Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Let’s Talk About LastPass

Become a Patron of Ask Leo! and go ad-free!

Transcript

Show Transcript

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

Podcast audio

Play

Keep Calm and LastPass On

36 comments on “Let’s Talk About LastPass”

  1. I down loaded the newest version. First thing I noticed was the new interface. It sucks compared to the old one. It is not intuitive as before. I also had problems with LP not signing in correctly and it is noticeably slower. While I appreciate them fixing under the hood it doesn’t work or look as good as before.

    Reply
  2. Hi Leo. We have been using LastPsass for several years now, well, ever since life got to be complicated because one needed to memorize so many passwords!
    Thank you for your video. We were not aware pf this vulnerability until I watched your video. We agree with you completely and remain confident with LastPass. In fact, it’s the only vault we’ve used.
    About a month ago I changed my LP password and horrors, forgat some of it! How could I retrieve my password? They did provide a way, through my cellphone!
    Way to go, LP!

    Reply
  3. I like LastPass a lot, so thanks for the shot out for them. I also like what you shared about the importance of disclosure. I work in the medical device field and there is talk about importance of disclosure of cybersecurity vulnerabilities (see new FDA Guidance on Post-Market Cybersecurity, specifically ISAOs) and I think what you have here shows the benefit, and I may share with others.

    Reply
  4. I agree I think Lastpass totally handed this bug very well., with over 350 passwords and secure notes in Lastpass all with unique passwords I feel even safer now. I still have a great faith in Lastpass and will continue to recommend it to family and friends.

    Reply
  5. Leo,
    Thank you very much for this video. I have been using LastPass for three years now and I love it. When I heard about this breach, I got worried but had faith that they would fix it fast and they did. Thanks for reassuring me that this is a wonderful, safe program in which to save passwords. I have about 100 different passwords and I am so happy to learn that LastPass is safe once more.

    Reply
  6. I have to say that I have been very frustrated with Lastpass’ ability to store multiple logins for the same site. In my experience, it is a hit or miss if it will work. I have more than one Amazon login stored but the only browser I can get that to work in is in Safari and for WordPress I have multiple logins and it fails miserably at allowing me to login with the stored information.

    Reply
    • I have 25 WordPress logins. I’ve had problems when I had the link pointing to the comments page instead of the dashboard page.

      Reply
  7. After 20 years online I’ve found that few sites are worth registering for if you can view them otherwise, I don’t have to communicate through almost all of them and I have a small group of websites I call home.

    Really, I have cats, and bicycles and stereo gear to keep running…and HOUSEWORK. I’m simply not about to die typing and I have no need of a cellphone. I DO have a small radio to listen to on my bike but I tend to ride without it.

    The internet is not my job or my life, it’s a reference point.

    Reply
  8. Password Vaults:

    I use an Excel Spread Sheet. 3 columns: Account Name User ID and Password

    I assign a Password to the SS. I then copy it to a USB drive which is on my key chain for my house keys and car key. Always with me except when I’m sleeping.

    Simple and FREE. What’s the danger I’m exposed to, if any?

    Reply
    • Someone stealing the thumbdrive and cracking Excel’s encryption. Depending on the version of Excel, that could be easy or hard.

      ALso, potential remnants in Windows temporary files and paging file as you open the spreadsheet.

      Reply
  9. When I need to provide a password for a site, I have it generated by a program that makes a password of 40 characters long, chosen from a set of 200 different ones. I have Lastpass to remember it. Problem is that most sites don’t tell you the conditions they have for new passwords.

    Reply
  10. I’ll being using LastPass for almost 10 years. I didn’t know about this incident until I got your email and I thank you for that. This incident will not change my mind to stop using it, for now. Like you said, every software is not 100 % secured. Windows, Apple and Linux OS, they all are not 100 % secured either and we still use them. I don’t use it everyday and when I do, I only use it for the sites that are saved in the vault.

    Reply
  11. Thank you Leo for explaining about Last Pass and the recent ‘bug’, which I had not heard about. It is reassuring, however, to have it confirmed by a respected expert as yourself, that there is nothing to worry about, because of their impressive response. I am sure my Computer magazine ( which I shall not name) will love splashing an eye-catching headline about this LP bug on the cover of its next edition to capitalise! I shall continue to feel confident with Last Pass. Thanks.

    Reply
  12. I read about the incident last week on a forum, but I didn’t panic. As far as I remember, in one of your past newsletters articles, you ask the question about what keeps one sleeping at night — I don’t remember exactly how the question was formulated— I had to bring LastPass as an example. I did say that I use LastPass (which I am still using, by the way) but I will never let it remember any password regarding my financial institutions, videlicet: two bank accounts an Paypal; and that was exactly in reference to the subject at hand.

    Like you, Leo, I trust LastPass and I will keep using it for the foreseeable future until they drop the ball as you put it. Thanks for the reassurance you gave in your video. It’s really comforting.

    Reply
  13. Hi Leo,

    After reading the transcript of your Video, “Let’s talk about LastPass”, I listened to the Video – because of an obvious error in the transcript:

    The key word “don’t” is missing in the transcript which garbles the last sentence in the below excerpt.
    ” The bottom line, of course, is that all software has bugs. Every single piece of software that you’re using today has a bug in it somewhere. Anybody that claims otherwise, either is lying because they have an agenda to promote or they just understand software. ”

    Whatever program was used for this translation from Video to Text should be upgraded* to maintain the excellent quality of everything you generate.

    Regards,

    and many thanks for Ask Leo!

    Peter

    Reply
    • Thanks for pointing out the typing mistake. We fixed it. …And the program used for the translation is a person. She’s pretty smart and has all her latest upgrades installed, so no updates needed! (Meant to be funny.)

      Reply
  14. Hi Leo,

    The past two or three LastPass vulnerabilities that happened over the last 3 yrs or so I only found out about only through “Ask Leo”. I think LastPass should some how have an alert to all users about previous vulnerabilities and there fixes. Would this be feasible? What do you think.

    Reply
    • Only if there’s something I need to DO, do I want them to broadcast anything. (And they’ve done this once – and while it wasn’t something everyone NEEDED to do, it was out of a sense of extra precaution relating to the specific problem at the time.)

      In this case there actually was nothing to do, as Lastpass updates itself as needed.

      Aside from that as long as they keep documenting things on their blog, I’m happy.

      Reply
  15. The problem with lastpass…Apparently… It use to be 12 bucks… Reasonable…but login and now it’s 2 bucks a month. I use to use the free version of roboform. Then… After learning it well… And pretty happy with it…. They started to take away features what made it great. So I started paying…then they upped the price… I fear this is what is going to happen with lastpass and they already upped the price by 100%!

    Look, I know companies need to make money but… I feel two bucks really isn’t worth it. and… like I said, it’s just a matter of time before they start cranking that up… so… Best bet? Use Keepass — open source. Can’t go wrong … a bit of a learning curve but…. at least you know you want get rapped in the end and gotta start all over again.

    Would be nice, if google had an extension (free) you just donate what you want, kinda like adblock.. If you really love it, donate more or hate it… don’t donate anything.

    Reply
      • I used to pay the $12 because it included a LastPass browser for Android. Now the free version includes the browser and none of the additional features are anything I’d use.

        Reply
  16. Two questions:
    1. In the last week, every time i open LastPass.com I get a message in the tab bar that says “(1) Ruben sent a message” and the word “vault” shows up also.
    Screenshot of message in tab:
    https://docs.google.com/document/d/1AQF8moJ6B1sbqb_bVxx-vBnKks2oJdiJl02yrGxuKhM/edit?usp=sharing
    Any suggestions? Thanks.
    2. Leo, you mentioned in your LastPass security breach video that, among browsers, Chrome has the most problems handling LastPass. How about browsers _based_ on chrome?

    Reply
    • 1) “Vault” makes sense because when you login to LastPass it opens your password vault. Mine says “My LastPass Vault” when I open the web version. I have NO idea why the other stuff would appear unless there’s a misbehaving extension somewhere. It kinda feels like a chat sesssion left-over if you’ve ever used chat-based support.

      2) There’s really no way to say for certain. For the most part I’d expect them to be the same or similar, but it really depends on what changes they’ve made to differentiate it from Chrome itself.

      Reply
  17. Any information on the “(1) Ruben sent a message” that alternates with “#1 Password Manager, Vault & Digital Wallet app | Lastpass” ????

    Reply
  18. I am getting the same “Ruben” message. I also can’t log in. I get NET::ERR_CERT_COMMON_NAME_INVALID

    I have cleaned browsing data, etc. run malware cleaner, av.

    I deleted the Chrome extension but I can’t get to LastPass to download it again. I’m getting the same thing on multiple computers on multiple networks.

    Reply
    • I just noticed a small “chat” popup in lower right corner of the screen. It says “Hi! I’m Ruben. Questions?”
      Perhaps that is our “Mystery Tab Stalker.”

      Reply
      • Thank you! That’s what allowed me to duplicate this:
        Ruben animation

        This is, indeed, a side-effect of the chat-based support that LastPass offers on their web page before you login:
        Ruben chat invitation

        I say “before you login” because, for me at least, it goes away after I login to my LastPass account. It’s possible that depending on the browser you’re using and perhaps even the timing of things it might persist after login, but that, at least, is the source.

        Reply
  19. I’ve been using lastpass for 3 years after your recommendation and loved it. Until 2 weeks ago. Now, every time I get on a site that’s in my Lastpass vault, LP keeps asking if I want to add the address and/or If I want to add the site to LP. I even go to the page of a website, it asks to add the address or add to last pass. The sites are already saved in LP. Over and over and over. I’ve changed settings, to Don’t overwrite fields that are already filled, emptied my cache, rebooted but all to no avail. Help.

    Reply
    • This can happen if the site you’re visiting starts using a different final URL when you’re signing in. For example outlook.com will take you to live.microsoft.com (or something like that). So what gets saved is the latter. If that ever changes (as it has) then LastPass doesn’t realize it’s the same site. I just let it save again.

      Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.