Security Dashboard - exception rules

cancel
Showing results for 
Search instead for 
Did you mean: 

Security Dashboard - exception rules

Security Dashboard - exception rules

Hi,

 

The problem:

 

1 Some websites have poor password parameters: limited to 10 characters and no symbols, yet lastpass alerts these as weak under the security dashboard.

2 Some websites have 2 factor type authentication, with a username alone or with a pin on first page and password or memorable word on second. Yet again Lastpass reports these as weak or missing if it is the username on is first page. This is typical with banking websites.

3 There are legitimate reasons to have duplicate passwords: If you have a web based email client and all other emails are popped into that email client. You have a password for the original email company, but when you want to access the email through the web based third party email client (e.g. gmail), you need to input the same username and password settings. If there is a security breach on the former and is changed, it is a pain to re input the new password on gmail each time. So it is easier to copy the password and save it a s a separate profile for the gmail client for that particular email being popped in., especially as the passwords are complicated.

 

Suggestions:

 

1 Have a link function under the security dashboard that helps to link 2 passwords that are genuinely linked together like the example above. These linked passwords should be able to be accessed under a separate drop down menu in the top right corner of the security dashboard (as currently exists for "missing", "reused" and "weak"). Also, a change to one password should automatically bring up a notification to change the linked password. This saves copying and pasting into the linked password manually. 

 

2 There should be an "ignore" button to allow certain passwords to be ignored so they do not re-appear in the security dashboard and not counted in the score (this alleviates the examples problem 2 highlights). Again have a drop down menu that groups the ignored passwords together so you can keep them under review when the websites update their security settings.

 

I hope these can be taken seriously and can be introduced very soon. I have been a customer for around 7 years now so this would be very helpful.

 

Thank you.

 

Milan

5 Comments
jparillo
New Member

Let me add on to this.

 

Sometimes I have to store passwords from friends and family. The password given are sometimes low on strength.  It would be great to be able to ignore those as I can't take action and set a stronger password.

Soteck
New Member

Hello, I also have a similar case:

 

I'm a developer and I also use LastPass to store test or develop accounts, usually with passwords like "username123" and obviously it appears as insecure passwords.

 

My suggestion is to extend the "ignore" functionality also for folders.

rblaakmeer
Active Contributor

I would suggest to call it "Audit" instead of "ignore" and move the audited items together with a comment into an audited items list. 

arimgibson
New Member

Want to also add my support for this feature and chip in with another use case for why this is important, as others have contributed.

 

I work in IT consulting and as a result, have to save many passwords for clients of mine. As much as I wish (and advise) they use secure passwords, they don't. I have them stored in a separate identity; it would also be helpful if there was a feature to simply ignore all passwords from certain identities. This way, I wouldn't have to manually add their passwords to an ignore list.

Crypticpass
New Member

I second these as well and should be a priority cause this affects all of lastpass from free to paid and also corporate as well. The company I work for uses corporate lastpass and the biggest complaint is this and that you get flagged for multiple sites having same password. When most internal apps or application's are linked to one account. Like using sso or ldap to log in to sites or apps. Then for regular people you have an app that takes the same log on as a site does but they are separate things so if you want to be able to autofill you have to have duplicate password ones. There are other things this can affect to.