This LastPass bug could reveal your password on the MacBook Pro's Touch Bar

This LastPass bug could reveal your password on the MacBook Pro's Touch Bar


If you happen to use LastPass and have the brand new MacBook Pro with the Touch Bar, then we suggest you avoid using the macOS app for the time being. Why? You could be at risk of revealing your master password when logging into the service. In other words, you could accidentally reveal the password to access all your passwords.

And yes, that is very scary news indeed.

First revealed by Twitter user @luke_dot_js, the bug lies with how the LastPass macOS app handles passwords when you log in. Instead of using the native password field in macOS, it appears that LastPass is using a standard text field and masking the characters with bullets.

And because macOS sees it as a text box and not a password field, the Touch Bar will then suggest spelling options or reveal your password.

It should also be added that if you are also a LastPass user who doesn’t have the Touch Bar, TechGeek can confirm that this vulnerability on the macOS app will still affects you. While your password will not show up right away (like on the Touch Bar), right clicking on the text box will reveal your password – as seen in the image below.


Now, before you go jumping ship from LastPass, we should also add that this only affects the macOS desktop application. At the time of writing and according to reports on Twitter, this security flaw does not affect its browser extensions.

LastPass have said on Twitter that their developers have reviewed it and noted that they could “make improvements” – that is, fix the damn security flaw and use the native password field. Hopefully they make the fix as soon as possible.

H/T Chris Morris

Share Tweet Send
You've successfully subscribed to TechGeek
Great! Next, complete checkout for full access to TechGeek
Welcome back! You've successfully signed in
Success! Your account is fully activated, you now have access to all content.