Signing on Tom's Hardware still problematic with LastPass

[MotleyCrew]

I started seeing a bizarre problem with signing on Tom's Hardware (I use LastPass). LastPass would automatically populate the username and password fields and I would click the Sign In button. For some reason, the Sign In would fail and take me back to the Sign In screen. Only now the Sign In button would be greyed out, even if I manually entered the username and password...the button was deactivated.
Searching here, I found others have had similar experiences with LastPass and Tom's Hardware. I checked the "form fields" LastPass saved to my Tom's Hardware entry. It was a hot mess of username, password and email fields. Deleting the Tom's Hardware entry in LastPass and allowing LastPass to recapture my credentials while signing in manually worked. Now I can let LastPass autofill the username and password fields again. Looking at the HTML code behind Tom's Hardware sign on screen, I'm amazed LastPass works with Tom's Hardware sign on screen at all! Things like id and name attributes for the sign in input fields appear to be dynamically generated.
Could you guys clean this up and fix it, please? This is likely to cause problems for users of most password vaults (DashLane, PasswordBox, RoboForm, 1Password, etc.), not only LastPass users.
Tom's Hardware sign on problems with LastPass were first reported several years ago.

Thank you!

 

[jpishgar]

From another user with the LastPass issue:

"I finally figured out what was going on. I believe I had checked "automatically login" in LastPass. This is where the problem started. It wasn't the actual password - it did something that Tom's Hardware site didn't like....I had to utilize CCleaner to wipe all cookies and temp files, remove the password completely from LastPass, then create a new password.

After all of that was done, I was able to log in, eventually saving the password with LastPass"

Tom's does quite a bit with registration and logins to prevent spam attacks. Try the above and let us know if it works for you.

-JP

 

[MotleyCrew]

I believe I had checked "automatically login" in LastPass. This is where the problem started. ...remove the password completely from LastPass, then create a new password.

Tom's does quite a bit with registration and logins to prevent spam attacks. Try the above and let us know if it works for you.

-JP

I don't think the CCleaner and cookie/temp file clearing was necessary. "Removing the password" (account entry for Tom's Hardware) from LastPass and allowing LastPass to re-capture my credentials the next time I logged on was all that was required.
I don't use LastPass autologin, only autofill. Meaning if I'm logged into LastPass, my LastPass extension will automatically populate the sign in form, I only need to click the sign in button. Sounds like the other user was taking it a step further and using LastPass to automatically sign in.

I get the thing with registration and spam/bots. But I'm not convinced randomly/dynamically-generated id and/or name attributes are the best solution or truly help.

 

[f-14]

i believe last pass was compromised by malware vendors/hackers last i knew last pass users were told to remove the program from their computers as lastpass had no fix, but that was over a year ago, who knows know.

 

[randomizer]

I don't use LastPass autologin, only autofill.

If it autofills anything but the username and password the login will fail. Everything else is there as a honeypot of sorts.

i believe last pass was compromised by malware vendors/hackers last i knew last pass users were told to remove the program from their computers as lastpass had no fix, but that was over a year ago, who knows know.

Lastpass was compromised. It was a non-issue though.

 

[MotleyCrew]

i believe last pass was compromised by malware vendors/hackers last i knew last pass users were told to remove the program from their computers as lastpass had no fix, but that was over a year ago, who knows know.

Please check your sources before spewing nonsense. Like all sufficiently complex software/systems, LastPass is not bug or vulnerability free. In May 2011, LastPass announced that they may have experienced a security breach. Even if crackers managed to gain access to LastPass users' vault data, they would need to brute-force (guess) the user's master password to access the user's unencrypted data (account logins, etc.). <mod edit>

Check out this 2013 article that mentions password management solutions selected by some key people in the security/cryptography arena (hint: LastPass is on the list).

Also see this post on some detail of LastPass Security.

Care to share your source for the recommendation to "remove LastPass because of some unfixable vulnerability"? Right. I don't think you will find it. I have yet to see one impartial, objective recommendation to ditch LastPass over security concerns.

 

[MotleyCrew]

If it autofills anything but the username and password the login will fail. Everything else is there as a honeypot of sorts.

LastPass apparently captures three fields for my Tom's Hardware login.

Obviously a username field, a password field, and the third field with the blank value is presumably a honeypot field. So it appears LastPass doesn't attempt to populate/autofill that field. When I was experiencing the difficulty with signing on, the form fields list in my LastPass entry for Tom's Hardware showed something like 12 fields (instead of 3 as in the screenshot above), with the username, password and blank/honeypot fields each repeated several times, but with different field name values. I still think the problem is with the apparently dynamically-generated name/id attributes (values obscured in the screenshot above) on the sign in form input fields. The honeypot field doesn't seem to be a problem.