The latest update includes:
- An automated security check that displays your score in your vault
- Easy access to the password generator in the main LastPass addon menu
- Automatic clearing of data filled by LastPass on logout
- Performing hashing in binary component to speed up login, with the recommendation to increase password iterations to 5000
In this release, we're making password management a more active process, so you know when to make changes that will improve your online security. Good security is about being proactive and mitigating risk, and our newest features will help you accomplish both.
Automated Security Check Score
One of our best loved features, the Security Check analyzes all of your stored passwords and gives you a score from 0-100 based on the strength of your passwords, the frequency of duplicated passwords, and the use of other LastPass security features. It also makes recommendations on how to up your score and improve your overall security with LastPass.
An Accessible Password Generator
The LastPass password generator helps you create strong, unique passwords as you register for new accounts and update old passwords. We've made this feature even more accessible by including it in the main addon menu.
Automatic Clearing of Fields Filled by LastPass
A frequently-requested feature, LastPass now offers the option to have all fields filled by LastPass cleared when you're logged out of LastPass. Previously, if your LastPass session was still active in the browser and a login page was open, any stored logins would be filled in automatically, and the data that LastPass filled would stay filled regardless of whether LastPass timed out.
Password Iterations Can Be Increased Due to Increased Login Speed
This all gets a bit technical, but what's important is that we've updated LastPass to speed up the login process by performing hashing in the binary component.
Because login is now faster, we also recommend increasing your password iteration (PBKDF2) count to 5000. PBKDF2 is, essentially, a "password-strengthening algorithm" that makes it difficult for a computer to check that any one password is the correct master password during a brute-force attack. More iterations make it even more difficult for a computer to attempt to brute-force the password.
All new LastPass accounts will have a default of 5000 password iterations, while all current users can increase their count by logging in to their LastPass addon, opening their vault, select the "Settings" menu, and using the "Increase Iterations" option.
Other notable fixes in the latest update include:
- Maxthon browser support (in beta)
- Perform hashing in binary components to speed up login, with password iterations recommended to be set at 5000
- Auto-clearing of data filled by LastPass on logout
- A fix for NTLM authentication in IE
- There were also a number of updates for LastPass Enterprise, which we'll spotlight in a follow-up post.
We're Moving Right Along!
Over the last several months we've pushed out a number of releases and updates that help us continue to offer valuable features and improve the overall LastPass user experience. Here's a recap of some of the notable changes:
- Windows 8 App: We fully support Microsoft's new OS, in both desktop and "metro" mode. LastPass can be downloaded just as before in desktop mode, while our LastPass Windows app is now available in the Windows Store for use in "metro" mode.
- Windows Phone 8 App: Our Windows Phone app recently got an overhaul, with support for Windows Phone 8. We've reset everyone's trial, if you want to try out the new app!
- LastPass Sentry: We've partnered with PwnedList to offer Sentry, which performs daily searches of PwnedLists's database of leaked accounts for matches to LastPass accounts. The feature alerts users to potential risks and indicates which passwords need to be updated.
- The LastPass Team