Security Dashboard - exception rules

cancel
Showing results for 
Search instead for 
Did you mean: 

Security Dashboard - exception rules

Security Dashboard - exception rules

Hi,

 

The problem:

 

1 Some websites have poor password parameters: limited to 10 characters and no symbols, yet lastpass alerts these as weak under the security dashboard.

2 Some websites have 2 factor type authentication, with a username alone or with a pin on first page and password or memorable word on second. Yet again Lastpass reports these as weak or missing if it is the username on is first page. This is typical with banking websites.

3 There are legitimate reasons to have duplicate passwords: If you have a web based email client and all other emails are popped into that email client. You have a password for the original email company, but when you want to access the email through the web based third party email client (e.g. gmail), you need to input the same username and password settings. If there is a security breach on the former and is changed, it is a pain to re input the new password on gmail each time. So it is easier to copy the password and save it a s a separate profile for the gmail client for that particular email being popped in., especially as the passwords are complicated.

 

Suggestions:

 

1 Have a link function under the security dashboard that helps to link 2 passwords that are genuinely linked together like the example above. These linked passwords should be able to be accessed under a separate drop down menu in the top right corner of the security dashboard (as currently exists for "missing", "reused" and "weak"). Also, a change to one password should automatically bring up a notification to change the linked password. This saves copying and pasting into the linked password manually. 

 

2 There should be an "ignore" button to allow certain passwords to be ignored so they do not re-appear in the security dashboard and not counted in the score (this alleviates the examples problem 2 highlights). Again have a drop down menu that groups the ignored passwords together so you can keep them under review when the websites update their security settings.

 

I hope these can be taken seriously and can be introduced very soon. I have been a customer for around 7 years now so this would be very helpful.

 

Thank you.

 

Milan

3 Comments
jparillo
New Member

Let me add on to this.

 

Sometimes I have to store passwords from friends and family. The password given are sometimes low on strength.  It would be great to be able to ignore those as I can't take action and set a stronger password.

Soteck
New Member

Hello, I also have a similar case:

 

I'm a developer and I also use LastPass to store test or develop accounts, usually with passwords like "username123" and obviously it appears as insecure passwords.

 

My suggestion is to extend the "ignore" functionality also for folders.

rblaakmeer
Active Contributor

I would suggest to call it "Audit" instead of "ignore" and move the audited items together with a comment into an audited items list.