LastPass is already doing a great job in generating unique passwords to avoid that compromised passwords are also allowing access to other sites as well. The same issue also holds true for potentially compromised email-addresses that have been used for logins for different services. If LastPass would offer a service that allows to dynamically generate email-addresses that can be used as logins would create an additional security layer in case a service has been hacked and user data have been compromised. This generated email-address needs to act as an email alias to the actual email address of the LastPass account to allow verify-email-adresses to come through. DuckDuckGo just added a similar service (see https://spreadprivacy.com/introducing-email-protection-beta/) but i think it would be an even better addition with the password generation capabilities of LastPass.
... View more
Fix the Auto Generate Secure password on password field. This happens a lot if its a new account or if I running my security score and trying to fix old passwords. The "auto generate button" from LastPass is in the same place that the websites "eye icon" or "show" or "hide" button is. Since they are over lapping you cant run the auto generate right from the password field. I know you can right click and generate secure password. Then a lot of extra steps to go to anther tab, copy and then go back the page your on paste it in. There a another way around it. If you zoom in on the page. You can then be able to be able to click on it.
... View more
I find the account creation process very clunky via phone when compared to the computer's browser experience. To illustrate, on an Android, not sure it matters which browser - I happen to use MS Edge for Chromium - when asked to create an account for any online site, you type in a username or email address. Next comes the password. On a PC, you can allow LastPass (LP) to generate a secure password in-line and once the account is created, LastPass pops up and asks if you want to save that password object in your vault...most of the time - great! On the phone though, you now have to switch to the LP app, and after several more clicks, generate a password, switch back over to your browser tab and paste the password before actually creating said account. Hopefully, LP then may (or may not always) prompt you to save the password object for that site in your vault. Since saving afterwards isn't always a sure bet, I take extra steps to save the generated password elsewhere (say OneNote) in case LP doesn't prompt to save that password in the vault. If it doesn't, you've just created an account that you can no longer access, which makes you have to go the 'forgot password' route to regain site access. Very frustrating! I'm assuming the more streamlined PC password generating process in-line isn't easily reproduceable on Android due to the lack of browser extensions, I'm guessing? It would be great if the UX was the same or similar on the phone as it is on the PC. I often find myself holding off on tasks that require account creation until I have PC access to avoid the frustration. Thank you for your consideration.
... View more
I use older systems like Equifax and TLO, and they have terrible password management. Probably the worst in the biz.
It would be really nice if LastPass offered the ability to generate a random password for a system like Equifax, and then provide that password to a user.
Personally, I think that there would be a ton of value in a b2b solution like this, because if more and more companies adopt it, the LastPass b2b user experience could be a common flow in the industry, similar to Google's OAuth.
This would allow older systems that rely on passwords to have a better system where they define the password requirements, but the user doesn't need to fulfill them themselves; rather LastPass would do that and handle the password coordination and merely informing the user what the new secure password is.
This could be a really good solution to allow b2b systems like Equifax and TLO to have a more consistent password-based UX, because as it stands I absolutely hate how every b2b solution in the world has its own proprietary password flow.
... View more