For When You Can't Have The Real Thing
[ start | index | login ]
start > Lastpass Users Beware

Lastpass Users Beware

Created by dave. Last edited by dave, 4 years and 153 days ago. Viewed 1,052 times. #1
[edit] [rdf]

By default Lastpass will be set to pre-populate username and password fields with login information if it recognizes the site and has credentials.

Most of the time, this is in fact what you want.


If you were to, say, go to a Fortigate that you have the credentials in Lastpass for, then go to the Network -> Interfaces -> WAN{x} page… if that interface is a PPPoE interface, Lastpass will stick your firewall login credentials into the PPPoE username/password fields. So if you were to make an unrelated change, say enable/disable an admin service on the interface, and then click OK…

Pow, you’ve just clobbered the PPPoE credentials and the site is offline. And yeah I know that this happens because I did it this week.

So for your own protection I highly recommend that you go to the Lastpass Options (chrome: right-click on the Lastpass icon in the top right, select Options), and make sure that Automatically Fill Login Information is cleared. It means you have to add two clicks to each login, but that’s better than accidentally clobbering things with inappropriate credentials.


no comments | post comment
This is a collection of techical information, much of it learned the hard way. Consider it a lab book or a /info directory. I doubt much of it will be of use to anyone else.

Useful: | Copyright 2000-2002 Matthias L. Jugel and Stephan J. Schmidt