LastPass provides a safer online experience that helps protect your identity by allowing you to create unique, complex passwords for all of your sites, in addition to securely storing this information using local encryption. You then only have to remember a single strong password, your LastPass Master Password.
However, LastPass knows that one size does not fit all when balancing security and ease of use, so we allow you to decide by providing a full range of security options. The default values chosen will certainly not satisfy everyone and we strongly encourage you to review the settings in both your Extension Preferences and your Account Settings shortly after creating your account.
Localized Security Options
Logoff when browser is closed: This option controls if LastPass will automatically logoff when you close your browser. If selected, you will have to explicitly log in and provide your LastPass Master Password after a browser restart. It is currently defaulted to unselected, but can be managed via your Extension Preferences.
Logoff after idle: If you want LastPass to logoff after the computer has been idle (no mouse or keyboard activity) after a predefined amount of time, select this option in your Extension Preferences. This setting is unchecked by default.
Require Password Reprompt: If you want to protect a particular site, Secure Note, or Form Fill Profile so that any access using the information stored in LastPass requires your Master Password, you can click this checkbox after launching the Edit window for the entry. This provides very specified control of individual sites, such as a bank login, where you may want additional security. Please note reprompt is not as strong as logging off, we’d recommend utilizing the above logoff options to fully protect your data
Clear Clipboard after use: When using LastPass’s menu items to copy a username or password, this option controls how long they will stay on the clipboard before being automatically cleared. This option is defaulted to on in Firefox and IE only, in the Advanced tab of your Extension Preferences.
Global Security Options
Website auto-logoff timeout: This option, which can be managed from your Account Settings on the General tab, controls how long your session exists on the server, allowing you to automatically log in when using the plugin. This assumes that your session does not get destroyed by methods such as explicitly logging out or closing the browser when ‘Logoff when browser is closed’ is set.
Prompt for Master Password when: Global setting that controls if Master Password must be entered when performing tasks such as logging into a site, editing a site, viewing passwords, editing a Form Fill Profile, etc. You can manage these preferences in the Security tab of your Account Settings. Checking one of these boxes will apply the action to every site, secure note, or form fill profile that you have. If you want more granular control, use the Require Password Reprompt method described above.
Kill other sessions on login: If you leave your browser session open and polling is enabled, you’ll be logged out of the other session. If your browser session is closed, but you leave yourself logged into LastPass, this can also be helpful (e.g., your browser is closed at work, and you login from home with this setting enabled, you will be required to login the next time you open up your browser at work). You can enable this setting in the General tab of your Account Settings; the setting is disabled by default. You must have ‘polling’ enabled in the plugins to be effective; you can verify that it is by going to the Advanced tab of your Extension Preferences.
Send password change emails: Alerts you via email if your LastPass account email address or Master Password has been changed, or if any of your sites’ usernames or passwords have been changed in LastPass. You can manage these settings in the Security tab of your Account Settings.
Additional Security Options
LastPass also provides additional features for further layers of authentication to protect against keyloggers and other security threats, including:
Multifactor Authentication Options
Multifactor authentication refers to a device that can be enabled for use with your LastPass account, and requires a second step before you can gain access to your account. Multifactor authentication devices help protect your account from keyloggers and other threats – even if your master password were captured, someone would be unable to gain access to your account without this second form of authentication. LastPass offers several multifactor options, including: