New LastPass Bugs Could Have Been Used To Steal Users' Passwords

Not open for further replies.
You want a bigger bug I've mentioned to them. By default the password manager stays signed in. Rather than automatically signing out after inactivity or closing the web browser.

For the average user this negates much of the security as anyone who has access to the computer has access to the passwords. Sure you can say that they can change the settings. The average user won't think to do that. Just getting them to use it successfully is a feat.

There is a huge gulf between people that understand tech and those that don't. Most tech companies don't grasp this. What seems like a very simple concept to a technically minded person is fraught with complexity for those whom don't get it.

Leaving a huge hole in the security like this and giving them the option to fix it themselves means it will never be fixed. They may as well just leave a piece of paper taped to their wall with a list of passwords. Which I see a lot.


May 10, 2012
By default, LastPass does not stay signed in. In fact, LastPass gives you a double pop-up "are you sure you want to do this?" question when you tick the "always signed in" box.
I've used LastPass Premium for a couple years now, and it is a really stable and truly platform agnostic service. It works as good on my Android as it does on my desktop and my Microsoft Surface. They have also been really quick with fixing issues reported, like the one in the article above.


Jun 4, 2012
Been using LastPass for a few years. Tried KeePass but it won't do the job, I need to be able to sync across devices and LastPass does that without the extra hassle of needing to login to one app to sync keyfiles, open the updated keyfile and then finally loggin.

They're also probed regularly and have a fast security fix response time.
Not open for further replies.