Sometimes LastPass fills on Android without authentication

What do you love about LastPass? What do you hate about it? Tell us why you like it, why you don't, and why.

Moderators: admin, anatoly_LP, chantieLP, robyn, JoeSiegrist

Sometimes LastPass fills on Android without authentication

Postby larry330 » Sun Nov 10, 2019 1:10 pm

Every once in a while I bring up a website or service (Android 10 using Brave Browser) requiring a password from LastPass which just auto-fills without requiring LastPass unlocking. In the past I had LastPass configured to only auto lock after being idle for 5 minutes. I was seeing this non-authentication auto-fill too many times with the phone idle for much more than 5 minutes, so I additionally enabled locking when the screen turns off hoping this would address the issue. This security bug happens less often, but I'm still seeing it. I cannot see any pattern of behavior which would allow me to reproduce the error; it just happens once in a while.

I'm finding it hard to trust LastPass going forward. I've entrusted it with too much valuable information to feel comfortable with a platform that fails at this basic level.
larry330
 
Posts: 7
Joined: Fri Apr 24, 2015 12:48 pm

Re: Sometimes LastPass fills on Android without authenticati

Postby jonat » Sun Nov 10, 2019 5:55 pm

I am not sure if Android has the same options as iOS does, but I use these settings:

Use Face ID: On
Lock Options: Immediately
Skip reprompt after Login: 1 minute
Auto Logout: Never
Clear Clipboard: 60 seconds

Obviously you won't have Face ID but there will be some other biometric option or a PIN code that LP will require before filling in anything.
jonat
 
Posts: 2202
Joined: Thu Dec 09, 2010 8:42 pm

Re: Sometimes LastPass fills on Android without authenticati

Postby larry330 » Sun Nov 10, 2019 6:32 pm

I'm on a Pixel 3 which has fingerprint biometrics (Pixel 4 has the face unlock but don't know if LastPass is supporting that yet).

My settings are:
Lock when app is idle: After 5 minutes
Lock when screen is turned off: On
Unlock with biometrics: On
Skip item reprompt after log in: For 1 minute
Log out when app is idle: Never log out
Clear Clipboard: I believe this is set by LastPass to 30 seconds and can't be modified.

Although they are different implementations, my setup seems fairly similar.
larry330
 
Posts: 7
Joined: Fri Apr 24, 2015 12:48 pm


Return to Feedback

Who is online

Users browsing this forum: No registered users and 17 guests