I'm currently in the process of updating all my passwords, as a result of the recent LastPass security incident. However, I don't have a way to keep track of where I'm up to (I have hundreds of credentials). Feature Request: For the "All Items List", please show a "password last modified column", so I can sort by when the password was last changed, and see if the password was recently changed, or whether it's "old".   (Additionally, it would be good to be able to export this data to a CSV). ... View more

After our vaults have been compromised and subject to brute force attack of our master passwords, I need to change all of my passwords.  I want to export my event log to Excel, filter for password reset events, sort by last password reset date, and flag items as complete once I reset the password and verify MFA has been configured. ... View more

Good evening. I hope this message finds you well. I do have a customer who requested the same feature request and I would like to check if there is any updates on it.   Customer has a login on ttps://apm.activecommunities.com/sdparkandrec/ and he was trying to create another login on the following link:  https://anc.apm.activecommunities.com/ebparks/. He is having issues as he does not has the option to create a different user within the 2 domains, instead he is only having an option to update it, which overrides the previous login he created.    ... View more

Upon learning of the recent theft of data from the LastPass servers, I came up with what I think could be  a quick solution.  The idea is for LastPass to send out an authentication key quickly to be used for verification of devices.  When a device operator attempts to use LastPass for access to a site or when the operator attempts to access the Vault or settings, LastPass could inform the user that he/she must now one-time verify devices for use with the application (browser based, etc.) or for access of the Vault or settings.  Approved devices could be listed in the settings.  This application would ask the operator to verify the device with the current master password and with a supplied key, encrypted and stored on the LastPass servers.  Then, across multiple devices, the user could apply the same process to verify their devices one by one, using the same key that was sent the first time, once again along with the Vault password.  Every new device in the future would then be subject to the same process for the application to allow entry to the Vault.   I realize users need to change their passwords.  No problem, the notification could include instructions to do so using a long and secure string that could not be easily unencrypted.  The important thing with this process in to move fast imo, so that device owners aren't pressured in the upcoming days to switch password managers.   I have not received any e-mail notification of the breach from LastPass, and I would urge management to move quickly please.  I do not wish to change password managers as I have enjoyed immensely the functionality of LastPass.  However, I will be forced to change, and I feel certain others will too, if changes are not made in the very short term of days.  At the most, I can wait maybe three days, but, please do act on this issue quickly.   Thankyou for your attention to this matter, and I hope this situation is resolved with the extreme limit of damage. ... View more

LastPass enterprise user and would like to be able to pre-authorize a pool of Yubikey devices in the admin console. Admin Console> Keys > Add Yuibkey(s)   Add the pool of Yubikeys to the account. When you have require use of Yubikey enabled for users, and admins dish out keys, only yubikeys from the pre-authorized pool of keys can be leveraged.   Results Registration sees a user attempt to use a key with an identity not matching the staged Yubikeys and is denied, else registration matches to an identity and locks to that user.   Admin console then shows the key as registered to another user, and cannot be registered unless released (employee turnover). If user loses a registered key, I can log back into the Admin console and revoke the individual staged key instead of resetting all MFA options (user has assigned spare key).   ... View more

looks like you can save credit cards and memberships with expiration dates form so there should be a feature in Lastpass to show the user ALL of the accounts that are about to expire (credit cards, debit cards, driver licenses, memberships, etc.) ... View more

I work in healthcare and am not able to save my login information for work-related entries (testing portals, etc.). I have a work around for just saving a hint for myself (in the listed username); however, since the password and username used are not the ones saved in my vault, it always asks if I want to update the entry.    I was hoping a different type of entry could be created that was just a hint. I tried making a custom item, but since it's not linked with a URL, it won't show or pop up when I'm logging in.   Thanks! ... View more

You would think after all of the security failures you guys would have a simple way to reset our stolen P/Ws.  You leave it up to us to go through each one and reset it ourselves.  Yes I know each site is different but how abnout a spread sheet with the link, date of change for password?  It takes an ungodly amount of time to change each one and as far as I can see LP could care less ... View more

When a new email address is added to your vault, and Dark Web monitoring is enabled you get an email to tell you "0 compromised accounts were found in this scan."    Not only do I feel that this email is pointless, 90% of users in my org don't know what the Dark Web is and the email just confuses them. Therefore, because they don't understand it, they dismiss it and subsequently devalue the importance of emails from Lastpass. This is a concern as we have lots of email notifications for account security turned on and want these to be heeded.    I would like the ability to determine whether users in Business orgs get these emails or not. ... View more

Due to the issues and news from Augustus/December 2022, we all know that our entries which are shown in a LastPass-app are saved as records in a storage. Some fields are encrypted, but not all. URL's and meta-data isn't encrypted. Due to this design, the data is valuable without spending time to decrypt.   In my opinion a whole vault of an user should be stored as 1 encrypted blob in the cloud. When blob(s) are stolen, it's worthless completely, till it's cracked. ... View more

Hi this may already be available but I cannot find the solution... please help me find it.   Explanation... If I create an email and save the password I have a simple set of credentials to check my email. Then I go to a forum, like this logmein community website I use the same master email account above, with a new password and save it in lastpass. Now I have a second set of credentials. If I repeat this process and join several forums and create new credentials but all using the same master email account above Now I have a problem trying to find the right email and password combinations to login and check emails from the master account at some time in the future. Because if I type in the email address in the quick search field it brings up the master email and all the forums where I have used that same email account.   Is there a simple way to identify/separate the primary email credentials from the secondary 'forum' usage already in the quick-search browser extension? I can see in the vault that I can save the passwords in folders, but I can't seem to interact in the quick search functionality. I can (now) see the favorites folder is interactable in the quick search. I guess my new workaround will be to move the master emails into the 'favourites' folder and move the other items already there out. I was using fav when I had multiple credentials for the same website... so that my primary credential comes up first. So I'm requesting a search tag or other section to identify master emails credentials. Not sure if I'm making sense??? ... View more

Customer on  Case Number # 18395375 shared some feedback in which when he makes a shared item, it disappears from his personal vault files. He would like to ask if the item can stay within his personal folders and also being shared at the same time as he mentioned that is causing disorder in his vault.  ... View more

When I take action or make changes to my vault in the Chrome extension, I generally see a notification bar appear at the top of the page.  This bar covers the search bar, so I need to close the notification to use the search bar again. Normally, this wouldn't be a very big deal, but here's the problem: 1. The search bar is critical because navigating through the tons of entries without it is a nightmare. 2. Notifications pop up constantly, and stay up for longer than you'd think necessary for such redundant information. 3. Performing any kind of organization, re-sorting into folders, or just plain old GOING THROUGH YOUR ENTIRE VAULT TO CHANGE ALL OF YOUR PASSWORDS BY HAND YET AGAIN BECAUSE OF THE LATEST DATA BREACH <cough>, tends to force notifications to pop up back to back to back to back.  So yes, bit irritating, and hopefully a simple fix for a silly problem. ... View more

I'd like to see the ability to mass delete items from the security dashboard. For example, if I haven't used a password within the last 5 years and it's also listed as Weak or Reused, I'd like to be able to filter for that, then be able to delete those passwords without having to do it individually.   Also, it would be nice to be able to group together accounts that share a password. This is helpful in the case of someone continuously reusing the same password years ago but have since begun using more secure passwords. If I haven't use the password in 5 years and it's weak/reused, I don't want to keep it because I don't care. ... View more

Can LASTPASS put a reliable "How long to crack my password" checker so that customers can feel secure about their current (or past) Master Password? I am going to feel better if it says over 100 years because I won't care. The checker should be updated as new technologies emerge.   I am new here, so I hope Lastpass looks at the forums. ... View more

Can LASTPASS put a reliable "How long to crack my password" checker so that customers can feel secure about their current (or past) Master Password? I am going to feel better if it says over 100 years because I won't care. The checker should be updated as new technologies emerge.    I am new here, so I hope Lastpass looks at the forums. ... View more

Since I need to change all the passwords in LastPass, it would be most helpful if I could see when the password was last changed.   Please add a column to the vault showing when the password was last set. ... View more

I am quite certain that years ago I was able to note down the age of my passwords. Don't recall how this was done, but pretty sure the feature existed.   With the known security breach, and wishy washy deflecting responses from lastpass/logmein management... I am wanting to go through and update all of my passwords.   But as it stands I have to make note within the password record when I last updated or otherwise remember where I am at with my resetting. The "last access" column isnt helpful in this regard.   At the very least we need tracking for password ages. I am flabber ghasted that this does not already exist!  But ideally we need additional features around it such as setting an age limit at which point records are flagged for the user to update or otherwise receive an email reminder.   But a bare minimum is a column with age or a report that we can sort through.   Get with it guys. ... View more

We would like to be able to require that users have a certain number of password iterations set. Currently, admins on a Business Plan cannot require users to have a minimum number of password iterations configured in their LastPass client. One method could be by configuring a policy in the admin console.   After the August 2022 LastPass breach, one of the LastPass recommendations was for users to set their password iterations to at least 100100. However, we have found users with significantly lower numbers set.   ... View more