I just went into my old lastpass account to try and wind down the account, delete everything, and then close the account.
No option to "select all" in the list so I resorted to clicking the check box on by one down the page. I accidentally slightly clicked outside a check box... guess what? Everything gets deselected.
Start over.
Ok start again, maybe I want to list in alphabetical order rather than group by category to minimise mistakes. Whoops, selecting that option deselects everything in the list.
300 odd deleted in batches of 30-40.
When a company's whole application is covered in anti-patterns and dark UX to make it as hard as possible to leave then companies like this deserve to die.
Deleting the account is a bit tricky too.
1. Go into account settings in the top right drop down
2. In the Links area click on "My Account" which spawns a new browser window
3. Click the red "Delete or Reset Account", you can't miss all the red buttons
4. You can either reset your account or delete, choose delete
5. A modal will appear telling you stuff, enter your master pw, a reason why your leaving and then click delete
6. You will be asked twice if you really really want to do this
7. Press ok
I also did not have a "Select all" box but was able to check the first entry, scroll down, hold shift, and check the last box which then selected all items in between. So I removed all of 600 of my accounts in about 20 seconds. Hope this helps someone.
Shift+Click to select a range is so second nature by now I don’t think it would have occurred to me to look for (or on the flip side, create) a dedicated “all” button.
Just me of course but I don't think I'd guess that without certain UI cues. With checkboxes for eg I wouldn't even think of shift clicking. Not disagreeing, just thinking aloud :)
For me it’s second nature in desktop applications and file management, but I never assume that the any specific web dev has added it. (And tbh: I have less and less confidence in web code in general.)
Shouldn't be a second nature, that is a good old well known useful pattern like right click for context menu, very essential.
Even if new methods are coined by some local reasons old and generic ones should be remembered to avoid the hopeless chaos the UX partisans push us into nowadays, doing things differently for the sole sake of doing differently.
I don't think that's dark UX, it's just shitty UI design. What bugs me the most about LastPass is how it tries to be so damned helpful and offers to fill in credentials on sites that they clearly don't belong to, or offers to save credentials on a site where I alredy clicked "don't save" 1000 times, no really, I don't want to save my private passwords in my company vault thank you very much, why the f$%& don't you have a "don't bug me again" checkbox in this sh*$$y popup?!
BTW, if you're exporting your data, check that it's all there. I had the unpleasant experience of noticing Lastpass either has a buggy implementation or intentionally giving an incomplete export. I ended up needing to manually copy credentials over one by one.
It is a little weird — I vaguely recall that the sort of “diplomatic” answer about password managers has been for a while something like “well, you should use keepass and just keep things local, but if you want to ease of use, lastpass is not too bad.” So that went right out the window I guess.
I mostly use keepass, but for some accounts I don’t really care about I’ve started using the built in Firefox/iOS stuff. Giving that a second thought about now…
You need to compare the URLs at least for equality in order to resolve conflicts, which is most straightforwardly done server-side. You could maybe do some sort of content-defined encryption to them, but I’m not sure how useful that would be. So storing the URLs in the clear is unfortunate but not inherently dumb.
(As to how KeePass implementations deal with this problem when on top of a single synced file: they mostly don’t, data loss on conflict is not uncommon[1].)
“The threat actor was also able to copy a backup of customer vault data from the encrypted storage container which is stored in a proprietary binary format that contains both unencrypted data, such as website URLs …”
I wasn't commenting on the security implications. My point was that bleeding implementation details like .php in your URLs is silly because that URL might end up being served by a Node app one day.
But on the security point, a URL ending in .php does imply a "we just YOLO'd a bunch of bare scripts into the webroot" application architecture, which is not confidence inspiring as a user and sure looks attractive to pentest.
A URI ending in .php is not cool (never was), and this advice is most important for content (articles etc.), not necessarily for account management pages.
That's how I did the last one hundred or so in the end too. Someone also said shift click works to select everything as well, I tried it but it didn't work for me in Safari.
Just deleting the account won't solve the issue anyway.
I am resetting all the passwords for all my accounts. It's super annoying and it will days for me to reset all the passwords. But thankfully I have MFA for all important stuff.
No option to "select all" in the list so I resorted to clicking the check box on by one down the page. I accidentally slightly clicked outside a check box... guess what? Everything gets deselected.
Start over.
Ok start again, maybe I want to list in alphabetical order rather than group by category to minimise mistakes. Whoops, selecting that option deselects everything in the list.
300 odd deleted in batches of 30-40.
When a company's whole application is covered in anti-patterns and dark UX to make it as hard as possible to leave then companies like this deserve to die.
Deleting the account is a bit tricky too.
1. Go into account settings in the top right drop down 2. In the Links area click on "My Account" which spawns a new browser window 3. Click the red "Delete or Reset Account", you can't miss all the red buttons 4. You can either reset your account or delete, choose delete 5. A modal will appear telling you stuff, enter your master pw, a reason why your leaving and then click delete 6. You will be asked twice if you really really want to do this 7. Press ok