LastPass extension doesn't fully work in Purebrowser

I recently bought a Librem 13 v3 and installed Cliqz and LastPass in the Purebrowser. When I click the LastPass icon, the menu is hidden under the main browser window. LastPass logon functionality so far seems to be working.
I considered installing Firefox, but Purism deprecates this and PureOS doesn’t support it in its repositories.
Can anyone else confirm my symptoms and offer me any workarounds or hope of future fix?

This isn’t really going to address your problem and I hope it doesn’t come off as being preachy, but…

I really think it’s best to stay away from browser-associated password managers, especially ones like LastPass that IIRC saves your passwords on their cloud service. Sure they’re encrypted and all, but still - I’m not one to believe in encrypted cloud backups, I think everything should be local encrypted backups.

I usually hold my tongue when around common users as they simply like what they’re used to and don’t really wanna hear me and my tinfoil hat nonsense, but considering this is on the Purism forum, I have to at least leave a plug for KeePass. You generate and keep your passwords in it, and use copy/paste to paste them in. You can use it to have insanely strong and different passwords for every site you use. I first look-up a site’s password limits (sometimes it takes a guess, or trial-and-error) and then generate.

I’ve learned to appreciate sites that allow passwords in excess of 64 characters and allow unorthodox symbols like High-ANSI. My most sensitive accounts are secured by massive passwords 256+ (sometimes as much as 2048!) characters long and contain High-ANSI. This is an example of a generated password for me:

kÃ14UOl)[P¯ëWDk;DZpø%u5lT¢þÅl°ÒÖ¶µ44ö¬-Ò)Ä£Þc6¶Ö1]û¡T£ÎìÓSaFi ¹±wQõ;"4³#b85=rÅMÑí«.¿Sê_Òyy xÇ£}AȨCȹöèÇÍKe³}(-ÿ)B@55_8*µÇ³>/+¦rª·=r¨ÈZøNì¹ämúþdÛ,ν2e¢ÄÛ¾ð>³Ø²&Âôaë{Ì£aÅñîÌÊà)ÞS?:Ëçü;r|àÿ:ÏÖäÜç¥Å:f<ö¢µÝ¸~Ó½SXYZgÎ^Sl Æ5c!óüN÷i*ëzñâÉNPåD¨ß±UÆn"èk¡¶2%ÕI÷

Yeah I’d like to see any hacker figure that one out.

Unfortunately lots of sites don’t allow passwords like that one. The WORST ones still only allow 16-20 character alphanumeric passwords and limited symbols. Those ones really raise flags in my mind because that tells me the website is probably using a long-outdated method to store and secure their passwords… like MD5 Hashing (shudder).

(If you ever want to test a website’s security a bit, see how the Forgot Password system works. I have, no-shit, found sites that will just send your plaintext password to you via e-mail in 2018. They’re saving passwords in plaintext! Holy moly…)

Making backups of it is as easy as just copying it and any keyfile you might have elsewhere.

Dunno much about helping you with LastPass though, sorry.

1 Like

LastPass works in Chromium browser.

Thanks to everyone who responded to my query. I received an update to the browser (and many other things) and after that, the LastPass extension finally displayed its menu. Everything else works fine too.
PureOS and PureBrowser are going to take some getting used to being a bit behind Debian and Firefox.

1 Like

Steve Gibson says LastPass is designed to “trust no one”. That is good enough for me. I need a tool that works across multiple systems. Not sure what a common user is, but I’m an old user. Started on mainframes and been on the Internet for thirty-two years. That might be a little uncommon now.

KeePass doesn’t trust anyone either. It’s open-source and cross-platform.

But I digress then, people are used to what they’re used to. I vilify “the cloud” so you know why I prefer it. Plus I just prefer it’s UI and presentation anyway.

You don’t need to trust the lastpass cloud, but you need to trust the browser extension. I can imagine that some day some government agency or hackers introduce malicious code into the extension.

1 Like

Ah yes, there’s that as well - I wouldn’t want any sort of browser integration, another big reason - just failed to mention it because I was too fixated on the cloud aspect. I’m not a fan of either of those things though.