1Password's browser extension v4, in contrast, fills in the form only when you press a key combination (⌘-\ on OSX), and has you enter your master password into a dropdown from the OSX Menu Bar, and not inside the browser frame. Pretty snazzy all around.
Aha, I see the distinction now. Thanks. Enough to simply disable autofill in LastPass then? I'm loathe to learn a new system because of such a seemingly small size vulnerability.
LastPass has me enter the master password in a pop up window when I click on the icon from the extension (firefox/chrome), although I suppose that's maybe not as good as an independent application?
I can, not only disable autofill in the Lastpass configuration, but also set to require password reprompt for any of my credentials. I could also individually disable autofill for any credential.
Please should first know how something works before criticizing.
