Improvements to device "naming"

cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

For more information about the LastPass security incident please visit our blog

Improvements to device "naming"

Improvements to device "naming"

  1. When you name a device, LastPass should remember that given name even once signing you out. If it has the same device unique identifier, why would you not auto-fill with the previously entered name?
    • Retyping my device name once a month means I stop doing it, which lowers total security (pic below shows how silly it is).
  2. Why not also store the devices unique identifier in trusted devices and the last few IP addresses? If someone can write ANYTHING into a device name box, then it's trivial to pretend one device is another.

Example from Unity, which supports unique identifiers across all platforms: https://docs.unity3d.com/ScriptReference/SystemInfo-deviceUniqueIdentifier.html

 

LastPass Silliness.png

 

2 Comments
ChrisGi
New Member

ChrisGi_0-1624616097779.png

It's a pretty poor design at present making the management of Trusted Devices hard, and in turn this reduces security.
Adding a "Date Trusted" column would go some way to tackle this and perhaps an IP it was Trusted on.  This information is all available to the browser in its simplest form at the time of trusting so its omission is puzzling to say the least.

BaileyW
New Contributor

Hi, LastPass team. 

This feature idea has been open for about 2 years with several related tickets open. Could you offer any feedback on when this might be addressed?  

 

Thank you,

bailey