security question answers. For example, one might store a private key in LastPass that could be entered into a website (e.g. GitLab).

LastPass has long demonstrated that its storage of passwords is secure and has earned the trust of many as being a safe place to store digital secure items. Being able to have these arbitrary key-value pairs would provide even more ways to get more secure data into LastPass with ease-of-access when needed. Especially with security questions, it would discourage people from simply answering the questions "truthfully" because copying and pasting from LastPass' Notes section is more effort.

Thanks!
katogeek
 
Posts: 4
Joined: Sun Jun 25, 2017 3:56 pm

Re: Support arbitrary "extra passwords" per site (sec questi

Postby dukkha » Sat Nov 02, 2019 7:46 am

+1

Came here to request this very feature. Storing arbitrary key/value entries would simplify security questions and ease logins for many sites.

I know notes are available, and I use them currently. But, being able to select ... > site > copy > secret-key would be so much quicker and intuitive.
dukkha
 
Posts: 1
Joined: Sat Nov 02, 2019 7:42 am

Re: Support arbitrary "extra passwords" per site (sec questi

Postby jpenny84 » Sat Nov 02, 2019 11:51 am

Security questions are just a different kind of password. Simply create extra site entries if you want to fill them automatically.
jpenny84
 
Posts: 8979
Joined: Tue Mar 06, 2012 9:10 pm

Re: Support arbitrary "extra passwords" per site (sec questi

Postby twiddlywalker » Wed Feb 12, 2020 7:14 pm

I agree this would be a useful feature. It is tiresome to manually enter the security questions and answers into LastPass and then copy them back into the web site when they are needed.
twiddlywalker
 
Posts: 1
Joined: Wed Feb 12, 2020 7:09 pm

Re: Support arbitrary "extra passwords" per site (sec questi

Postby jpenny84 » Wed Feb 12, 2020 11:29 pm

twiddlywalker Wrote:I agree this would be a useful feature. It is tiresome to manually enter the security questions and answers into LastPass and then copy them back into the web site when they are needed.


Just create site entries for each question. Then you can autofill just like the main password.
jpenny84
 
Posts: 8979
Joined: Tue Mar 06, 2012 9:10 pm

Re: Support arbitrary "extra passwords" per site (sec questi

Postby jonat » Thu Feb 13, 2020 8:48 pm

I just put these in a note for the site entry. (And I use Generate Secure Password to generate the "answers".) I so rarely need to use these that it seems more bother than it's worth to enable autofill for them.
jonat
 
Posts: 2247
Joined: Thu Dec 09, 2010 8:42 pm


Return to Feature Requests

Who is online

Users browsing this forum: No registered users and 25 guests