8

I've been using LastPass for years, generally through the original Chrome extension.

In recent months, certain features of the extension have been totally broken, such as the ability to share passwords or the ability to generate new random passwords.

(Their support team has been unhelpful, as others have experienced too, such as here.)

So I figured I'd completely uninstall the extension and install again.

When I downloaded the LastPass Universal Windows Installer at https://lastpass.com/misc_download2.php, it prompted me with an user-unfriendly message (perhaps inexcusably user-unfriendly, given the security-related nature of the app):

To install the UWP application we will enable sideloading on your machine. Are you sure you want to continue?

I don't know what that means, but it sounds like a security risk on the app that I most want to be secure.

I found Microsoft docs that seem to inform developers:

To sell your Universal Windows Platform (UWP) app or distribute it to other users, you need to package it. If you don't want to distribute your app through Microsoft Store, you can sideload the app package directly to a device or distribute it via Web Install.

What does that mean? What are the risks for me as a user?

Ryan
  • 315
  • 4
  • 13

1 Answers1

3

There's no more risk installing LastPass by sideloading than there is installing/running any other executable that you download. And since LastPass is well-known and trustworthy, it's basically no risk at all. Microsoft is intentionally making it sound much more dangerous than it is in an attempt to strong-arm everyone into their store.

Joseph Sible-Reinstate Monica
  • 7,110
  • 3
  • 21
  • 35
  • Well, people are less likely to install malicious apps if only installing them from a store (assuming the store has some quality control) – multithr3at3d Nov 12 '19 at 23:32
  • 4
    @multithr3at3d [That's](https://www.howtogeek.com/194993/the-windows-store-is-a-cesspool-of-scams-why-doesnt-microsoft-care/) [quite](https://www.itproportal.com/2015/02/23/windows-store-infested-illegal-apps-malware/) [a](https://www.vipre.com/blog/beware-downloading-apps-microsofts-windows-store/) [big](https://news.softpedia.com/news/malware-lands-on-the-windows-10-store-disguised-as-google-app-523237.shtml) [assumption](https://news.softpedia.com/news/malicious-windows-10-apps-found-in-the-store-possibly-downloaded-by-thousands-524980.shtml). – Joseph Sible-Reinstate Monica Nov 13 '19 at 01:10
  • 1
    Thanks for your answer. The point about Microsoft’s incentives is plausible. But about LastPass being trustworthy: the facts that they let bugs stay unfixed for months and that their installation process doesn’t explain beforehand what the hell that cryptic warning (which I now guess is from Windows) means worry me. – Ryan Nov 13 '19 at 13:37
  • 2
    @Ryan they're trustworthy, meaning they're not intentionally trying to harm you or your system. I didn't say they were perfect coders who never write buggy code (no one is). – Joseph Sible-Reinstate Monica Nov 13 '19 at 15:22