These scripts that are injected into every page (including all iframes) include this one which is a 25,000 line file:
Never had any issues and I have at least a thousand entries.
And quickly searching passwords is one thing, but Lastpass was slow with filling forms and input fields too. Bitwarden use the same method as 1password for autofill, which works great!
During this process, I also cleaned up my vault (some accounts had very long URLs saved as opposed to the base domain; e.g. https://www.foobar.com/signup&method=blah... => https://www.foobar.com) and discovered that a bunch of my entries had either empty usernames or empty passwords.
Having said that, you'll have to deal with a high subscription cost and proprietary (but audited) code. They are also unwilling to make a full blown Linux app.
When I left, there were still lots of things that the extension did not do, that the desktop app did.
I checked out Bitwarden a while back and the mobile app is very sloppy to use compared to Dashlane. The desktop app (Electron) just keeps eating up my Macbook's RAM and it takes a while to auto-fill passwords in other apps. Perhaps the open-ness of Bitwarden may allow compatible alternative password-managers to rival Bitwarden's own clients or even Dashlane.
Right now, I'd rather pay for Dashlane since it does the job better than what I have tried out so far.
My conclusion then was that the speedometer 2.0 benchmark is dominated by page load, because it does that a zillion times as it goes through all the different todomvc implementations.
The lastpass performance tax shows up mostly during page load.
The question is, how representative is the speedometer benchark of normal use?
But I don't think it is entirely unrepresentative of real world performance.
If your hypothesis is correct — if you have LastPass installed, your pages are probably going to load slower and you'll experience a longer "uncanny valley". The tax paid is worse for pages that are otherwise lightweight.
You might want to look up that term sometimes. It means something different than you seem to think.
Where does it originate if I may ask?
Turns out it was Lastpass and using their lp-ignore flag didn't do anything since it was loaded after the fact.
We ultimately decided to just have an advisory to tell people to disable Lastpass if it came up. Which involves going to the Account settings page and adding a 'Never URL' https://support.logmeininc.com/lastpass/help/disable-lastpas...
I mean props if using server passed data would easily pass the data to your vue context.
I don't even use <form> tags anymore. just bind everything to a json object and transform the data as needed if combining stuff then send it off to the api on-click. Saves some work because I don't have to use the prevent tag in the form element or worry about the submit button binding.
I just add an @click to a normal button element and use axios w/ some modifications to enable our auth scheme. (Headers and what not).
On one page there could be hundreds of records because some customers like to create a thousand objects for one marketing 'campaign' and have customers routed (via IVR or geo or other flags from the source website/ad embedded js) to a thousand different sales agents depending on fine-tuned criteria (like if they press 1 to say they are over 50), and from there it could trigger a hundred different conversion triggers (for ex: to do CPA payouts to the traffic sources) and webhooks to various analytics services.
Anyway I'm slowly redesigning each part of the giant forms one-by-one and instead of AJAXing some parts separately I'm injecting the data into hidden fields which get submitted via traditional HTTP form-data along with the old forms.
I built a Vue component that automatically generates Rails friendly forms from any object. Including nested arrays of objects, with any degree of nesting. I plan on publishing it soon OSS as RailsForm.vue.
It sounds crazy but it was actually really simple to do and is only a temporary transitional thing. The only problem is I'm pushing the limits of browser memory/CPU on some customer accounts so I've made some performance optimizations like only rendering the hidden fields once the submit button is pushed.
If you add and remove a lot of input fields your page is going to slow down considerably, and there `lp-ignore` attribute didn't help at all.
Very anti internet IMO.
Lastpass also has a bunch of features missing in Bitwarden, but they're largely long tail stuff. My biggest complaint is it doesn't support biometric authentication on desktop.
No password addon: 74.5
Pretty grim for LP.
If there's a cross-browser way to access Keychain, I wouldn't use anything but that.
Any insight into why LastPass slows everything down so much? It seems like it has a relatively simple job to do.
It might be worth checking if disabling WebVR does the trick in this case (it worked for Dashlane, but I own an HMD).
Speedometer does use TodoMVC heavily, and I wouldn't be surprised if this was because of the text input elements.
Im definitely guilty and glad someone did the research!