The thing about password managers is that a security issue there tends to be significantly more severe than with most another applications on a device. Even if you all you get is data exfiltration…well, you’re still exfiltrating some pretty fucking important data.
Which is why this story about trackers in LastPass for Android…is less than encouraging.
There’s an infamous notification box from the dark days of Internet Explorer 6 that “warns” the user that they are “about to view pages over a secure connection” — in other words, they get a big security alert when they were about to do something secure.
The problem with this sort of thing should be obvious: it’s training people to either ignore alerts and notifications entirely, or overreact to each one they see. And while that’s more of a UI/UX problem, it’s one with some pretty major implications…both security and otherwise.
Wrote this while bored, figured I’d toss it out there for anyone who cares. Gives you a different Pokemon, and its Pokedex entry, each day. The specific Pokemon is randomly chosen, with the current date as the seed value.
There are probably ways to make it better, but I’m heavily constrained by the JSON that I’m retrieving from pokeapi.co on this one and I don’t feel like putting in the effort.
Apparently the free tier for the LastPass password manager is taking away the ability to use both the desktop and mobile apps. If you want your passwords to be available on both your phone and your computer, you’ll have to start paying. Which I don’t think is a good thing overall. So, I’m going to use this opportunity to scream into the void at LastPass* and pretend they’ll notice, let alone care.
Look, LastPass, I get it. Until we finally usher in the glory that is Fully Automated Luxury Gay Space Communism, you’ll still need to pay your employees so that they can keep themselves in craft beer and fancy pizza. But yanking away features like that unless people pay you isn’t good for anyone long-term. Not if you’re removing those features from a password manager.