LastPass Extension slows Chrome's responsiveness by up to 50% (opens in new tab)

(twitter.com)

232 pointspastelsky6y ago72 comments

72 comments

54 comments · 19 top-level

tmikaeld6y ago· 10 in thread

I used LastPass for many years until I got tired of the slowness/high CPU, then I saw that Bitwarden had done a lot of work on performance and switched to it.

Never had any issues and I have at least a thousand entries.

And quickly searching passwords is one thing, but Lastpass was slow with filling forms and input fields too. Bitwarden use the same method as 1password[1] for autofill, which works great!

[1] https://github.com/bitwarden/browser/blob/master/src/content...

kevindong6y ago

My main reason for switching away from LastPass was that Bitwarden's UI was much better looking. It's been working great for me since then (even after switching from Chrome to Safari).

tmikaeld6y ago

I also appreciate the UI more with Bitwarden, it goes straight to the point and is quicker to navigate (less drop-down menus).

1 more reply

rhino3696y ago

Can you export your passwords from LastPass to bitwarden easily?

3 more replies

jchw6y ago

I am also a former LastPass user. I did have a stint with 1password before finally settling on Bitwarden; it just seems like the most reasonable option.

jorvi6y ago

I semi-annually try most of the popular password managers (Dashlane, 1Password, Lastpass, Enpass, Bitwarden) and I always end up staying with 1Password. Both their desktop and mobile apps are very well thought out and there's all sort of small UX and UI finesses that make them a cut above the competition.

Having said that, you'll have to deal with a high subscription cost and proprietary (but audited) code. They are also unwilling to make a full blown Linux app.

2 more replies

tbrock6y ago

Do people not like dashlane? I feel like it’s the best of the bunch although does cost some money.

3 more replies

rprime6y ago

I am another long time LastPass user (2010ish) to (paid) Bitwarden convert. Simply better in every possible way. The UX/UI of LastPass is so bad, search and copy a password? Almost impossible.

jsutton6y ago

How is searching and copying a password 'almost impossible' in LastPass?

1 more reply

dstroot6y ago

Thanks - read the post and just switched to Bitwarden!

nyolfen6y ago

another former lastpass premium user who jumped ship here. it felt like switching from abp to ublock.

overcast6y ago· 5 in thread

This is my experience with everything LastPass touches. Chrome, Firefox, Standalone, iOS, same unresponsive nonsense. Thankfully that's limited to only the corporate environment for me, but if you have a choice, 1password has been amazingly slick for me outside of it.

Lunatic6666y ago

Exactly that. I'm so happy I convinced my manager to let me rollout 1Password company wide. My problems with LastPass were the clunky web UI and the lack of control I had even for enterprise accounts. I wasn't able to do a password reset for a new team member who pasted the wrong password and couldn't login anymore later on. The email address was not usable afterwards anymore. Costs for us were the same, so it wasn't that hard to convince people after they saw the demo.

pmiller26y ago

Funny you should mention the corporate environment. My company has a LastPass subscription and encourages us to use it, but they don’t prevent us from installing extensions, within reason. Given that , are there any good alternatives that are both secure and trustworthy while imposing as small a performance burden as possible?

overcast6y ago

I signed up for 1passwords Cloud service, because I needed it on just about every OS and browser under the sun. Works great!

webartisan6y ago

It's a shame really then that it continues to be the most popular password manager.

https://trends.google.com/trends/explore?q=1Password,LastPas...

hn20176y ago

Hint: It's because LP has a free version

dmix6y ago· 4 in thread

I built a Vue.js component for a Rails form that had tons of hidden fields and we couldn't figure out why it was grinding to a halt and lagging only on my bosses machine.

Turns out it was Lastpass and using their lp-ignore flag didn't do anything since it was loaded after the fact.

We ultimately decided to just have an advisory to tell people to disable Lastpass if it came up. Which involves going to the Account settings page and adding a 'Never URL' https://support.logmeininc.com/lastpass/help/disable-lastpas...

gremlinsinc6y ago

Curious why all the hidden fields though? Seems like an anti-pattern. I haven't used a hidden field in years.

I mean props if using server passed data would easily pass the data to your vue context.

I don't even use <form> tags anymore. just bind everything to a json object and transform the data as needed if combining stuff then send it off to the api on-click. Saves some work because I don't have to use the prevent tag in the form element or worry about the submit button binding.

I just add an @click to a normal button element and use axios w/ some modifications to enable our auth scheme. (Headers and what not).

dmix6y ago

I'm building very complex B2B software (link to company is in profile) doing phone call tracking and its a large legacy Rails app with standard `form_for` type forms.

On one page there could be hundreds of records because some customers like to create a thousand objects for one marketing 'campaign' and have customers routed (via IVR or geo or other flags from the source website/ad embedded js) to a thousand different sales agents depending on fine-tuned criteria (like if they press 1 to say they are over 50), and from there it could trigger a hundred different conversion triggers (for ex: to do CPA payouts to the traffic sources) and webhooks to various analytics services.

Anyway I'm slowly redesigning each part of the giant forms one-by-one and instead of AJAXing some parts separately I'm injecting the data into hidden fields which get submitted via traditional HTTP form-data along with the old forms.

I built a Vue component that automatically generates Rails friendly forms from any object. Including nested arrays of objects, with any degree of nesting. I plan on publishing it soon OSS as RailsForm.vue.

It sounds crazy but it was actually really simple to do and is only a temporary transitional thing. The only problem is I'm pushing the limits of browser memory/CPU on some customer accounts so I've made some performance optimizations like only rendering the hidden fields once the submit button is pushed.

katsura6y ago

I had a very similar experience. I couldn't understand why doing certain events was so slow in Chrome, but not in Firefox. After a lot of debuggin I realized that LastPass was the culprit.

If you add and remove a lot of input fields your page is going to slow down considerably, and there `lp-ignore` attribute didn't help at all.

dmix6y ago

I’ve had chrome extensions slow things down before but never this badly. It was crazy.

You can tell they are using extremely inefficient JavaScript to track form fields. And hire shitty developers who cant figure out a proper flag to add to be ignored.

Very anti internet IMO.

blfr6y ago· 3 in thread

Slow, buggy, and brittle. What is a good replacement for a small team that needs to share logins, passwords, and other secrets?

Spivak6y ago

Bitwarden. You can self-host the bitwarden_rs backend and basically get premium features for free as well.

whycombagator6y ago

Bitwarden.

Daniel_sk6y ago

1Password.

scottfr6y ago· 2 in thread

If you take a look at their extension, it injects a number of separate content scripts on the document_start event for a webpage. This blocks document loading and Google's recommendation is to load content scripts on document_idle which would not block loading.

These scripts that are injected into every page (including all iframes) include this one which is a 25,000 line file:

https://crxcavator.io/source/hdokiejnpimakedhajhdlcegeplioah...

Things like this can have large impact on performance. My company develops a Chrome extension and we are very focused on optimizing the performance of our content script and minimizing its impact on host pages. We handwrite all the Javascript code in the content script and manually include the very few third party dependencies we have in it. Yes, it would be a lot easier to use NPM with Webpack to build the content script file, but it's important to keep content scripts as slim as possible.

greggman26y ago

Also their Privacy Policy says they spy on absolutely eveything and share it with anyone and everyone. Just guessing that's what some of those 25k lines do.

sieabahlpark6y ago

Gotta make sure your passwords are nice and safe while selling your data to subsidize your password vault.

cpbotha6y ago· 2 in thread

I did this same experiment in September of last year. (just checked my orgmode notes)

My conclusion then was that the speedometer 2.0 benchmark is dominated by page load, because it does that a zillion times as it goes through all the different todomvc implementations.

The lastpass performance tax shows up mostly during page load.

The question is, how representative is the speedometer benchark of normal use?

pastelskyOP6y ago

It isn't perfect, and it does penalize LastPass's behaviour more due to its poor startup performance.

But I don't think it is entirely unrepresentative of real world performance.

If your hypothesis is correct — if you have LastPass installed, your pages are probably going to load slower and you'll experience a longer "uncanny valley". The tax paid is worse for pages that are otherwise lightweight.

y4mi6y ago

> uncanny valley

You might want to look up that term sometimes. It means something different than you seem to think.

1 more reply

ycombonator6y ago· 2 in thread

If you are on iOS, do you see any reason to use 3rd party password managers ? I don’t seem to find any use for them if I am using the built in password manager

33Backpack336y ago

I find a password manager is more than just for passwords. I store PIN codes, Code, security questions, important notes, and so many other things.

Frondo6y ago

The only reason I can think of is that Keychain only works with safari. Sometimes I prefer doing dev work in chrome, and then accessing the passwords in Keychain is kind of a pain.

If there's a cross-browser way to access Keychain, I wouldn't use anything but that.

mackey6y ago· 2 in thread

I assume this is caused by having "Autofill" turned on?

pastelskyOP6y ago

This is on a fresh copy of Chrome, with LastPass installed – without me being logged into LastPass, or having AutoFill turned on.

Speedometer does use TodoMVC heavily, and I wouldn't be surprised if this was because of the text input elements.

ben_jones6y ago

This is an important reminder that it's important to periodically review default tooling whether they be chrome extensions, desktop apps, phone apps, etc..

Im definitely guilty and glad someone did the research!

szastupov6y ago· 1 in thread

I honestly don’t understand why people use LastPass when everything about it screams poor quality. Is it the lack of taste or alternatives for non Apple platforms?

hendersoon6y ago

My feeling is most use Lastpass because it's free and they don't know about Bitwarden, or (for the techies) didn't hear that Bitwarden passed a third-party code audit.

Lastpass also has a bunch of features missing in Bitwarden, but they're largely long tail stuff. My biggest complaint is it doesn't support biometric authentication on desktop.

hendersoon6y ago· 1 in thread

My speedometer 2.0 tests on Firefox 70b12 win64.

No password addon: 74.5

Bitwarden: 74.0

Lastpass: 39.7

Pretty grim for LP.

humantiy6y ago

Thanks for posting. I figured this issue wasn't just chrome. Been meaning to switch to BW and this might be the kick I needed instead of 'just living with it' anymore.

Daniel_sk6y ago· 1 in thread

Every time I read those stories I am happy to be paying for 1Password.

skrause6y ago

When I was using 1Password a few years ago it was much worse than this LastPass problem: The Windows version of 1Password resulted in a stuttering mouse cursor and completely lagging UI of the whole Windows system every time the CPU was used 100%. Uninstalling 1Password immediately fixed the problem and I could reproduce it on 2 different systems. I never looked at 1Password again.

pastelskyOP6y ago· 1 in thread

FWIW, this isn't a Chrome-only issue. One can see similar differences on Firefox as well.

eitland6y ago

The LastPass standalone program on Windows was unusably slow as well last I tested it (left LastPass some moons ago.)

SubiculumCode6y ago· 1 in thread

Top on this, LastPass premium prices went from $12/year several years ago to $36/year. Kind of gone to crap now that LogMeIn bought them up.

humantiy6y ago

Can't say this wasn't unexpected given their history with other acquisitions.

AhtiK6y ago

Is anyone else happy with the Trezor password manager [1]? After years of using LastPass, I just bought a physical Trezor wallet and its password manager works well enough considering it's a one-time-purchase.

[1] https://wiki.trezor.io/User_manual:Password_Manager

foxyv6y ago

I just switched from LastPass to BitWarden as suggested by a few comments below. I never realized what it was doing to my browsing experience. I thought it was just my internet connection or VPN slowing down! I wonder if there is an extension to show what other extensions are adding time to your browsing?

BearsAreCool6y ago

I've been wondering why my chromium installation has been feeling slower recently, thanks for the heads up.

Any insight into why LastPass slows everything down so much? It seems like it has a relatively simple job to do.

lloydatkinson6y ago

I've never had a positive experience with LastPass - this news doesn't come as a surprise.

zamalek6y ago

This is why I switched from Dashlane to 1Password a few years back. Dashlane was activating WebVR (pegging a core at 100% in the process), no idea why it was interacting with WebVR.

It might be worth checking if disabling WebVR does the trick in this case (it worked for Dashlane, but I own an HMD).

tschellenbach6y ago

main reason why i switched from lastpass to 1password

j / k navigate · click thread line to collapse

72 comments

54 comments · 19 top-level

tmikaeld6y ago· 10 in thread

I used LastPass for many years until I got tired of the slowness/high CPU, then I saw that Bitwarden had done a lot of work on performance and switched to it.

Never had any issues and I have at least a thousand entries.

And quickly searching passwords is one thing, but Lastpass was slow with filling forms and input fields too. Bitwarden use the same method as 1password[1] for autofill, which works great!

[1] https://github.com/bitwarden/browser/blob/master/src/content...

kevindong6y ago

My main reason for switching away from LastPass was that Bitwarden's UI was much better looking. It's been working great for me since then (even after switching from Chrome to Safari).

tmikaeld6y ago

I also appreciate the UI more with Bitwarden, it goes straight to the point and is quicker to navigate (less drop-down menus).

1 more reply

rhino3696y ago

Can you export your passwords from LastPass to bitwarden easily?

3 more replies

jchw6y ago

I am also a former LastPass user. I did have a stint with 1password before finally settling on Bitwarden; it just seems like the most reasonable option.

jorvi6y ago

Having said that, you'll have to deal with a high subscription cost and proprietary (but audited) code. They are also unwilling to make a full blown Linux app.

2 more replies

tbrock6y ago

Do people not like dashlane? I feel like it’s the best of the bunch although does cost some money.

3 more replies

rprime6y ago

I am another long time LastPass user (2010ish) to (paid) Bitwarden convert. Simply better in every possible way. The UX/UI of LastPass is so bad, search and copy a password? Almost impossible.

jsutton6y ago

How is searching and copying a password 'almost impossible' in LastPass?

1 more reply

dstroot6y ago

Thanks - read the post and just switched to Bitwarden!

nyolfen6y ago

another former lastpass premium user who jumped ship here. it felt like switching from abp to ublock.

overcast6y ago· 5 in thread

Lunatic6666y ago

pmiller26y ago

overcast6y ago

I signed up for 1passwords Cloud service, because I needed it on just about every OS and browser under the sun. Works great!

webartisan6y ago

It's a shame really then that it continues to be the most popular password manager.

https://trends.google.com/trends/explore?q=1Password,LastPas...

hn20176y ago

Hint: It's because LP has a free version

dmix6y ago· 4 in thread

I built a Vue.js component for a Rails form that had tons of hidden fields and we couldn't figure out why it was grinding to a halt and lagging only on my bosses machine.

Turns out it was Lastpass and using their lp-ignore flag didn't do anything since it was loaded after the fact.

gremlinsinc6y ago

Curious why all the hidden fields though? Seems like an anti-pattern. I haven't used a hidden field in years.

I mean props if using server passed data would easily pass the data to your vue context.

I just add an @click to a normal button element and use axios w/ some modifications to enable our auth scheme. (Headers and what not).

dmix6y ago

I'm building very complex B2B software (link to company is in profile) doing phone call tracking and its a large legacy Rails app with standard `form_for` type forms.

katsura6y ago

I had a very similar experience. I couldn't understand why doing certain events was so slow in Chrome, but not in Firefox. After a lot of debuggin I realized that LastPass was the culprit.

If you add and remove a lot of input fields your page is going to slow down considerably, and there `lp-ignore` attribute didn't help at all.

dmix6y ago

I’ve had chrome extensions slow things down before but never this badly. It was crazy.

You can tell they are using extremely inefficient JavaScript to track form fields. And hire shitty developers who cant figure out a proper flag to add to be ignored.

Very anti internet IMO.

blfr6y ago· 3 in thread

Slow, buggy, and brittle. What is a good replacement for a small team that needs to share logins, passwords, and other secrets?

Spivak6y ago

Bitwarden. You can self-host the bitwarden_rs backend and basically get premium features for free as well.

whycombagator6y ago

Bitwarden.

Daniel_sk6y ago

1Password.

scottfr6y ago· 2 in thread

These scripts that are injected into every page (including all iframes) include this one which is a 25,000 line file:

https://crxcavator.io/source/hdokiejnpimakedhajhdlcegeplioah...

greggman26y ago

Also their Privacy Policy says they spy on absolutely eveything and share it with anyone and everyone. Just guessing that's what some of those 25k lines do.

sieabahlpark6y ago

Gotta make sure your passwords are nice and safe while selling your data to subsidize your password vault.

cpbotha6y ago· 2 in thread

I did this same experiment in September of last year. (just checked my orgmode notes)

My conclusion then was that the speedometer 2.0 benchmark is dominated by page load, because it does that a zillion times as it goes through all the different todomvc implementations.

The lastpass performance tax shows up mostly during page load.

The question is, how representative is the speedometer benchark of normal use?

pastelskyOP6y ago

It isn't perfect, and it does penalize LastPass's behaviour more due to its poor startup performance.

But I don't think it is entirely unrepresentative of real world performance.

y4mi6y ago

> uncanny valley

You might want to look up that term sometimes. It means something different than you seem to think.

1 more reply

ycombonator6y ago· 2 in thread

If you are on iOS, do you see any reason to use 3rd party password managers ? I don’t seem to find any use for them if I am using the built in password manager

33Backpack336y ago

I find a password manager is more than just for passwords. I store PIN codes, Code, security questions, important notes, and so many other things.

Frondo6y ago

The only reason I can think of is that Keychain only works with safari. Sometimes I prefer doing dev work in chrome, and then accessing the passwords in Keychain is kind of a pain.

If there's a cross-browser way to access Keychain, I wouldn't use anything but that.

mackey6y ago· 2 in thread

I assume this is caused by having "Autofill" turned on?

pastelskyOP6y ago

This is on a fresh copy of Chrome, with LastPass installed – without me being logged into LastPass, or having AutoFill turned on.

Speedometer does use TodoMVC heavily, and I wouldn't be surprised if this was because of the text input elements.

ben_jones6y ago

This is an important reminder that it's important to periodically review default tooling whether they be chrome extensions, desktop apps, phone apps, etc..

Im definitely guilty and glad someone did the research!

szastupov6y ago· 1 in thread

I honestly don’t understand why people use LastPass when everything about it screams poor quality. Is it the lack of taste or alternatives for non Apple platforms?

hendersoon6y ago

My feeling is most use Lastpass because it's free and they don't know about Bitwarden, or (for the techies) didn't hear that Bitwarden passed a third-party code audit.

Lastpass also has a bunch of features missing in Bitwarden, but they're largely long tail stuff. My biggest complaint is it doesn't support biometric authentication on desktop.

hendersoon6y ago· 1 in thread

My speedometer 2.0 tests on Firefox 70b12 win64.

No password addon: 74.5

Bitwarden: 74.0

Lastpass: 39.7

Pretty grim for LP.

humantiy6y ago

Thanks for posting. I figured this issue wasn't just chrome. Been meaning to switch to BW and this might be the kick I needed instead of 'just living with it' anymore.

Daniel_sk6y ago· 1 in thread

Every time I read those stories I am happy to be paying for 1Password.

skrause6y ago

pastelskyOP6y ago· 1 in thread

FWIW, this isn't a Chrome-only issue. One can see similar differences on Firefox as well.

eitland6y ago

The LastPass standalone program on Windows was unusably slow as well last I tested it (left LastPass some moons ago.)

SubiculumCode6y ago· 1 in thread

Top on this, LastPass premium prices went from $12/year several years ago to $36/year. Kind of gone to crap now that LogMeIn bought them up.

humantiy6y ago

Can't say this wasn't unexpected given their history with other acquisitions.

AhtiK6y ago

[1] https://wiki.trezor.io/User_manual:Password_Manager

foxyv6y ago

BearsAreCool6y ago

I've been wondering why my chromium installation has been feeling slower recently, thanks for the heads up.

Any insight into why LastPass slows everything down so much? It seems like it has a relatively simple job to do.

lloydatkinson6y ago

I've never had a positive experience with LastPass - this news doesn't come as a surprise.

zamalek6y ago

This is why I switched from Dashlane to 1Password a few years back. Dashlane was activating WebVR (pegging a core at 100% in the process), no idea why it was interacting with WebVR.

It might be worth checking if disabling WebVR does the trick in this case (it worked for Dashlane, but I own an HMD).

tschellenbach6y ago

main reason why i switched from lastpass to 1password

j / k navigate · click thread line to collapse