I only recently became aware of the issue with LastPass through my friend Ziggy (developer of the Lavafox themes
), who also uses LastPass:
Ziggy wrote:LastPass .. version 3+ is vulnerable to a very nasty hack, zero day was published and fixed already on version 4 .. (Google's security found it, very big deal but no damage was done).
Version 4+ does install via the tester tool and work partly, can access most features .. but cannot use it because it just does not fill the form fields (user name, password etc) - which is the whole purpose of the add-on.
The funny thing is that now there is also a bug in LastPass on Nightly but that's another issue (FF changed something again about the UI).
Anyway, PM users need to know that the version of LastPass on PM's add-ons website is very dangerous. I saw a user posting about it already in the forum (I remember seeing it somewhere) but not sure if it got enough attention.
It's same dangerous version on Firefox AMO site (version 4 is "beta" there) but on Firefox anyone can easily install the new version 4 on LastPass site and it works well on default Firefox (not Nightly).
LastPass is critical for anyone using it (I personally cannot work without it) .. hope PM can make it work, because LastPass can be a bit slow or not respond at all ..
I think anyway it's up to PM to make version 4 work, LastPass need to follow Firefox first (bug on Nightly).
Do you use LastPass ? any idea what can be done ?
I suggested to Ziggy that trusting a browser add-on to store critical passwords is both limiting and dangerous. I further suggested he move his passwords to KeePass
which has versions that work everywhere (Windows, Linux, Android, even Blackberry devices!), is open source, has a large development community and has all sorts of customizations to do just about anything you might want. There are also different levels of browser integration from add-on to standalone app. However he, like most people, is reluctant to change.
troypulk wrote:... What would be a comparable to LassPass?
back2themoon wrote:With all the increasing LastPass vulnerability/exploit announcements, I for one am staying away from it and not going back - Pale Moon compatible or not.
If you two are willing to consider it, I strongly suggest trying the KeePass app (not the browser add-on) with the KeePass Helper
browser add-on which adds URL info into the browser window and allows KeePass to select a proper password for the target window.
I know that LastPass has responded negatively to Pale Moon support. If we want support from these people, we have to remember to be persistent. Ziggy and I had a similar issue with the Toggl
app but they, apparently, are unofficially supporting Pale Moon now as they recently made a change to their website that lets Toggl work with Pale Moon now.
If enough people complain, they will see that it's to their advantage to support Pale Moon. The key is numbers and persistence.