The lastpass icon disappeared in the mozilla how to return. Critical bugs were found in the LastPass password manager, Chrome and Firefox extensions. Adding personal information

For a long time, I used the Roboform program to store my passwords to sites and fill out web forms for registering on various sites (everything was fine with it, except for the fact that it was paid).

But somehow tired, constantly before reinstalling operating system, pre-save folder the specified program, which is responsible for storing information with logins and passwords to my sites.

Then, after reinstallation, again look for a new version of it and carry out manipulations with the replacement of files and folders. And then the unexpected happened, after the failure of the operating system, I lost access to all data.

Information Recovery Specialist hard drive I don’t consider myself, so I didn’t restore anything, but set myself 2 tasks: 1 - find a free and reliable password manager; 2- have access to all your passwords and logins from anywhere where there is an internet connection.

While searching for an alternative password manager, I found a browser add-on (Firefox, Google Chrome, Opera) called LastPass Password Manager with all the features that I need (remembering logins and passwords, filling out web forms, a password generator) and moreover, you don’t have to pay for these functions.

Plus, the data is stored in encrypted form, to which only you have access. The add-on showed excellent work for more than six months. Let's do the installation using the Firefox Internet browser as an example.

After installation, restart the browser by clicking the "Restart now" link.

The browser is reloaded and a window appears with the beginning of the LastPass setup procedure, where the first thing we need to do is select the language and click the "Create an account" button.

In the next window, enter a valid address Email, the most important master password (it must be remembered or written down somewhere if we suffer from forgetfulness. We will need it to gain access to all our passwords and the manager's control panel.

We create a reminder for the password (optional), put a mark in the field “I have read and agree to the Terms of Use”. Next, check the "I understand that my encrypted data will be sent to LastPass" box. We select the remaining items as desired and click on "Create an account".

We read extremely important information, enter your main master password again and click "Create an account".

We import or not (optional) our logins and passwords from other storages of confidential information on the computer and click on the "Continue" button.

You can immediately set up information to fill out web forms.

On last step We accept Congratulations on the successful installation and click on the "Continue" button.

PASSWORD MANAGER

Automatically get into the online storage of your account.

A proprietary manager button appears in the right corner of the browser with the functions we need.

For the most convenient use of the password manager, I would recommend going into the settings, unchecking the "Use compact toolbar" box.

We will get a convenient control panel on top of the entire line in the browser. Now, when you enter your login and password on any site, LastPass will offer to save information.

Now you can use the drop-down list with the names of websites in the top control panel of the manager to access any website you need.

A convenient feature is the import of all logins and passwords from various popular managers.

Worth mentioning is the perfectly customizable password generator.

Now, after reinstalling the operating system, whether it's Windows or Linux, all you need to do is install the LastPass Password Manager add-on and all your confidential data is back with you.

In conclusion, I will say that Google browser Chrome, its version for some reason has fewer settings (in particular, I did not find how to turn off the compact toolbar to display the manager in the entire browser line). I will also mention that this password manager has not been tested in Opere.

First and most simple option is the default password manager for Chrome, Firefox, Opera or Vivaldi. Almost all modern browsers can save and automatically insert logins and passwords into the required fields. Yes, this option cannot be called very functional, since it lacks some additional features such as a reliable combination generator and secure notes. But you can use it completely free of charge, and there is synchronization between various devices, which only works, of course, if you use the same browser everywhere.

Simplicity, accessibility, free. Synchronization between different devices.
− Low functionality and security.

1Password

1Password has been around for over eight years, but has always been overshadowed by LastPass due to its rather high cost. It can store passwords, data bank cards, software licenses and other confidential information in a secure virtual storage. This storage can be located on a remote server or a local device. It is possible to sync via Wi-Fi, Apple iCloud or Dropbox. Special attention developers paid security and encryption algorithms, so this service was not seen in high-profile scandals.

Reliability, cross-platform, functionality, synchronization.
− High price.

KeePass

If you are looking for a free solution and are not afraid of difficulties, then you should definitely try KeePass. It's completely open project, created by independent developers. It has a huge number of possibilities due to the presence of a whole arsenal of various add-ons, plug-ins and auxiliary utilities. However, in return, you will have to come to terms with the typical shortcomings of free software in the form of high complexity of development and instability of some elements.

The password database created in KeePass is stored as a single file, which can be placed on a hard disk or in any cloud service. In the latter case, you can implement data synchronization between different devices. There are plug-ins for popular browsers that, with varying degrees of success, provide substitution of logins and passwords on the necessary pages. In addition, KeePass is also available on mobile devices.

Free, functional, secure.
− A solution for geeks who will be able to select and properly configure all the necessary components.

Dashlane

This password storage service appeared relatively recently, but has already managed to prove itself on the positive side. Dashlane is different nice appearance, good functionality and ease of use. The password database is stored in the cloud in encrypted form, there is synchronization between clients for various platforms (Mac, PC, iOS and Android). Among additional features it is necessary to highlight the function automatic filling forms, a password generator, the ability to change passwords in one click and convenient tools for online shopping. But all this splendor can fade for you if you want to use data synchronization between different devices. To do this, you have to buy an annual subscription for $ 39.99, which, you see, is a lot.

Appearance, reliability, cross-platform, digital wallet.
− High cost, no possibility of local storage of passwords.

And which password manager will you choose if LastPass does become paid?

Back in the summer of 2016, Google Project Zero specialist Tavis Ormandy sincerely: “Do people really use this LastPass thing?”. Then Ormandy discovered a vulnerability in the code of the LastPass add-on for Firefox 0-day, which allowed all user passwords to be compromised remotely.

Now, almost a year later, the expert has once again decided to put LastPass's security to the test, and, unfortunately, it cannot be said that the application has passed this test. Ormandy writes that he discovered a problem in the official LastPass extension for Chrome browser. According to the researcher's post, the extension's content_scrip contains a vulnerability that, if attacked, could compromise all credentials stored in the application. Moreover, to implement the attack, the attacker only needs to lure the user to a malicious site.

The researcher explains that the script is only used to access a specific domain on lastpass.com, and if you take a closer look at how it works, it looks like this:

Here, as Ormandy notes, lies the error. The script proxies unauthenticated window messages to the extension, which can be dangerous because anyone can do the following:

This will give the attacker full access and force LastPass to execute RPC commands, of which there may be hundreds, but the most dangerous of all, of course, is the ability to copy and fill in passwords. In some cases, this may even lead to the execution of arbitrary code on the user's machine, through the exploitation of openattach. As an example, Ormandy demonstrates running a regular calculator (calc.exe).

LasPass developers seem to have already fixed the problem in the Chrome extension by disabling 1min-ui-prod.service.lastpass.com. However, some users note that the server is still working for them, and the vulnerability is still relevant. It is likely that LastPass for Chrome users should disable the extension for now and wait for a full fix, as version 4.1.42, dated March 14, 2017, was still vulnerable.

It's worth noting that last week, Tavis Ormandy found another very similar bug in the LastPass addon for Firefox. Vulnerability in the same way allows you to extract all the user's passwords if he visits a malicious site.

This issue has not yet been fixed. The LastPass developers have already prepared a patch, but the revised version 3.3.2 is still being reviewed by Mozilla. The authors of LastPass also emphasized that the 3.x branch is still considered obsolete, and users are advised to switch to the more secure 4.x branch.

But LastPass' problems don't end there. Today, March 22, 2017, Tavis Ormandy warned that the LastPass addon for Firefox contains another bug that allows you to steal other people's passwords for any domain. Moreover, this time the more modern and secure version 4.1.35 is vulnerable. The expert promises to publish the details in the near future.