[dleibovic]

All of your LastPass browser extensions should be updated to version 4.1.44 or higher

On firefox, the version I'm using is still 3.3.4, which is the version available from the mozilla addon store: https://addons.mozilla.org/en-US/firefox/addon/lastpass-pass...

Why the discrepancy? Am I still vulnerable? In their blog post, they even note:

We want to thank our partners at Apple, Google, Microsoft, Mozilla, Opera, Yandex and others who fast-tracked our extension review and release.

[taviso]

I believe you have to switch to the "beta" channel, because 3.3.x is deprecated.

imho, you should do this urgently.

https://addons.mozilla.org/en-Us/firefox/addon/lastpass-pass...

https://blog.lastpass.com/2017/03/plans-to-retire-the-lastpa...

[Steeeve]

I've been trying out lastpass for a few weeks. I downloaded the extension that their website directed me to. Because of this discussion, I did a version check and lo and behold, it defaults to NOT auto-update.

Luckily I've been using it only for a few unimportant sites. They've had two security issues disclosed since I started my trial. I'm impressed with the functionality. I'm decidedly unimpressed with the security experience.

[Nexxxeh]

I am a heavy LastPass user, but I've stopped using the browser plugins, and just copy and paste into my browser (or look up on my phone and manually type on my laptop/desktop). C&P'ing is also a bit risky as LP seems to lack a clear clipboard option on Android.

I have a month left on my paid subscription. I think I'll be leaving for a competing product shortly.

[mistermann]

Have you made a decision, cuz I'm a new LastPass user and to me I find it clunky (not to mention it causes constant mouse flickering at times).

[Nexxxeh]

Not yet. I'm thinking of trying 1Password or something KeePassX-based, maybe with Google Drive or Dropbox for the syncing.

[noja]

If they take security seriously they will stop distributing their addon from their website, update the deprecated version from the addon store, and start behaving like a company that has access to every single password their customers have.

[singularity2001]

That's what did it for me. switching right now

[kosma]

I just realized I'm running on 3.x.x too, there was no update notification. If that's how this company treats security, then this is game over for me. I've been planning to switch to 1Password for a long time; seems like the time is now.

[mistermann]

On IE, apparently I'm running 2.0.0.0 and it's not at all clear to me how to upgrade. Sigh.

[SubiculumCode]

Go to last pass website, install from there I think.