Nice... I'll reiterate the same plea I have every time LastPass comes up (I'm a premium subscriber and have been for years) - Focus on UI and UX. I don't need any more features, I just want a much higher level of polish across the Chrome Extension and Android app.
It still pops up on the top of the screen, pushing down the webpage, and since it's slow it takes a few seconds to do it so it pushes down the content while you are reading it. I've tried disabling it but it still tends to pop up - there's much more usable + pretty ways of doing it, see Chrome's built-in password manager.
Yes please! I don't need more features right now. Remove all the stuff that's useless 99% of the time. Like, do I really need to have the "password generator" option available at all times in the menu? Why does it take like 1 search and 3 clicks for me to look up a password? Why is the android app so clunky? Why do you tell me over and over and over again I have duplicate passwords? I KNOW! I'm sure there's more.
Lastpass is an excellent tool. The back end seems rock solid, but my god the UX is terrible. The latest update made it look better, but kind of made the UX worse.
Time and time again, after being frustrated with Lastpass's UX i think of how much nicer 1Password looks. I really miss that app. It's hard for me to suggest LastPass to people who aren't comfortable. I've heard people from 1Password talk about there design work. On those days of frustration, I wonder if LastPass a real UX team.
I agree. In my opinion most password managers focus too much on delivering features that nobody really needs (most of the time at least) and far too little on user experience and polish. This is, I think, one of the reasons why so few non-technical people bother with using a password manager. I've been working on my own open source solution, which puts a clear focus on simplicity and usability[1]. I wish other companies like LastPass and 1Password would start putting more effort in making their software more accessible to non-technical users rather than trying to out-feature their competitors.
I actually went with Dashlane bacause of this. I wonder why there's no mention of it in this thread. Most of the people where I work use 1password - but since I'm on both Windows and OSX, I needed something that runs on both platforms.
Their Windows 8 app is utterly broken, and although I tell the Android app to remember my password it frequently makes me reenter it. I really wish they would focus on polish, I've very close to moving to a competitor.
I totally agree. Ironically I can't recommend LastPass to the people who most need it because they aren't tech-savvy enough to figure out and tolerate the UX issues.
I wish it were easier so I could get my parents using it.
I wrote most of this for LastPass. The interface is based on my own pet project, "pass" -- http://www.passwordstore.org/ -- which sticks to a more traditional model of a simple directory of gpg encrypted files, integrated with git, and you get to decide where it lives. It's a simple bash script.
Just want to chime in. Your pet project is the only password manager I have used longer than a week.
Using dmenu with StumpWM, I show people I have an OS level keychain that I can pop open and search with a keyboard binding. My IT brethren nod with approval.
just modified the pass dmenu script to work with lastpass
#!/usr/bin/env bash
shopt -s nullglob globstar
typeit=0
if [[ $1 == "--type" ]]; then
typeit=1
shift
fi
name=$(lpass ls | dmenu)
id=$(echo $name | sed -r 's/.*\id:\s([0-9]+).*/\1/g')
if [[ $typeit -eq 0 ]]; then
lpass show -c --password $id
else
xdotool - <<<"type --clearmodifiers -- $(lpass show --password $id)"
fi
I've been working on some bash scripts that borrow your "pass" interface but works with OS X's Keychain, so thanks very much for doing the hard parts for me!
Awesome, great pet project. As others have said, I use it daily and it's the only manager I've used for any time. I use it with a Yubikey Neo with a GPG subkey in it, and store my passwords in a Bitbucket repo that I can check out on any machine (using an RSA key also in my Yubikey via gpg-agent with enable-ssh-support). I've looked at using it for small teams as well by encrypting to multiple recipients. Excellent and elegantly unixy!
I've got a task to setup a password manager for a team, all of whom are Windows users.
But my focus isn't personal passwords for email, or google, but the eleventy-dozen passwords that accumulate around any IT department: root for this, and that, the firewall, database, CHAP .. the list is endless.
I like to keep my passwords synced in Dropbox, and I usually work in *nix, but I occasionally have to access them in Windows, so I wrote a little batch file that uses gpg4win to read my passwords https://github.com/davidmi/ScriptsAndTools
I'm that someone, and it was written in a weekend on a jail broken iPod touch on iOS 3.2. So, its unlikely that it still works (and I wouldn't recommend using it even if you can get it to work). I long since switched (back) to lastpass due to the pain of managing ssh keys across multiple devices.
Something like this, but for the team would be so awesome…
Edit: looks like this tool supports multiple keys. Does that mean that passwords can be shared?
Yes -- pass has extensive support for being used by teams. You can set various levels of ACLs by having different combinations of keys for different directories.
As a premium subscriber, this is great. I had to weaken my github password 3 months ago because I started rolling VMs every other day and I had set random characters as my password. This means I can restrengthen it this weekend
The first thing I thought after seeing this trending on HN this morning was "damn, maybe I'll finally have an opportunity to submit a formula to Homebrew!".
Don't use the edit command on anything sensitive without a suitably secured /tmp - ideally tmpfs and encrypted swap - since it writes the data to a tempfile for your editor to open.
This is great. Only question is, how can they justify charging $12/yr for mobile/Premium access when anyone can write a full featured iOS/Android app using this code as a template? All the right endpoints are there, 2FA support, local encryption code etc.
I know that their API was reverse engineered a million times already, but this just seems like they are explicitly enabling copycat apps.
There's presumably a pretty strong lock-in effect where I might trust Lastpass, but I wouldn't trust some random app author with literally all my passwords no matter what assurances the app download page provides.
I would rather trust an app running locally behind my firewall than I would trust lastpass. If the app tries to sneak a copy of my passwords out of the network its going to have to find a way through the outbound firewall first. I have no such protection when using last pass.
Just a PSA for mac users: Keychain Access.app has a command line interface: `security` . I use a special keychain for some of my TrueCrypt passwords, so I can mount them all with the same password via the command line via `security find-generic-password`
It still pops up on the top of the screen, pushing down the webpage, and since it's slow it takes a few seconds to do it so it pushes down the content while you are reading it. I've tried disabling it but it still tends to pop up - there's much more usable + pretty ways of doing it, see Chrome's built-in password manager.