PM 27.2.0 not allowing CRITICAL update to LASTPASS Topic is solved

Talk about code development, features, specific bugs, enhancements, patches, and similar things.
Forum rules
Please keep everything here strictly on-topic.
This board is meant for Pale Moon source code development related subjects only like code snippets, patches, specific bugs, git, the repositories, etc.

This is not for tech support! Please do not post tech support questions in the "Development" board!
Please make sure not to use this board for support questions. Please post issues with specific websites, extensions, etc. in the relevant boards for those topics.

Please keep things on-topic as this forum will be used for reference for Pale Moon development. Expect topics that aren't relevant as such to be moved or deleted.
twigs
Moongazer
Moongazer
Posts: 10
Joined: 2017-04-05, 09:39

Re: PM 27.2.0 not allowing CRITICAL update to LASTPASS

Unread post by twigs » 2017-04-05, 16:26

back2themoon wrote:With all the increasing LastPass vulnerability/exploit announcements, I for one am staying away from it and not going back - Pale Moon compatible or not.
On this particular issue, to be fair to them, they are responding pretty quick when they are notified of problems, what else can they do? If LastPass didn't address those issues, then I imagine most people would move away from them pretty sharpish and they'd be sunk.

Extensions are always going to get updated, but if Pale Moon loses users because of extension issues, then isn't that a problem? I have only been using Pale Moon for about a year or so, been very happy with it, thank you to all the devs. Decided to register on the forum to see if there's any way I can help (I'm not a developer though). Not having the latest iteration of NoScript isn't a problem but not being able to install the latest version of LastPass will be a problem for me and, I assume, others.

User avatar
back2themoon
Moon Magic practitioner
Moon Magic practitioner
Posts: 2369
Joined: 2012-08-19, 20:32

Re: PM 27.2.0 not allowing CRITICAL update to LASTPASS

Unread post by back2themoon » 2017-04-05, 16:33

twigs wrote:Extensions are always going to get updated, but if Pale Moon loses users because of extension issues, then isn't that a problem?
It is, but it doesn't make much sense to replace your favourite browser because of an extension issue. The obvious solution is to replace the extension (even more so if they explicitly do not support PM). There is no shortage of alternative extensions and LastPass is certainly not an exception.

twigs
Moongazer
Moongazer
Posts: 10
Joined: 2017-04-05, 09:39

Re: PM 27.2.0 not allowing CRITICAL update to LASTPASS

Unread post by twigs » 2017-04-06, 13:12

Yep, have that freedom on my personal devices but not unfortunately at work; my ideals in promoting Pale Moon as a viable browser in our workplace could come to a halt :(

Anyway, I contacted Last Pass via our work account and got this back after requesting that they make 4.x available for all browsers and not just those listed here :

"Thank you very much for providing feedback regarding a product/change that you would like to see us provide in the future!
I have submitted a report describing your feature request to our Development Team for review. As a feature request, it's not possible to say what will happen next, but we do consider feedback and suggestions from users like you very seriously."

Bit of a generic response but should anything come of it, I'll post here.

User avatar
back2themoon
Moon Magic practitioner
Moon Magic practitioner
Posts: 2369
Joined: 2012-08-19, 20:32

Re: PM 27.2.0 not allowing CRITICAL update to LASTPASS

Unread post by back2themoon » 2017-04-06, 13:22

I could only suggest that you try to convince your work to use a safer solution than LastPass - combined with a safer browser like Pale Moon. If they are interested in security, they should at least hear you out.

I'd be surprised if LastPass decided to support Pale Moon. I don't think they even supported it with v3, it just happened to work.

troypulk

Re: PM 27.2.0 not allowing CRITICAL update to LASTPASS

Unread post by troypulk » 2017-04-06, 15:54

back2themoon wrote:I could only suggest that you try to convince your work to use a safer solution than LastPass
Do you use Linux?

What would be a comparable to LassPass?

The closes thing I have seen is Enpass and they haven't even been audited yet and they are close source, Plus they support FF so if it works on PM it's because of FF.

User avatar
back2themoon
Moon Magic practitioner
Moon Magic practitioner
Posts: 2369
Joined: 2012-08-19, 20:32

Re: PM 27.2.0 not allowing CRITICAL update to LASTPASS

Unread post by back2themoon » 2017-04-06, 18:00

troypulk wrote:Do you use Linux? What would be a comparable to LassPass?
Sorry, have no clue about Linux. If you search (in this forum as well) I'm sure you'll find something good, like the various KeePass versions.

Shadeclan

Re: PM 27.2.0 not allowing CRITICAL update to LASTPASS

Unread post by Shadeclan » 2017-05-11, 19:24

I only recently became aware of the issue with LastPass through my friend Ziggy (developer of the Lavafox themes), who also uses LastPass:
Ziggy wrote: LastPass .. version 3+ is vulnerable to a very nasty hack, zero day was published and fixed already on version 4 .. (Google's security found it, very big deal but no damage was done).

Version 4+ does install via the tester tool and work partly, can access most features .. but cannot use it because it just does not fill the form fields (user name, password etc) - which is the whole purpose of the add-on.

The funny thing is that now there is also a bug in LastPass on Nightly but that's another issue (FF changed something again about the UI).

Anyway, PM users need to know that the version of LastPass on PM's add-ons website is very dangerous. I saw a user posting about it already in the forum (I remember seeing it somewhere) but not sure if it got enough attention.

It's same dangerous version on Firefox AMO site (version 4 is "beta" there) but on Firefox anyone can easily install the new version 4 on LastPass site and it works well on default Firefox (not Nightly).

LastPass is critical for anyone using it (I personally cannot work without it) .. hope PM can make it work, because LastPass can be a bit slow or not respond at all ..

I think anyway it's up to PM to make version 4 work, LastPass need to follow Firefox first (bug on Nightly).

Do you use LastPass ? any idea what can be done ?
I suggested to Ziggy that trusting a browser add-on to store critical passwords is both limiting and dangerous. I further suggested he move his passwords to KeePass which has versions that work everywhere (Windows, Linux, Android, even Blackberry devices!), is open source, has a large development community and has all sorts of customizations to do just about anything you might want. There are also different levels of browser integration from add-on to standalone app. However he, like most people, is reluctant to change.
troypulk wrote:... What would be a comparable to LassPass?
back2themoon wrote:With all the increasing LastPass vulnerability/exploit announcements, I for one am staying away from it and not going back - Pale Moon compatible or not.
If you two are willing to consider it, I strongly suggest trying the KeePass app (not the browser add-on) with the KeePass Helper browser add-on which adds URL info into the browser window and allows KeePass to select a proper password for the target window.

I know that LastPass has responded negatively to Pale Moon support. If we want support from these people, we have to remember to be persistent. Ziggy and I had a similar issue with the Toggl app but they, apparently, are unofficially supporting Pale Moon now as they recently made a change to their website that lets Toggl work with Pale Moon now.

If enough people complain, they will see that it's to their advantage to support Pale Moon. The key is numbers and persistence.

fillerup

Re: PM 27.2.0 not allowing CRITICAL update to LASTPASS

Unread post by fillerup » 2017-05-12, 04:25

troypulk wrote:Do you use Linux?

What would be a comparable to LassPass?
KeepassXC is what you want

troypulk

Re: PM 27.2.0 not allowing CRITICAL update to LASTPASS

Unread post by troypulk » 2017-05-12, 13:59

fillerup wrote:
troypulk wrote:Do you use Linux?

What would be comparable to LassPass?
KeepassXC is what you want
I don't need a password manager for off line use, I only have 1 password I use off line and I can remember it on my own. Online I have almost 200 passwords.

I installed Keepass2 with the FF addon but I couldn't get it to work with PM 27.3 and it was getting labor intensive just for a PW manager, it only took me 10 minutes to install and use Enpass.

I read some reviews that Keepass and it's various branches were not user friendly.... etc. and if you're going to use keepass it should be keepass2.

I ended up using Enpass - https://www.enpass.io it's the most like lasspass that I have seen and it's free for desktop and only $10 a platform for life on your phone.

I've read the reviews and even though it's not open source and hasn't been audited by a third party it's still in my opinion the best PW manager for online and offline use, plus it's web browser integration is seamless.

One big plus for me with all the good things about it, is that once I install it it's completely my own and doesn't talk to the home base and I did not have to register to use it.
Last edited by troypulk on 2017-05-12, 14:13, edited 1 time in total.

Shadeclan

Re: PM 27.2.0 not allowing CRITICAL update to LASTPASS

Unread post by Shadeclan » 2017-05-12, 14:09

troypulk wrote:I don't need a password manager for off line use, I only have 1 password I use off line and I can remember it on my own. Online I have almost 200 passwords.

I installed Keepass2 with the FF addon but I couldn't get it to work with PM 27.3 and it was getting labor intensive just for a PW manager, it only took me 10 minutes to install and use Enpass.

I read some reviews that Keepass and it's various branches were not user friendly.... etc. and if you're going to use keepass it should be keepass2.

I ended up using Enpass - https://www.enpass.io it's the most like lasspass that I have seen and it's free for desktop and only $10 a month for your phone.

I've read the reviews and even though it's not open source and hasn't been audited by a third party it's still in my opinion the best PW manager for online and offline use, plus it's web browser integration is seamless.

One big plus for me with all the good things about it, is that once I install it it's completely my own and doesn't talk to the home base and I did not have to register to use it.
Whatever works for you, use it. I've been using KeePass for years and found it not that difficult to set up and use. It's very flexible and quick once you figure it out - there is a learning curve, however.

Locked