LastPass 4.0 is out introducing big changes
The LastPass team has released the first big update of the popular online password manager since the acquisition of the company by LogMeIn.
LastPass 4.0 has been released for all platforms the password manager is available on, and existing users will notice immediately that the new version introduces a new look and feel.
According to the company, the new LastPass is more modern than before. The vault interface, browser extension menus and the web vault accessible on the company website have all been redesigned by the team.
LastPass users who prefer the old layout can switch back to it for the time being by clicking on the profile icon and using the "toggle LastPass 3.0" switch. While that is a possibility for now, it won't be a permanent option as the team plans to remove the feature over the next months.
LastPass 4.0
The company plans to push out automatic updates for all supported user types (Free, Premium and Enterprise), on all systems in the coming weeks.
In a nutshell, LastPass 4.0 is more modern. We redesigned the vault, the browser extension menus, and the web vault at LastPass.com. LastPass is faster, more intuitive, and more approachable for current and new users.
LastPass users who don't want to wait this long to get the update can visit the official download page on the company website to download the latest version manually to their devices. It seems however right now that at least some versions have not been updated yet on the download page.
The redesign is without doubt the center piece of LastPass 4.0 but it is not the only change.
The Emergency Access feature has been designed to provide friends, family members and trusted third-parties with an option to access a user's LastPass vault.
Users need to add people to a trust list first before the feature becomes available. A waiting period is set up automatically which defines the time trusted users need to wait before they can access passwords and notes.
The owner of the account may decline requests at any time during the wait period ensuring that trusted people don't access the vault without need.
LastPass has not revealed exactly how the feature works. Considering that a user's master password is required to access the data, it is unclear right now how others would gain access to a user's vault without it.
The company reveals how the feature works.
How is Emergency Access secure? When you set up Emergency Access, your vault is encrypted locally and then synced with LastPass. LastPass stores the encrypted data until it’s released after the waiting period you specify, and only the Emergency Access contact has the key to be able to decrypt and access your vault. It’s inaccessible to LastPass, and to other outside parties.
The company released an additional document highlighting how the feature works in detail. Basically, it appears as if the vault is secured using the "trusted contact's" public key but not released to the contact directly but stored by LastPass instead. The data is made available to the contact after the "wait period" is over.
The new sharing center is another improvement, if you share passwords or other data with others regularly. Instead of having to email or text passwords, you can simply share passwords with others from within LastPass.
You’ll see tabs for items that you’re sharing with others, for items that others are sharing with you, and for Shared Folders. In each tab, you can review who has access to which passwords or notes, share new items, or remove someone’s access at any time. Plus, you can check if someone’s received the password you shared with them, and remind them if they haven’t accepted it.
Now You: Are you a LastPass user? What's your take on the update?
“Considering that a user’s master password is required to access the data, it is unclear right now how others would gain access to a user’s vault without it.”
Doesn’t sound that the service is safe. I.e. it doesn’t have client-side encryption.
hate the new layout and am looking for another password keeper!
That’s a bit unfair, in the lastpass blog they explain “When you set up Emergency Access, your vault is encrypted locally and then synced with LastPass. LastPass stores the encrypted data until it’s released after the waiting period you specify, and only the Emergency Access contact has the key to be able to decrypt and access your vault. It’s inaccessible to LastPass, and to other outside parties.” https://blog.lastpass.com/2016/01/introducing-lastpass-4-0.html/
And provide further details in the FAQ https://helpdesk.lastpass.com/emergency-access/ “LastPass uses public-private key cryptography with RSA-2048 to allow users to share the key to their vault with trusted parties, without ever passing that information in an unencrypted format to LastPass. When Emergency Access is activated, each user has a pair of cryptographic keys – a public key to allow others to encrypt data for the user, and a private key that allows the user to decrypt the data that others have encrypted for them.” … and that’s only part of the details.
And if you really don’t like it (or want it) just don’t use this feature, and nothing changes from the original setup.
So I really think they have gone to a lot of trouble to explain how it works, and how secure it is.
It seems that they have updated the article to provide additional information about the feature. Thanks, I’ll update the article.
“LastPass 4.0 has been released for all platforms the password manager is available on”
Not for Firefox, at least not for me. Still at v. 3.2 here. I even tried to force add-on updates and it found nothing. I went to the FF add-on store and it only shows version 3.2.42.
edit: nevermind, I guess. I see your article goes on to say it will be pushed out “in the coming weeks”
To me, “released for all platforms” and “pushed out in the coming weeks” mean two very different things.
FYI – Earlier today, I ran Firefox’s check for add-on updates and it updated LastPass to v4. Restart of FF required.
V4 didn’t pass the AMO review process yet so it hasn’t updated for me yet. I am just using official Firefox build which I believe won’t install or allow anything that not greenlighted by AMO.
Same, 3.2.42 is the version I got upon running an update check and a restart afterward.
When I tried to set the Emergency Access feature, I entered the email address of my brother, but then got the message:
“You can only share data with other LastPass members. The following users are currently not LastPass members.
Would you like us to send them an email inviting them to join LastPass?”
I do not know about the rest of you, but I am NOT going to be turned into a shill for LastPass and allow it to force me to “Invite” him to get LastPass. It has nothing to do with whether or not I like LP (I do), but it’s just too much chutzpah a la Windows 10 notifications for me. Just me, I suppose.
I can see the new look & feel if I navigate to https://lastpass.com/?ac=1&view=emergencyAccess but I still have the previous version installed and no trace of it on the official Firefox add-ons channel
Be grateful. The new interface on the PC is terrible. Wait for them to fix it before you try and load the new version. The user forums are blowing up with complaints on the UI and wasted space.
I just want to go back to the simple menu, not 4.0
Dashlane forever! Amazing GUI. I love that!!
I got the new version by uninstalling LastPass in one browser, then reinstalling it. Having seen the new version, I will be staying with the old version for as long as possible. To me, the new layout is less convenient than the old. There’s more wasted space, which means scrolling to find things that used to all be visible at once, and they’ve changed the colors around so that instead of black text on a white or light grey background, they have grey text on a lighter or darker grey background, which makes it less distinct and therefore harder to read. I could go on with things I don’t like about it, but you get the idea.
I don’t know if you’ve noticed but at this point (1/9/2016) there are 17 pages of feedback on the Lastpass forum’s v.4 announcement – and I’d estimate that 99% of it is overwhelmingly and stridently negative about the v4 update.
“LastPass 4.0 Is Here”
https://forums.lastpass.com/viewtopic.php?f=6&t=194245
I have four browsers on my computer (PaleMoon, Firefox, Opera, and IE) plus LastPass on my Android tablet and phone. As far as I can tell, I have not gotten any version 4 update. And from what I’ve seen from their video and read here, I’m thankful that they haven’t found me yet. I’m not interested in having less information per page so that the page can accommodate icons and other company graphics, and I’m certainly not happy about the colors used for text being less easily read than before. I’ve been a loyal LastPass premium member for years. I hope I don’t have to reconsider that choice.
Most browsers will auto-update their extensions.
And Lastpass has said they’re doing rolling updates, not all at the same time.
To revert back, this is from the Lastpass v4 announcement :
Quote/
There is an option to switch back to the old version’s interface. That option is available in the upper right hand corner of your vault. If you require further instructions, they are available in the blog post announcing version 4.0:
https://blog.lastpass.com/2016/01/introducing-lastpass-4-0.html/
Keep in mind that you can only switch back with the extension interface (LastPass icon > My LastPass Vault), not the web interface.
/Quote
Not compatible with Pale Moon any more. Waiting for a fix or will have to switch to another password manager.
I installed LastPass 4.0 this morning and I already hate it.
Why they changed a layout that was familiar to users makes no sense, and it was much easier to navigate.
This new version is a frustrating PITA and I’m already looking for an alternative unless I can revert to the previous one that worked just fine.
I wish these software folks would stop fixing things that aren’t broken!
Denny,
Choose “Compact view” then the magnifying glass icon which will condense it even more.
Fairly usable then.
I agree though – they just tried to extract more eye candy out of something that already worked perfectly fine.
The way development is going now, it’s pretty much kids trying to be trendy for their presumed peers, without any focus groups or testing on actual users.
“LastPass users who prefer the old layout can switch back to it for the time being by clicking on the profile icon and using the “toggle LastPass 3.0″ switch. While that is a possibility for now, it won’t be a permanent option as the team plans to remove the feature over the next months.”
So much for “months”, as it seems they’ve already removed this feature. At least I don’t have the ability. And the new version of the website (I’m not using the plugin) is very bloated, slowing my browser to a crawl. And my vault won’t load at first, requiring me to reload the page and login again. And then after opening the page (and even after closing it), I can’t copy and text or fill in any forms, etc in any other tabs in my browser until I close/reopen the browser. I’m using K-meleon.
The usability and user interface of 4.0 is horrid in my opinion. I don’t even know where to begin. Trying to use it as an IT company, and the closest thing to being able to do that is just adding a ‘secure note’ which is a completely stripped down single field with no where to store passwords, URL’s, etc. I’d like to use it for storing things other than passwords to websites, but it absolutely sucks for that purpose. The user interface, ways and means to navigate password groups etc is just plan awful. Spend some money and hire UX consultants to make this a decent product. There is a HUGE market for a good password keeper for IT companies. I truly don’t understand how people stomach LastPass.
LP works just fine until you decide to get a new computer, a new motherboard, or a higher capacity hard drive. If you do one of those, you will instantly loose access to your password vault, and no way to recover it. If you choose to remain with LP, you will be required to delete your account and start all over again. This implies that you will have a backup of all your usernames and passwords. So what is the point of a manager if you need a backup somewhere?
@Steve
What ? it doesn’t sound like you’re talking about LP actually.
I don’t like the new version, but for what you’re talking about, LP is an online password manager – your vault is stored on their servers, not on your local drive.
All you need is to remember your master password to access it online – which you can do from any computer, anywhere, and then you can use it offline if you set that up, and that’s what you want to do.
But it’s not tied to any particular hardware, and not stored on your local drive as the primary store of your passwords.
Did you forget your master password or something ? I’m not sure I understand the bind you’re in.