Allows only 2FA to log into Browser Extension

jeffgnpc · ‎12-02-2021

This is the second time that you removed remember password from the browser extension. Which is a feature I depend on to be more secure.

I always have browsers open so I don't want LastPass to always be logged in. If I have to type a password and 2FA every 1hr or so then I will switch to always being logged in. I would like getting logged out and only having to click a button on the browser and a button on the phone.

I can understand the remember password is a very dangerous feature, especially if you don't have 2 factor auth.

Maybe adding a new feature that forces 2FA after a set time of inactivity. That way I don't have to type in the password through out the day, but my last pass will get locked with easy access via 2FA.

no-user-name · ‎12-09-2021

I second this. This feature is extremely important.

I use the family version of LastPass and the ability to remember the master password for the extension was THE ONLY thing that kept my family actually using your product to be safe instead of using the same password for everything. They absolutely refuse to having to use 2 passwords, one to login to the extension to get the password to an account and then login to the actual account.

We use multifactor authentication. Everyone has their own Yubikeys. In addition, we have 2 spare backup keys, one in the house, the other at a relative's house in case we need the backup and our house has burned down and destroyed the spare key in the house. So there is no way to not be able to get to a key in case a key is lost and the master password is forgotten.

The family does not mind touching the yubikey to their phones to unlock the app/extension, and that was the very thing that made LastPass work for us. Without it, your services are useless to me because I know for a fact they will stop using LastPass. I can already tell they are doing it because various times I've logged into the dashboard to see someone's password being reused.

In the community forums, the excuse given for removing this feature was to keep people from forgetting their master passwords. Well, those people are idiots, quite frankly. When I mentioned that our master password is 50+ chars, I was asked why the master password needed to be so strong given we use 2fa anyway, why not make is simpler? Seriously?!!!! The very point of making a password hard to remember is so it is hard to guess. The entire point of the product is so we don't need to remember ANY passwords. That to me, and very important to me, is the ability to not have to remember the master password too (at least for the members of my family, I still know what it is).

The remember master password feature must be brought back immediately. I'm already looking for alternatives to LastPass and if I find something that does support that same functionality, I will not be waiting until the yearly account renewal comes up, I'll simply be switching services, because the ability to keep my entire family secure on the web by not reusing passwords is a lot more important than your ability to keep idiots from forgetting their master passwords and getting themselves locked out.

libove · ‎12-17-2021

I concur. I just posted the same idea, with the justification that users who are mobility challenged/ physically disabled, have motor diseases such as Parkinson's, etc, are forced to use LastPass insecurely as long as the only option to "unlock" LastPass in the desktop web browser extension is re-typing the Master Password:

https://community.logmein.com/t5/LastPass-Feature-Suggestions/desktop-web-browser-plugins-Lock-with-...