Product Communities
Sign In Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Getting started | Community guidelines
Announcements

For more information about the LastPass security incident please visit our blog

jagged_sapphire
New Contributor

User can still change a password to Twitter account

I was assisting a friend with some scenarios to see if it would be possible for her incoming employee to be able to change passwords (they will be running social media accounts)...

 

I have a free user account, she has a premium, so she shared the account with me and it even specifically said when she went to share it with me 'This user cannot view or change the password for this item'. However, once I logged in to the account (it was Twitter we tested on and I logged in via the Twitter app on my Android as well as did the same thing on my PC using Chrome), I was able to go into the security settings for the account, go to password, and by using the autofill for LastPass, fill the password options and change the account password. She even received the email from Twitter saying that the password was changed. She then tried to use the auto-change feature within her LastPass account to reclaim it, but Twitter wouldn't recognize the auto-change password that was assigned....

 

Has anyone else ran into this issue? If so, what were your solutions? If not, any recommendations?

 

Thanks!

‎04-20-2021 01:27 PM
Labels:
0 Kudos
Reply
3 REPLIES 3
GlennD
GoTo Manager
GoTo Manager

Re: User can still change a password to Twitter account

Hi @jagged_sapphire 

 

Since you changed the Twitter password you will need to provide her with the new password so she can update her LastPass entry. She will need to look at Twitter's account security options like enabling 2FA for any changes and then link it to her phone.

 

 

Glenn is a member of the GoTo Community Care Team.

Was your question answered? Please mark it as an Accepted Solution.
Was a post helpful or informative? Give it a Kudo!
‎04-20-2021 03:51 PM
0 Kudos
Reply
jagged_sapphire
New Contributor

Re: User can still change a password to Twitter account

Hi Glen,

 

Thank you for the feedback, but we did that. The problem lies in that once I got into the account, I was able to go in and actually change it. Isn't that supposed to not be possible? The account was shared with me in my shared vault. We are trying to make sure that once an account is shared with the employee they cannot go and change any password.

‎04-20-2021 06:41 PM
0 Kudos
Reply
RachelO
Retired GoTo Contributor
Retired GoTo Contributor

Re: User can still change a password to Twitter account

Hi @jagged_sapphire,

 

Once a password has been shared with a user and logged in to the account, changing the password to that account is controlled through the site itself (in this case, through Twitter.) You would want to see if Twitter has additional security options to limit the ability to change the account password, such as requiring multi-factor authentication in order to confirm a password change, as this is outside of LastPass' control.




RachelO is a member of the LogMeIn Community Care Team.

Was your question answered? Please mark it as an Accepted Solution.
Was a post helpful or informative? Give it a Kudos!
‎04-29-2021 11:57 AM
0 Kudos
Reply
About Us
Terms of Service
NEW Privacy Policy
Trademark
© 2023 LogMeIn, Inc. All Rights Reserved