Open CheechGe opened 5 years ago
tnaseem
commented
5 years ago I encountered this, but if you go into Settings/Extensions, there's an 'Options' button on the LastPass pass extension.
Hitting that will take you to the normal Lastpass options where you can tell it to log out on close. Normally, this is unticked.
Although, it would be good if you could click on the icon in the extensions toolbar to do the same thing. You can't seem to do that currently. So, another feature request! :)
CheechGe
commented
5 years ago I neglected to indicate the settings in LP when I posted the issue. I have LP set up with the other option "Automatically Log out ..." after x minutes of idle time. I would think that the Wavebox implementation would also do the same thing, especially since I leave my system running all the time.
If I check the other setting I'm not sure that would help since I leave my system up all the time. A better solution for me would be for the Wavebox/LP implementation to support the LP idle timeout,.
But thank you for your response.
CheechGe
commented
5 years ago The more I think about this even though I like the feature (I requested it) I may have to remove it until this issue is addressed.
I leave my system running all night because it is set up to automatically startg several applications early in the AM,. This means that if Wavebox does not honor the LP logoff setting and because Wavebox does not have its own security if someone were able to hack into my PC during the evening when it is unattended that because Wavebox is still logged on the LP that it would be possible to gain access to the sites managed by LP.
Although the critical sites are setup to re-prompt for the master PW it still represents an exposure I'd rather not have. BTW, the same thing is true especially for email accounts in wavebox where one is logged on until one logs off. IMO, Wavebox needs to do more to keep it secure from being misused in the event one's PC gets hacked into. I';m not sure what the answer is here but given that one could put in a lot of access to various sites it is too wide open for my likes.
tnaseem
commented
5 years ago Ah right.
I tried to recreate what you experienced to see if it happens here too. However, I can't even get set the "Automatically log out after idle...". It keeps asking me to install the binary component of LastPass (which I did, but it still comes up!)
On a side note, when I did install the LastPass binary (lastpass_x64.exe) the only thing it told me to close, prior to continuing the install, was Chrome. This I did (and closed Wavebox for good measure). But the dialogue still pops up when trying to update that setting.
Anyway, just thought I'd mention what I experienced in case it sheds some light on the problem.
@CheechGe Might be worth trying to set both (Auto logout on close as well as idle) to see if that does anything?
CheechGe
commented
5 years ago I din't recall ever getting that message., but I've have it set that since forever. What OS are you using? Mine is Win10.
I thought about that after your response but if Wavebox doesn't shut down the browser not sure that the option would have any effect. But I will try it any way and see what happens.
tnaseem
commented
5 years ago Windows 10 here too.
CheechGe
commented
5 years ago Free or paid version? Mine is the free.
CheechGe
commented
5 years ago and Version: 4.17.1
tnaseem
commented
5 years ago LastPass Free 4.17.1
CheechGe
commented
5 years ago Strange, we both that the exact same environment and they work differently. Did you try uninstalling and reinstalling from scratch?
CheechGe
commented
5 years ago Maybe i's the specific version based on the browser you're using.
CheechGe
commented
5 years ago On my other PC which is running LP 4.14.1 I have both options checked (I don't have Wavebox on it). If you go to the "About" option in LP there is a place where to install the binary option.
Thomas101
commented
5 years ago Thanks for reporting. At the moment we don't support the binary extension with LastPass.
I suspect that we'd need some support from LastPass with adding this. Depending how they've written the binary extension could mean that it's hard coded and monitoring the activity of Chrome rather than looking for the app that's calling it - in this case Wavebox.
As a sidenote, we are looking at adding a lock screen into Wavebox in an upcoming release which might help with this.
CheechGe
commented
5 years ago I didn't install the binary extension, at least that I can recall, but tit's been running like this for a long time. I'm not sure why tnaseen needs to do so to use the same setting as I have.
Expected & actual behavior Some information about what you expect to happen and what actually happens. After rebooting my PC when wavebox started LastPass was either logged into by Wavebox automatically or the login state was retain across a reboot. I don't know if Wavebox was logged into LP prior to the shutdown, but I suspect it was
This is not an expected action and for security purposes should not occur.
Steps to reproduce Are there any steps that we can take to reproduce the bug?
Close all applications including Wavebox and reboot.JUst a reboot.
Is the bug persistent or intermittent? Do you only see it sometimes or does it always happen?
Don't know at the time of this post but will test and post results
Screenshots Screenshots often help us narrow down a bug more easily.
Attached.
Additional information Add any other context about the problem here.