The people likely to do such things counter to security are going to click phishing links, install malware and misuse their company devices anyway. Their problem is not technological in nature to solve - it is personal and behavioral. I call it theater because it doesn't significantly improve the security posture and maturity, while making both the user and administrator feel tough and hardened.
> The people likely to do such things counter to security are going to click phishing links, install malware and misuse their company devices anyway.
Are you arguing that because they might make mistakes elsewhere we shouldn't bother putting any barriers up to them breaking policy, and that the only thing we should do is more training? I'd argue both things should be done. I do agree preventing LastPass from directly exposing the password isn't a very strong protection, but lets not act like it doesn't prevent any kind of password abuse. Sure, users should be more trained, but we should also create more barriers to prevent them from shooting off their toes.
It almost sounds like an argument to get rid of barriers on highways. Drivers should just know to not drive off the cliff; if people are driving off the highway clearly all we need to do is train them more. Barriers are just safety theater, people might still end up driving off the cliff if they try hard enough!
You asked for a use case for this feature and I gave you a use case that happens all the time and which such a feature prevents a large percentage of those users. You'd need someone determined to break the policy to dump the password and share it someplace they shouldn't, as opposed to someone doing it without thinking "is this against policy? shrug"
