LastPass can apply credentials in a couple of ways: AutoFill, which requires permissions for the add-in to apply that information to a secure web field OR "copy and paste". The latter, allowing for use in other applications (and pretty much everything else) but it now has important information held in cleartext. This is a problem because if a system was compromised, this is an attack vector that can be exploited. Suggestion - Have the ability to set the password to expire within a short period of time (can be toggled and adjusted) from the clipboard. This would reduce the ability for malicious actors to use the clipboard feature as an attack vector and in turn reduce the attack surface.
... View more
Hi, if you leave your computer unattended for even a very short period of time, it is very easy for an attacker to steal some passwords from browser's lastpass extension. It can be opened without any authentication. Even requesting a PIN nr, or fingerprint authentication would do the job. As this is for preventing sneak password steal, not for preventing a time-consuming complete hack of account. Unlike in Android's version, where you are requested to present e.g. fingertrip everytime you open the app (or even app is opened, but switched to an other app then back), it is very useful. Pls invent such feature for browser extension, too. ps: log-out after a certain period is time, or log-out when quit from browser are not proper solutions, as they request to re-enter complicated master passwrod everytime. It is not easy, and it may allow to witness the most important master password password at unsafe places. Thank you.
... View more