How to set LastPass to verify before opening my vault and viewing all passwords

0

I am new to LastPass and I was shocked when I realised that, once I logged in to LastPass browser extension, I could open my vault and view all the passwords even after I had exited my browser and reopened it.

How is this even safe? Is there any way to let LastPass ask for verification before openning my vault or viewing any passwords? If it is not possible, is it advisable to switch to Google Password Manager or similar?

timing

Posted 2019-05-17T00:40:27.687

Reputation: 13

This is explained in their documentation along with the settings to do what you ask. – schroeder – 2019-05-17T08:32:03.427

Answers

2

The Lastpass options available differ quite remarkably between the browser extensions and the website.

To require the master password for every site password view:

  • Login to your account on the website (https://lastpass.com)
  • Click "Account Settings"
  • Open the advanced settings (Button at the bottom of the popover)
  • Look for the section "Warnings", then choose your liking among "Master Password Re-Entry"

I agree that this process unnecessarily convoluted and cumbersome.

Personally, I rarely ever need to actually see a password. I let Lastpass fill out the credentials for me and this works very well on most sites.

However, I suggest you use a second factor like TOTP (wit Google's Authenticator for example) for account login.

Marcel

Posted 2019-05-17T00:40:27.687

Reputation: 456

1

You need to edit your Lastpass preferences. In Firefox, if I click on the icon for the Lastpass extension and go to Preferences, I can check "Automatically Log out when all browsers are closed", and/or "Automatically Log out after idle (mins)". You can also enable the password reprompt as suggested by other answers.

It's up to you what level of security vs. convenience tradeoff you want to make. The default of staying logged in probably assumes you are on a private computer which will be locked by the OS when you're away from the computer, but that assumption obviously isn't safe in all circumstances.

Marius

Posted 2019-05-17T00:40:27.687

Reputation: 193

0

You can always instruct LastPass to prompt you for password before showing you the password.

  1. Enter edit password page
  2. click on the "advanced settings" at the bottom
  3. check the "require password reprompt" box
  4. save it

You now need to enter your vault password every time you want to know the stored password.

The caveat is that LastPass doesn't offer a vault-wide settings for password repormpt, so you need to set each item manually.

As suggested by @Marcel that there is a vault wide setting under Account Settings > General > Show Advanced Settings, you can instruct LastPass to reprompt vault password for accessing certain item type/action.

Hartman

Posted 2019-05-17T00:40:27.687

Reputation: 131

There is a option to enforce password re-entry in the options on the website. I agree that lastpass's options are very convoluted though. – Marcel – 2019-05-17T05:56:00.050

Yeah, I just discovered it. – Hartman – 2019-05-17T18:19:25.450

Asked: 2019-05-17T00:40:27.687

Viewed: 373 times

Active: 2019-05-17T18:25:10.717