LastPass 4.0 is out introducing big changes - gHacks Tech News

LastPass 4.0 is out introducing big changes

The LastPass team has released the first big update of the popular online password manager since the acquisition of the company by LogMeIn.

LastPass 4.0 has been released for all platforms the password manager is available on, and existing users will notice immediately that the new version introduces a new look and feel.

According to the company, the new LastPass is more modern than before. The vault interface, browser extension menus and the web vault accessible on the company website have all been redesigned by the team.

LastPass users who prefer the old layout can switch back to it for the time being by clicking on the profile icon and using the "toggle LastPass 3.0" switch. While that is a possibility for now, it won't be a permanent option as the team plans to remove the feature over the next months.

LastPass 4.0

The company plans to push out automatic updates for all supported user types (Free, Premium and Enterprise), on all systems in the coming weeks.

In a nutshell, LastPass 4.0 is more modern. We redesigned the vault, the browser extension menus, and the web vault at LastPass.com. LastPass is faster, more intuitive, and more approachable for current and new users.

lastpass 4.0

LastPass users who don't want to wait this long to get the update can visit the official download page on the company website to download the latest version manually to their devices. It seems however right now that at least some versions have not been updated yet on the download page.

The redesign is without doubt the center piece of LastPass 4.0 but it is not the only change.

The Emergency Access feature has been designed to provide friends, family members and trusted third-parties with an option to access a user's LastPass vault.

Users need to add people to a trust list first before the feature becomes available. A waiting period is set up automatically which defines the time trusted users need to wait before they can access passwords and notes.

The owner of the account may decline requests at any time during the wait period ensuring that trusted people don't access the vault without need.

LastPass has not revealed exactly how the feature works. Considering that a user's master password is required to access the data, it is unclear right now how others would gain access to a user's vault without it.

The company reveals how the feature works.

How is Emergency Access secure? When you set up Emergency Access, your vault is encrypted locally and then synced with LastPass. LastPass stores the encrypted data until it’s released after the waiting period you specify, and only the Emergency Access contact has the key to be able to decrypt and access your vault. It’s inaccessible to LastPass, and to other outside parties.

The company released an additional document highlighting how the feature works in detail. Basically, it appears as if the vault is secured using the "trusted contact's" public key but not released to the contact directly but stored by LastPass instead. The data is made available to the contact after the "wait period" is over.

Emergency Access

The new sharing center is another improvement, if you share passwords or other data with others regularly. Instead of having to email or text passwords, you can simply share passwords with others from within LastPass.

You’ll see tabs for items that you’re sharing with others, for items that others are sharing with you, and for Shared Folders. In each tab, you can review who has access to which passwords or notes, share new items, or remove someone’s access at any time. Plus, you can check if someone’s received the password you shared with them, and remind them if they haven’t accepted it.

Now You: Are you a LastPass user? What's your take on the update?

Summary
LastPass 4.0 is out introducing big changes
Article Name
LastPass 4.0 is out introducing big changes
Description
LastPass 4.0 has been released. The new version of the password manager introduces a redesign, and new features such as Emergency Access.
Author
Publisher
Ghacks Technology News
Logo




  • We need your help

    Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

    We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.

    If you like our content, and would like to help, please consider making a contribution:

    Comments

    1. Pete said on January 5, 2016 at 5:28 pm
      Reply

      “Considering that a user’s master password is required to access the data, it is unclear right now how others would gain access to a user’s vault without it.”

      Doesn’t sound that the service is safe. I.e. it doesn’t have client-side encryption.

      1. SG said on January 7, 2016 at 11:23 pm
        Reply

        hate the new layout and am looking for another password keeper!

    2. Matt said on January 5, 2016 at 5:39 pm
      Reply

      That’s a bit unfair, in the lastpass blog they explain “When you set up Emergency Access, your vault is encrypted locally and then synced with LastPass. LastPass stores the encrypted data until it’s released after the waiting period you specify, and only the Emergency Access contact has the key to be able to decrypt and access your vault. It’s inaccessible to LastPass, and to other outside parties.” https://blog.lastpass.com/2016/01/introducing-lastpass-4-0.html/

      And provide further details in the FAQ https://helpdesk.lastpass.com/emergency-access/ “LastPass uses public-private key cryptography with RSA-2048 to allow users to share the key to their vault with trusted parties, without ever passing that information in an unencrypted format to LastPass. When Emergency Access is activated, each user has a pair of cryptographic keys – a public key to allow others to encrypt data for the user, and a private key that allows the user to decrypt the data that others have encrypted for them.” … and that’s only part of the details.

      And if you really don’t like it (or want it) just don’t use this feature, and nothing changes from the original setup.

      So I really think they have gone to a lot of trouble to explain how it works, and how secure it is.

      1. Martin Brinkmann said on January 5, 2016 at 5:52 pm
        Reply

        It seems that they have updated the article to provide additional information about the feature. Thanks, I’ll update the article.

    3. Jeff said on January 5, 2016 at 6:23 pm
      Reply

      “LastPass 4.0 has been released for all platforms the password manager is available on”

      Not for Firefox, at least not for me. Still at v. 3.2 here. I even tried to force add-on updates and it found nothing. I went to the FF add-on store and it only shows version 3.2.42.

      edit: nevermind, I guess. I see your article goes on to say it will be pushed out “in the coming weeks”

      To me, “released for all platforms” and “pushed out in the coming weeks” mean two very different things.

      1. Richard said on January 5, 2016 at 6:55 pm
        Reply

        FYI – Earlier today, I ran Firefox’s check for add-on updates and it updated LastPass to v4. Restart of FF required.

        1. Neal said on January 5, 2016 at 11:11 pm
          Reply

          V4 didn’t pass the AMO review process yet so it hasn’t updated for me yet. I am just using official Firefox build which I believe won’t install or allow anything that not greenlighted by AMO.

      2. Chains The Bounty Hunter said on January 6, 2016 at 7:46 am
        Reply

        Same, 3.2.42 is the version I got upon running an update check and a restart afterward.

    4. Jim said on January 6, 2016 at 6:30 am
      Reply

      When I tried to set the Emergency Access feature, I entered the email address of my brother, but then got the message:

      “You can only share data with other LastPass members. The following users are currently not LastPass members.
      Would you like us to send them an email inviting them to join LastPass?”

      I do not know about the rest of you, but I am NOT going to be turned into a shill for LastPass and allow it to force me to “Invite” him to get LastPass. It has nothing to do with whether or not I like LP (I do), but it’s just too much chutzpah a la Windows 10 notifications for me. Just me, I suppose.

    5. Marco said on January 6, 2016 at 2:29 pm
      Reply

      I can see the new look & feel if I navigate to https://lastpass.com/?ac=1&view=emergencyAccess but I still have the previous version installed and no trace of it on the official Firefox add-ons channel

      1. lost_boy said on January 6, 2016 at 7:59 pm
        Reply

        Be grateful. The new interface on the PC is terrible. Wait for them to fix it before you try and load the new version. The user forums are blowing up with complaints on the UI and wasted space.

        1. earl said on February 5, 2017 at 1:14 pm
          Reply

          I just want to go back to the simple menu, not 4.0

    6. Sarangan said on January 6, 2016 at 8:26 pm
      Reply

      Dashlane forever! Amazing GUI. I love that!!

    7. Paddleless said on January 6, 2016 at 8:40 pm
      Reply

      I got the new version by uninstalling LastPass in one browser, then reinstalling it. Having seen the new version, I will be staying with the old version for as long as possible. To me, the new layout is less convenient than the old. There’s more wasted space, which means scrolling to find things that used to all be visible at once, and they’ve changed the colors around so that instead of black text on a white or light grey background, they have grey text on a lighter or darker grey background, which makes it less distinct and therefore harder to read. I could go on with things I don’t like about it, but you get the idea.

    8. Kbarb said on January 9, 2016 at 9:27 pm
      Reply

      I don’t know if you’ve noticed but at this point (1/9/2016) there are 17 pages of feedback on the Lastpass forum’s v.4 announcement – and I’d estimate that 99% of it is overwhelmingly and stridently negative about the v4 update.

      “LastPass 4.0 Is Here”
      https://forums.lastpass.com/viewtopic.php?f=6&t=194245

    9. cyberfou said on January 9, 2016 at 10:45 pm
      Reply

      I have four browsers on my computer (PaleMoon, Firefox, Opera, and IE) plus LastPass on my Android tablet and phone. As far as I can tell, I have not gotten any version 4 update. And from what I’ve seen from their video and read here, I’m thankful that they haven’t found me yet. I’m not interested in having less information per page so that the page can accommodate icons and other company graphics, and I’m certainly not happy about the colors used for text being less easily read than before. I’ve been a loyal LastPass premium member for years. I hope I don’t have to reconsider that choice.

      1. Kbarb said on January 10, 2016 at 10:24 pm
        Reply

        Most browsers will auto-update their extensions.
        And Lastpass has said they’re doing rolling updates, not all at the same time.

        To revert back, this is from the Lastpass v4 announcement :

        Quote/
        There is an option to switch back to the old version’s interface. That option is available in the upper right hand corner of your vault. If you require further instructions, they are available in the blog post announcing version 4.0:
        https://blog.lastpass.com/2016/01/introducing-lastpass-4-0.html/

        Keep in mind that you can only switch back with the extension interface (LastPass icon > My LastPass Vault), not the web interface.
        /Quote

    10. George said on January 17, 2016 at 2:10 am
      Reply

      Not compatible with Pale Moon any more. Waiting for a fix or will have to switch to another password manager.

    11. Denny said on January 17, 2016 at 9:41 pm
      Reply

      I installed LastPass 4.0 this morning and I already hate it.
      Why they changed a layout that was familiar to users makes no sense, and it was much easier to navigate.
      This new version is a frustrating PITA and I’m already looking for an alternative unless I can revert to the previous one that worked just fine.
      I wish these software folks would stop fixing things that aren’t broken!

    12. Kbarb said on January 18, 2016 at 1:03 am
      Reply

      Denny,

      Choose “Compact view” then the magnifying glass icon which will condense it even more.
      Fairly usable then.
      I agree though – they just tried to extract more eye candy out of something that already worked perfectly fine.

      The way development is going now, it’s pretty much kids trying to be trendy for their presumed peers, without any focus groups or testing on actual users.

    13. Brian said on January 20, 2016 at 6:38 pm
      Reply

      “LastPass users who prefer the old layout can switch back to it for the time being by clicking on the profile icon and using the “toggle LastPass 3.0″ switch. While that is a possibility for now, it won’t be a permanent option as the team plans to remove the feature over the next months.”

      So much for “months”, as it seems they’ve already removed this feature. At least I don’t have the ability. And the new version of the website (I’m not using the plugin) is very bloated, slowing my browser to a crawl. And my vault won’t load at first, requiring me to reload the page and login again. And then after opening the page (and even after closing it), I can’t copy and text or fill in any forms, etc in any other tabs in my browser until I close/reopen the browser. I’m using K-meleon.

    14. Chris H said on May 20, 2016 at 11:44 pm
      Reply

      The usability and user interface of 4.0 is horrid in my opinion. I don’t even know where to begin. Trying to use it as an IT company, and the closest thing to being able to do that is just adding a ‘secure note’ which is a completely stripped down single field with no where to store passwords, URL’s, etc. I’d like to use it for storing things other than passwords to websites, but it absolutely sucks for that purpose. The user interface, ways and means to navigate password groups etc is just plan awful. Spend some money and hire UX consultants to make this a decent product. There is a HUGE market for a good password keeper for IT companies. I truly don’t understand how people stomach LastPass.

    15. steve said on June 7, 2016 at 4:53 pm
      Reply

      LP works just fine until you decide to get a new computer, a new motherboard, or a higher capacity hard drive. If you do one of those, you will instantly loose access to your password vault, and no way to recover it. If you choose to remain with LP, you will be required to delete your account and start all over again. This implies that you will have a backup of all your usernames and passwords. So what is the point of a manager if you need a backup somewhere?

    16. Kent said on June 7, 2016 at 6:03 pm
      Reply

      @Steve

      What ? it doesn’t sound like you’re talking about LP actually.
      I don’t like the new version, but for what you’re talking about, LP is an online password manager – your vault is stored on their servers, not on your local drive.

      All you need is to remember your master password to access it online – which you can do from any computer, anywhere, and then you can use it offline if you set that up, and that’s what you want to do.

      But it’s not tied to any particular hardware, and not stored on your local drive as the primary store of your passwords.
      Did you forget your master password or something ? I’m not sure I understand the bind you’re in.

    Leave a Reply