The lastpass icon disappeared in the mozilla how to return. Critical bugs were found in the LastPass password manager, Chrome and Firefox extensions. Adding personal information
For a long time, I used the Roboform program to store my passwords to sites and fill out web forms for registering on various sites (everything was fine with it, except for the fact that it was paid).
But somehow tired, constantly before reinstalling operating system, pre-save folder the specified program, which is responsible for storing information with logins and passwords to my sites.
Then, after reinstallation, again look for a new version of it and carry out manipulations with the replacement of files and folders. And then the unexpected happened, after the failure of the operating system, I lost access to all data.
Information Recovery Specialist hard drive I don’t consider myself, so I didn’t restore anything, but set myself 2 tasks: 1 - find a free and reliable password manager; 2- have access to all your passwords and logins from anywhere where there is an internet connection.
While searching for an alternative password manager, I found a browser add-on (Firefox, Google Chrome, Opera) called LastPass Password Manager with all the features that I need (remembering logins and passwords, filling out web forms, a password generator) and moreover, you don’t have to pay for these functions.
Plus, the data is stored in encrypted form, to which only you have access. The add-on showed excellent work for more than six months. Let's do the installation using the Firefox Internet browser as an example.
After installation, restart the browser by clicking the "Restart now" link.
The browser is reloaded and a window appears with the beginning of the LastPass setup procedure, where the first thing we need to do is select the language and click the "Create an account" button.
In the next window, enter a valid address Email, the most important master password (it must be remembered or written down somewhere if we suffer from forgetfulness. We will need it to gain access to all our passwords and the manager's control panel.
We create a reminder for the password (optional), put a mark in the field “I have read and agree to the Terms of Use”. Next, check the "I understand that my encrypted data will be sent to LastPass" box. We select the remaining items as desired and click on "Create an account".
We read extremely important information, enter your main master password again and click "Create an account".
We import or not (optional) our logins and passwords from other storages of confidential information on the computer and click on the "Continue" button.
You can immediately set up information to fill out web forms.
On last step We accept Congratulations on the successful installation and click on the "Continue" button.
PASSWORD MANAGER
Automatically get into the online storage of your account.
A proprietary manager button appears in the right corner of the browser with the functions we need.
For the most convenient use of the password manager, I would recommend going into the settings, unchecking the "Use compact toolbar" box.
We will get a convenient control panel on top of the entire line in the browser. Now, when you enter your login and password on any site, LastPass will offer to save information.
Now you can use the drop-down list with the names of websites in the top control panel of the manager to access any website you need.
A convenient feature is the import of all logins and passwords from various popular managers.
Worth mentioning is the perfectly customizable password generator.
Now, after reinstalling the operating system, whether it's Windows or Linux, all you need to do is install the LastPass Password Manager add-on and all your confidential data is back with you.
In conclusion, I will say that Google browser Chrome, its version for some reason has fewer settings (in particular, I did not find how to turn off the compact toolbar to display the manager in the entire browser line). I will also mention that this password manager has not been tested in Opere.
First and most simple option is the default password manager for Chrome, Firefox, Opera or Vivaldi. Almost all modern browsers can save and automatically insert logins and passwords into the required fields. Yes, this option cannot be called very functional, since it lacks some additional features such as a reliable combination generator and secure notes. But you can use it completely free of charge, and there is synchronization between various devices, which only works, of course, if you use the same browser everywhere.
Simplicity, accessibility, free. Synchronization between different devices.
− Low functionality and security.
1Password
1Password has been around for over eight years, but has always been overshadowed by LastPass due to its rather high cost. It can store passwords, data bank cards, software licenses and other confidential information in a secure virtual storage. This storage can be located on a remote server or a local device. It is possible to sync via Wi-Fi, Apple iCloud or Dropbox. Special attention developers paid security and encryption algorithms, so this service was not seen in high-profile scandals.
Reliability, cross-platform, functionality, synchronization.
− High price.
KeePass
If you are looking for a free solution and are not afraid of difficulties, then you should definitely try KeePass. It's completely open project, created by independent developers. It has a huge number of possibilities due to the presence of a whole arsenal of various add-ons, plug-ins and auxiliary utilities. However, in return, you will have to come to terms with the typical shortcomings of free software in the form of high complexity of development and instability of some elements.
The password database created in KeePass is stored as a single file, which can be placed on a hard disk or in any cloud service. In the latter case, you can implement data synchronization between different devices. There are plug-ins for popular browsers that, with varying degrees of success, provide substitution of logins and passwords on the necessary pages. In addition, KeePass is also available on mobile devices.
Free, functional, secure.
− A solution for geeks who will be able to select and properly configure all the necessary components.
Dashlane
This password storage service appeared relatively recently, but has already managed to prove itself on the positive side. Dashlane is different nice appearance, good functionality and ease of use. The password database is stored in the cloud in encrypted form, there is synchronization between clients for various platforms (Mac, PC, iOS and Android). Among additional features it is necessary to highlight the function automatic filling forms, a password generator, the ability to change passwords in one click and convenient tools for online shopping. But all this splendor can fade for you if you want to use data synchronization between different devices. To do this, you have to buy an annual subscription for $ 39.99, which, you see, is a lot.
Appearance, reliability, cross-platform, digital wallet.
− High cost, no possibility of local storage of passwords.
And which password manager will you choose if LastPass does become paid?
Back in the summer of 2016, Google Project Zero specialist Tavis Ormandy sincerely: “Do people really use this LastPass thing?”. Then Ormandy discovered a vulnerability in the code of the LastPass add-on for Firefox 0-day, which allowed all user passwords to be compromised remotely.
Now, almost a year later, the expert has once again decided to put LastPass's security to the test, and, unfortunately, it cannot be said that the application has passed this test. Ormandy writes that he discovered a problem in the official LastPass extension for Chrome browser. According to the researcher's post, the extension's content_scrip contains a vulnerability that, if attacked, could compromise all credentials stored in the application. Moreover, to implement the attack, the attacker only needs to lure the user to a malicious site.
The researcher explains that the script is only used to access a specific domain on lastpass.com, and if you take a closer look at how it works, it looks like this:
Here, as Ormandy notes, lies the error. The script proxies unauthenticated window messages to the extension, which can be dangerous because anyone can do the following:
This will give the attacker full access and force LastPass to execute RPC commands, of which there may be hundreds, but the most dangerous of all, of course, is the ability to copy and fill in passwords. In some cases, this may even lead to the execution of arbitrary code on the user's machine, through the exploitation of openattach. As an example, Ormandy demonstrates running a regular calculator (calc.exe).
LasPass developers seem to have already fixed the problem in the Chrome extension by disabling 1min-ui-prod.service.lastpass.com. However, some users note that the server is still working for them, and the vulnerability is still relevant. It is likely that LastPass for Chrome users should disable the extension for now and wait for a full fix, as version 4.1.42, dated March 14, 2017, was still vulnerable.
It's worth noting that last week, Tavis Ormandy found another very similar bug in the LastPass addon for Firefox. Vulnerability in the same way allows you to extract all the user's passwords if he visits a malicious site.
This issue has not yet been fixed. The LastPass developers have already prepared a patch, but the revised version 3.3.2 is still being reviewed by Mozilla. The authors of LastPass also emphasized that the 3.x branch is still considered obsolete, and users are advised to switch to the more secure 4.x branch.
But LastPass' problems don't end there. Today, March 22, 2017, Tavis Ormandy warned that the LastPass addon for Firefox contains another bug that allows you to steal other people's passwords for any domain. Moreover, this time the more modern and secure version 4.1.35 is vulnerable. The expert promises to publish the details in the near future.
I found another bug in LastPass 4.1.35 (unpatched), allows stealing passwords for any domain. Full report will be on the way shortly. pic.twitter.com/9VkV7R3vud
Meet LastPass, one of the the best programs for storing passwords distributed as a single plugin installer for Internet Explorer, Google Chrome, Mozilla Firefox, Opera and Apple Safari developed by LastPass. Passwords in LastPass are protected by a master password, stored locally, and can be synced with any other browser. LastPass also has a form filler that allows you to automate password entry and form filling. The plugin supports password generation, data sharing, login logging, creating secure notes, and much more. Download LastPass can be lower.
One master password (the motto on the site is "The last password you must remember!").
Browser synchronization.
Strong password generation.
Password encryption.
Online form filler.
Import passwords from other password managers, as well as export.
Passwords are stored in the lastpass.com cloud service in encrypted form (AES-256).
The LastPass master password is stored in your head and when you enter it, all passwords are decrypted from the database (AES-256).
Passwords are transmitted over a secure (https) connection.
LastPass generates a hash of your username and password, which is the key to the AES algorithm.
For authorization, the LastPass service uses a double hash, it is he who is sent to the server and is a verification key during authorization.
The names of groups, accounts and data are transmitted in encrypted form, https is used everywhere.
LastPass collects passwords that other password managers can't see, including many AJAX forms, and makes it easy to create strong passwords.
You can import and export data from many well-known password storage systems (such as: RoboForm, 1Password, KeePass, Password Safe, MyPasswordSafe, Sxipper, TurboPasswords, Passpack, Firefox and Internet Explorer and many more). Passwords in LastPass are protected by a master password and are stored locally and can be synced with any other browser.
LastPass uses strong cryptography on the client side - passwords leave the computer already encrypted, and only the user can decrypt them. And even if someone gets this data, the encrypted data is basically useless.
What I like the most is that all data is stored on a computer and a secure service, periodically synchronized, and there is access from any computer where LastPass is installed. In addition, it has a very convenient feature for creating secure notes and other equally useful features.Almost everything. The program does everything itself. It will offer to save the login - password, enter them into the fields the next time you visit the page, or even enter it yourself (if you want). At the same time, it generates passwords that you absolutely do not need to remember, and for each resource they will be different. This increases the security of protected access many times over.
If you want, your secrets can always be with you, wherever you work and whatever computer you use. To do this, you can use the local version (LastPass Pocket) for a flash drive (for this, it is advisable to first export your data from your LastPass account to a file on disk, so that later you can open it with a portable version anywhere without installing the main program). Everything works without any restrictions on the amount of saved data, time of use, free of charge and in Russian. Although there is a paid version, with slightly more advanced features, but we are not talking about it.
The procedure for installing the program and registering a LastPass account is quite simple, you just need to agree with the default settings, and the installer will offer to disable password managers in installed browsers because of their unreliability. Creating a master password is also very easy (here you will be presented with options and shown how resistant your master password is to hacking). In addition, the developers recommend changing your master password periodically to prevent unauthorized access to your LastPass account. At the very service LastPass there is no access to your confidential data, which they honestly warn about. That is, if you forget or lose your master password, you will only be sent a hint to reset your password (and not your passwords, logins, etc.), or you will have to use account recovery.
A big plus of LastPass, in my opinion, is that if you already have an existing LastPass account (well, and learned a master password, of course, to enter your account), you have absolutely nothing to be afraid of "falling" and/or reinstalling the system, you just need to reinstall LastPass and log into your account, then the program will work for you. It goes without saying that all your passwords, websites, forums, secure notes, in general, everything that you saved will be restored on a new computer. The developers are on the alert, constantly updating LastPass, strengthening it (and your security) and improving the program, and updating in browsers LastPass extensions going to background without interfering with work.
Such a description of the features of LastPass turned out to be far from complete, I hope you enjoy the program. In the end, I note that after trying many password managers, paid and free, I chose LastPass a long time ago because of its simplicity and reliability. The program is updated quite often, both on the official website and on the Google, Firefox, Opera and Safari extension services, there is a detailed online help and video on setting up and using the program.
Developer: Joe Siegrist
License: freeware
Language: Multi + Russian
The size: 59MB
OS: Windows
Download:About upcoming significant changes in the system Firefox add-ons. To ensure cross-browser compatibility, the developers of Firefox and other browsers have adopted a common API called WebExtensions . Support for a common API will reduce the cost of cross-platform development for companies like ours that have to release and maintain extensions for multiple browsers. While migrating to WebExtensions brings a number of benefits for developers, browsers, and users, we want to prepare LastPass users to migrate from the previous Firefox add-on to the new one.
We've been supporting two versions of LastPass for Firefox for over a year now. stable version 3.x published in the store Firefox extensions, and version 4.x, which is in development, is published on the LastPass.com website.
While this created some confusion for LastPass users, we maintained the "old" version to retain the Firefox-like user interface that our users preferred. In the meantime, we have continued to develop version 4.x in accordance with the changes that Mozilla implements. But in light of the recent news that Mozilla will move to full WebExtensions by the end of 2017, we have to say goodbye to LastPass version 3.x for Firefox.
We will release the latest version of the add-on on March 31, 2017. The latest version of the add-on is expected to roll out to all users of version 3.3.2 within a few days after review by Mozilla. You can manually update the Firefox add-on now or wait automatic update in April. After that, only version 4.x will be available, both on addons.mozilla.org and LastPass.com. For users of the Firefox add-on version 3.x, this update will bring all of the latest LastPass core logic and performance improvements we've implemented, as well as latest interface user. Based on user feedback, we also recommend that you check out the tile and list views in the 4.x interface to find the best view for you.
LastPass 3.x Interface
LastPass 4.x Interface
In addition to implementing the changes made by Mozilla, we believe that the new version of our Firefox add-on is much more user-friendly overall. We know that change is not always pleasant. We're listening to your feedback and making thoughtful and informed changes while unifying the LastPass experience across all browsers and platforms.
Of course, the transition to new version The add-on will not affect your LastPass account or any data in your vault in any way. You will still have full access to your account at any time from any browser and from any device.
As always, you can contact our support team if you have any questions or concerns regarding this transition.