If you click the show button (eye) in the Security Dashboard it will always show the password regardless whether its protected with a repromt or not.
1. create a password and check the "Require Master Password Reprompt" box in "Advanced Settings"
2.open the Security Dashboard
3.click on "View passwords"
4.navigate to your protected password
5.click on the "eye" in the "Password strength" column
Note:this only works with the browser extension
This is a security flaw. If the passwords are protected through a master password, they must not be accessed at somewhere else within Lastpass. I think they should fix it immediately!
Hi @Aras14 ,
Can you please confirm that you are still seeing this issue, I have been unable to recreate it.
Yes, unfortunately, this issue is still there! Follow the steps and you will be able to see this:
1. Click on 'Open My Vault' in the browser extension
2. On the left, you will find 'Security Dashboard' in your vault
3. If you have any at-risk password, you will get a link 'View passwords', click on it
4. In the new page, you will be able to view all your passwords.
NOW, HERE IS THE SECURITY FLAW
Regardless of whether a password is protected through 'Master Password Reprompt' or not, you will be able to see each and every password by clicking on the eye icon. So, what is the objective behind the 'Master Password Reprompt', if somebody still can access the password from a different location!
I think this is a huge flaw in Lastpass, especially for shared computers.
A ticket has been created for this issue and the team informed. I will update this thread when there is new information to share.