I was on the verge of switching before my auto renewal date but they billed me 3 weeks early while sending numerous reminders of the actual date in the rebill agreement. I've personally never seen any of the chronic bugs fixed or felt any update addressed problems that are nearly 10 yrs old. So is this some kind of LP fan subreddit? No one has anything to say about this ridiculous new feature or the other 50 chronic problems with what's supposed to be one of the top password managers? And yes also to bitch at LP because I am so sick of the bugs, outdated UX and waste of money av premium sub is. Esp considering how many ppl would click on the links to malicious sites. But really, my intention, however failed, was to inform new users, or free-users not to use the terrible Security Dashboard. In hindsight, I get everyones point and jabs. And after I had written all of it I didn't want to rewrite it for Reddit so I just copied pasted. Maybe it was just cathartic to let off years of built up LastPass steam. It's just a poor attempt to sell you on security they cannot provide, among many many other flaws bugs and UX eyesores. I'm embarrassed to have been a premium subscriber for so long.Īnyone thinking of upgrading, Don't. You have fumbled yet again, but for the last time LOGMEIN. And don't reply with another form letter/blog post link that is useless. This makes ones accounts infinity less secure. Well, LP still flags it again as a compromised login. The best they can actually give you is hey, you might get some spam to your address if you choose to keep it. all they could know is your email address or username turned up on some dump site but they have zero proof of any breach. Guess what? LastPass says these emails are fine!⁸ (They ARE to me, because I changed the passwords long ago, many times.īut lastpass doesn't know this. I know for a fact that several email addresses of mine have been victims of security breaches such as the Adobe breach and the Equifax breach from years ago & they still float around the web, a simple Pwned checks this for you. Yet said user has nothing to do with dark web login/password dump site. You are directing your users to visit the malicious site or forum directly to enter in new information which will be stolen instantly of course should someone follow through. You cannot close these results unless you go one by one.Īnd guess what? You supply a link to that very obvious malicious site to change your nonexistent info/password! Are you serious LastPass? The report list I received was hundreds of dark Web results long, for only 3 usernames that I kept simple on purpose and left the security to password & 2FA. The free "Have I been Pwned " site is much more relevant and useful. Which LastPass does no monitoring of and cannot monitor even if they wanted to by design! Thus making this " dark net scan " utterly useless. It's a compromised password that would signify a breach. Reporting to me that I've suffered an email account and or password breach because some dark site has ADMIN or Superman57 written on a list is FALSE. only email addresses are (for the most part). WHY would anyone care about their non-email username? User names are largely not unique. But LP can't tell the difference btwn a string that contains an vs anything else. How many users need to use ADMIN because there is no other choice in the IT world? How many users on social forums have a username that is intentionally memorable such as " JohnLikesDogs "? These are not email addresses or email accounts. You might as well add every word in the dictionary and call any hits " a breach ". This results in 100s of false positives because any basic, unimportant username such as "ADMIN" or "JohnDoe " is going to be flagged as a compromised email on the dark Web. It's more secure to use a random word or nickname, keeping my email address from potential spam, hijack, etc.ĭespite this fact, Dark Web Monitor is programmed to take any text data saved in the username field, whether email or not, and run a check on it. In fact, I prefer NOT to give up my email address if not required. They do not say " EMAIL & password ".īecause naturally, not every username is going to be an email address. LastPass standard " Add New Site " entry fields say username & password, as they should. As it stands now, there are serious security issues with the way Dark Web monitoring is implemented: Please forward this list to the developers. I'm sorry but this (their careless reply to my inquiry) is unacceptable. They must have chimps writing their software. Hopefully you can see why based on my rant email (edited) below in response to a reply from LogMeIn. Dark Web Monitoring, a new "feature" in LastPass Premium is a complete disaster.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |