Show password change history in vault list view

cancel
Showing results for 
Search instead for 
Did you mean: 

Show password change history in vault list view

Show password change history in vault list view

Please add the last passwords changed date in a column on the main Vault view.

 

While nice to see the full history of changes on each individual record, it would be most helpful to be able to see and sort by the last change date in the full vault list. Given the degree and frequency of LastPass breaches, this would be an exceptionally helpful way to get a snapshot of which pieces of breached data are still at risk due to not having been changed. 

14 Comments
user4534
Active Contributor

We don't need to see the full password history in this view, just the date it was last changed. 

studog
Active Contributor

I like this idea but would rather have the Last Changed Date on the Security Dashboard \ Password Security page. This way you could sort all of the password by Last Changed date. Also it would be nice to be able to have a "Risk" added to the same page that you could set a Last Change Date by. IE Let the end user pick a time frame, say 1 year or 6 months, and when a Last Changed Date goes past the defined time, it becomes a "Risk".

User267
Active Contributor

Having spent hours to ensure all my passwords were updated, post security breach announcement,  having dates available per entry would have been most welcome. In my case I had to write down all sites and checked them off one by one as I made changes and updated each entry. Some might say that is rather extreme but on the other hand why would I pay for a password manager if I wasn't concerned about password security.

 

- Providing 'dates' of last password update per site  (I like the idea of setting thresholds to show outdated p/w's)

- Allow a 2nd URL to be added per saved site. Many websites have secondary URL's that handle their security and password / username entry. Once the user is redirected to this secondary site the LastPass entry doesn't recognize the URL and does not fill in the username/password data. The end user is forced into a copy/paste situation.

 

The sole purpose of a password manager .......... manage, we need more tools, filters, dates etc. to better understand how to keep track of our entries over time.  Oh and yes, I also support the idea that everything should be encrypted if it's saved on the account. 

 

 

nickgrealy
Active Contributor
SignMeIn
New Member

Came here to request this same thing. But after seeing the history list of related FR's, I am not too confident they even really read these. This seems like the place were ideas come to die so they don't get overloaded with tickets.

 

The funny part is that they already have a 'Last Used' date when viewing the vault in list view. So it really wouldn't take much to add this simple field. Even if they aren't tracking the last time you've updated your passwords today, I am sure most here that would like this feature would be okay with an empty/null value or start with the same date that the field was implemented.

DubiousUser
Active Contributor

The reality is that given their data breach, this feature is essential.  We know that the user vaults were stolen on or about August, 2022 (and perhaps thereafter - LastPass hasn't said exactly). That means any vault containing a password of that age or older is vulnerable should the hackers manage to reverse engineer/decrypt what they have already stolen.  

Sadly, since other things are not so readily changed: credit and debit card numbers, license keys, VINs, passports... if you have or HAD those things in your vault you're just flat out screwed.  To make matters worse, LastPass has admitted that some parts of that data are NOT encrypted (e.g. URLs - see below).  So if I were a hacker, and I noticed that "bankofamerica.com" was among those URLs, of course I'd attack those first thinking I could get rich stealing out of the hacked customer's bank accounts.  In other words, because LastPass was lazy about protecting the whole vault security, they made it easier for the attackers to choose "high value" targets first.

The threat actor was also able to copy a backup of customer vault data from the encrypted storage container which is stored in a proprietary binary format that contains both unencrypted data, such as website URLs, as well as fully-encrypted sensitive fields such as website usernames and passwords, secure notes, and form-filled data.   [https://blog.lastpass.com/2022/12/notice-of-recent-security-incident]

Unfortunately this doesn't specify what else is "unencrypted" - so e.g. if a notes field is unencrypted and contains sensitive information, hacker may already have that data!

DJStelz
New Member

Upvote

warhol76
New Contributor

Yes Please!

Anankee266
Visitor

upvote

obenourb
Visitor

You have some smart people and they can think through the best ways to present the data.  The missing element is an easy way for a user to see the age of current passwords in an aggregate form.  I know it is there if I open a single password item via the password history view.  I'd like to be able to view my vault and easily determine which ones are stale.  Or in the case of a data breach, be able to tell which ones I've changed post-breach (and more importantly, the ones I have not).

 

Please move this request up in priority - you have lots of users who need this!