Make autofill configurable for shared passwords

cancel
Showing results for 
Search instead for 
Did you mean: 

Make autofill configurable for shared passwords

0 Kudos

Make autofill configurable for shared passwords

LastPass autofill passwords are not able to be configured by the recipient user. This means that if the 'sharer' has enabled autofill, the recipient will not be able to disable this prompt.

 

# Impact

This is a bug and has security concern implications.

 

If  user A has a password for website1.com and is shared a password from user B with autofill from website1.com, user A will by default always see user B's login credentials. User A could mistakenly be logging in with a sharer's identity, thinking it is/was their own.

 

Currently, if a user wants to login with their own personal credentials they have to manually select a different profile after the sharer's password has been automatically populated. 

 

# Solutions

There are a few potential solutions:

1) Maintain autofill settings in an app data or user profile master file location. 

2) Disable autofill for all received shared profiles by default, make this modifiable in later updates/paid plans.