Chrome/general security issues preventing business adoption

Customer forum for LastPass Enterprise

Moderators: azitnay, admin, anatoly_LP, chantieLP, robyn, JoeSiegrist

Chrome/general security issues preventing business adoption

Postby Keidanren » Mon Nov 18, 2019 6:40 pm

Hi all,

We're looking to adopt LastPass Enterprise for our organization, but are running into some issues in our tests that we need to fix before moving forward. Off the top of my head:

Google/Chrome

1. In testing the "anonymous sharing" feature, a co-worker shared a Google account and password with me, unchecking the "allow recipient to view password" option. I accepted the invite and (as expected) wasn't able to view the password from my vault. However, when logging into a Google account, Google gives you an "eye" icon as part of its UI that reveals the password. I'm certain someone has brought this up before - should Google accounts just not be shared with LastPass? To my knowledge, there's no way to disable that feature.

2. When logging into an account via LastPass using Chrome, Chrome allows you to save the password into its internal manager, at which point you can just view it in Settings. Thoughts? We'd like to avoid an organizational ban on using Chrome, and even the impending release of Edge Chromium will probably have the same issue.

General

3. The feature we're most looking for is the above anonymous sharing of passwords, and especially the ability to revoke them if, for example, someone leaves the company. However, we've had a really hard time getting those admin controls to work properly - generally, regardless of if a user has had an account "unshared," if their account is disabled, or are set to be force-logged out, nothing takes effect until all existing browser windows are closed. Even logging out of and back into LastPass during the same browser session doesn't cause trigger any changes. Is this lag either intended or unavoidable? Ideally, any administrative changes made should take effect on the next refresh.

Thanks for any assistance.
Keidanren
 
Posts: 2
Joined: Mon Nov 18, 2019 6:14 pm

Re: Chrome/general security issues preventing business adopt

Postby jpenny84 » Tue Nov 19, 2019 12:07 am

The support section of your admin console has a phone number you can call for direct assistance.
jpenny84
 
Posts: 8854
Joined: Tue Mar 06, 2012 9:10 pm

Re: Chrome/general security issues preventing business adopt

Postby Keidanren » Tue Nov 19, 2019 1:01 am

Sure, but I'd rather not solve this over the phone - it's much easier to describe these issues and have a conversation via a forum. This might also be relevant questions for other users or potential users of the platform. The enterprise forum isn't much use if the answer to every question is "call support."
Keidanren
 
Posts: 2
Joined: Mon Nov 18, 2019 6:14 pm

Re: Chrome/general security issues preventing business adopt

Postby skwmsg164 » Fri Nov 22, 2019 7:55 pm

I have a similar concern. After having my employee share a password to an app with me (even though it was hidden), I then found I could easily change the password and lock her out. She also tried revoking my access, but it didn't log me out of the app.
skwmsg164
 
Posts: 1
Joined: Fri Nov 22, 2019 7:53 pm

Re: Chrome/general security issues preventing business adopt

Postby FlyingHawk » Sat Nov 23, 2019 11:55 am

Sharing a password without revealing it to the sharee is simply an impossible feature.
LastPass's documentation mentions its limitations, but I think they should just remove it entirely, not to give people a false sense of security.
Don't rely on it.
FlyingHawk
 
Posts: 827
Joined: Wed Mar 18, 2015 12:04 pm


Return to LastPass Enterprise

Who is online

Users browsing this forum: No registered users and 6 guests