Improving Data Security with LastPass

My recent visit to Perth gave me an opportunity to have a few beers with one of our clients.

Prior to meeting up with him, we have been calling, texting and messaging each other via Zoom or Slack. It was great that we connected easily and could comfortably chat about work and life.

As we were chatting, we discussed LastPass and unexpectedly, this simple chat was instrumental in VA Platinum making one of its most important business improvements ever implemented.

To my surprise, he pointed out that there are some features about LastPass that make it not entirely foolproof.

He found out that LastPass is not totally secure after he played around with it and discovered that the person you shared credentials with, can actually see all passwords if they follow a simple few steps.

The premise of LastPass is that it protects the passwords and when you share those passwords with someone, they shouldn’t see them. That’s their business model!

When I came back to Melbourne, I made it my priority to find a solution.

After hearing about that loophole, Kyle, our IT specialist and I did some investigation and tested it out ourselves.

Both of us were alarmed that it really is not super secure and that we can see the passwords that were supposedly encrypted!

What struck me most is the realisation that we’ve been endorsing LastPass to all of our clients from the time we started the business.

Luckily, after researching and experimenting, Kyle came back to me with a solution.

With additional prodding, we figured out that the solution is different for every browser.

We’ve implemented the solution for all the staff who use this security app. Now, our use of LastPass has been optimised with an increased security layer.

It’s important that you set aside time to carry out this incredibly easy task on your own.

Basically, the goal is to disable the developer tools for all browsers.

With a simple tweak of the settings, staff could no longer access all passwords.

Here’s a step-by-step guide we’ve put together for your reference. Please do note that there are different steps per browser.

Don’t worry, we’ve prepared detailed guides for Chrome, Mozilla Firefox, Microsoft Edge, and Internet Explorer.

 

CHROME

Before you can do this, you need the file “policy-templates-chrome”.

 

Step 1

Open Start menu on Windows and type gpedit.msc.

Right click on the result and select Run as Administrator to open Local Group Policy Editor. Put in Administrator password if prompted.

Step 2

Once you have opened Local Group Policy Editor, navigate to Local Computer policy > Computer Configuration > Administrative Templates. Right click on Administrative Templates and select Add/Remove Templates.

Step 3

Click on Add… Button.

 

Step 4

Open the file “chrome.adm”

You have successfully added the Policy Templates file for Google Chrome.

Click on Close.

 

Step 5

On the Local Group Policy Editor navigate to Local Computer Policy > Computer Configuration > Administrative Templates > Classic Administrative Templates (ADM) > Google > Google Chrome. As shown on the image below. Find “Control where Developer Tools can be used” setting and double-click on it.

Step 6

Select Enabled and make sure “Disallow usage of the Developer Tools” is selected as shown on the image below. Click on Apply then OK.


 

Step 7

Open Google Chrome browser to make sure Developer Tools is disabled. You can verify this by:

    1. Press F12 key inside the browser. Developer Tools should not pop-up.
    2. Press CTRL + SHIFT + I. Developer Tools should not pop-up.
    3. Right click inside the webpage. Inspect should be grayed out.
    4. On the upper right corner of Chrome click on icon, go to More tools and make sure Developer Tools is grayed out.

Once you have verified the three items above, you have successfully disabled Developer Tools in Google Chrome.

MOZILLA FIREFOX

The steps in disabling Developer Tools in Firefox is slightly different from Chrome. You will also need the file “policy-templates-firefox”.

Step 1

Download files “firefox.admx” and “mozilla.admx” by navigating to policy-templates-firefox > policy-templates-master > windows.

Copy both files and paste it to C:\Windows\PolicyDefinitions.

 

 

Step 2

Navigate to policy-templates-firefox > policy-templates-master > windows > en-US. In this folder, you will find two files, “firefox.adml” and “mozilla.adml”.

Copy both files and paste it to C:\Windows\PolicyDefinitions\en-US.

Step 3

Open Start menu on Windows and type in gpedit.msc. Right click on the result and select Run as Administrator to open Local Group Policy Editor. Put in Administrator password if prompted.

Step 4

On the Local Group Policy Editor navigate to Local Computer policy > Computer Configuration > Administrative Template > Mozilla > Firefox and look for “Disable Developer Tools”. Double-click on it.

Step 5

Make sure to select Enabled and then click Apply then Ok.

Step 6

Open Mozilla Firefox browser to make sure Developer Tools is disabled. You can verify this by:

    1. Press CTRL + SHIFT + I. Developer tools should not pop-up.
    2. Press CTRL + SHIFT + K. Developer tools should not pop-up.
    3. Press CTRL + SHIFT + C. Developer tools should not pop-up.
    4. Press F12. Developer tools should not pop-up.
    5. Right click inside the webpage. There should be no option to Inspect Element.

6. On the upper right corner of the browser click on Web Developer option should not be available.

This image shows that Web Developer is still on the menu. This means Developer Tools is not disabled.

The image below shows that Web Developer is not listed on the menu. This indicates that you have successfully disabled the Developer Tools.

Once you have verified all six items above, you have successfully disabled Developer Tools on Mozilla Firefox browser.

MICROSOFT EDGE

Step 1

Open Start menu on Windows and type in gpedit.msc. Right click on the result and select Run as Administrator to open Local Group Policy Editor. Put in Administrator password if prompted.

 

Step 2

Navigate to Local Computer Policy > Computer Configuration > Administrative Templates > Windows Components > Microsoft Edge. Look for “Allow Developer Tools” setting and double click on it.

Step 3

Make sure Disabled is selected. Click on Apply then Ok.

Step 4

Open Microsoft Edge browser to make sure Developer Tools has been disabled. You can verify this by:

    1. Press CTRL + SHIFT + I. Developer tools should not pop-up.
    2. Press F12. Developer tools should not pop-up.
    3. Right click inside the webpage. “Inspect Element” option should not be listed.

    1. On the upper right corner of Microsoft Edge, click on “Developer Tools” should not be listed.

Once you have verified all four items above you have successfully disabled Developer Tools in Microsoft Edge browser.

 

INTERNET EXPLORER

Step 1

Open Start menu on Windows and type in gpedit.msc. Right click on the result and select Run as Administrator to open Local Group Policy Editor. Put in Administrator password if prompted.

 

Step 2

Navigate to Local Computer Policy > Computer Configuration > Administrative Templates > Windows Components > Internet Explorer > Toolbars. Look for “Turn off Developer Tools” setting and double click on it.

Step 3

Make sure Enabled is selected. Click on Apply then Ok.

Step 4

Open Internet Explorer browser to make sure Developer Tools has been disabled. You can verify this by:

    1. Press F12. Developer tools should not pop-up.
    2. Right click inside the webpage. “Inspect Element” would still be on the list but when you click on it nothing happens.

3. On the upper right corner of Internet Explorer click on the “F12 Developer Tools” should not be listed.

   

Once you have verified all three items above, you have successfully disabled Developer Tools on Internet Explorer browser.

Disabling access to passwords through LastPass has become one of the most important safety features we have implemented.

This is in addition to removing access to non-work-related sites and disabling USB portals.

Data security is one of the top priorities for VA Platinum.

If you need further assistance, you can contact us directly. If you have questions, concerns, or suggestions on protecting data security, please comment below.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: