LastPass launches mobile Authenticator app
LastPass Authenticator is a new mobile application by the makers of LastPass for Google Android, Microsoft Windows and Apple iOS devices to generate 2-factor authentication codes for the software and other programs.
2-Factor authentication is one option to improve the protection of accounts. It has been supported by LastPass for a while but relied mostly on third-party authentication applications and services such as Google Authenticator, YubiKey or Authy to power the functionality.
The release of LastPass Authenticator for Android, Windows Mobile and iOS changes that by introducing a first-party solution that free and premium users of the service can utilize to create 2-factor authentication codes to sign in to the service on the desktop, mobile devices or Web.
LastPass Authenticator
Do the following to set up LastPass Authenticator as an option when it comes to the generation of 2-factor authentication codes.
- Sign-in to your account on the LastPass website.
- Click on the "account settings" link displayed on the left.
- Switch to the "Multifactor Options" tab in the Account Settings overlay.
- There you find LastPass Authenticator listed at the top. Click on the edit button on the right of it to start the activation process.
- On the page that opens, switch the value of enabled to yes and click on the update button afterwards.
- You are prompted to enter the account's master password after hitting the update button. Enter it and click on continue afterwards.
- On the page that follows, click on "enroll" to "enroll" the device with LastPass Authenticator.
- You are redirected to a new page. Select "set up mobile app" on it.
- You get options to download the authenticator application for Android, iOS or Windows Phone. If you have not done so click on the button leading to your phone's main store to download and install the app. Click on next afterwards.
- A QR code is displayed on the next page that you need to scan using the installed LastPass Authenticator application.
- Add a phone number in the next step for backup purposes. This is used when the primary means of generating the code is not available or fails.
- Last but not least, click on "activate" to activate two-factor authentication for the account.
You can check out the help desk article on the LastPass website for additional information about the process.
The authenticator app provides you with the means to approve or deny a log in request with a tap on buttons in the application which means that you don't have to type the code for that.
The authenticator application is as basic as it gets currently. There is for instance no option to protect access using a PIN or password, something that apps like Authy support to improve security.
LastPass Authenticator is compatible with all services supporting Google Authenticator including WordPress, Dropbox, or Facebook among others.
Now You: Do you use 2-factor authentication when available?
This might be more secure but it seems to me that it would be a huge pain in the butt to have to always have your phone beside you to log into LastPass. And you would really be up the creek if you misplace or lose your phone.
~~~ And you would really be up the creek if you misplace or lose your phone ~~~
I set it up this morning, using my main phone as “the” phone associated with the authenticator. They *strongly* recommend setting it up with a backup phone also, which they can send a text msg to. So happens that I’ve got a spare phone on a very inexpensive account, a very inexpensive garbage-can android phone which I throw in my bike bag or in the glove box of my pickup or what-have-you. Inexpensive garbage-can or not, it can sure get a text msg.
Probably even a safer bet would be to use my brothers phone number as the backup, for redundancy, in case both my phones got destroyed in flood or whatever; my brother lives a thousand miles away, chance of both of us getting blown out at the same time pretty small.
~~~~~
The set-up was really easy, straightforward. I don’t have near the technical chops that many readers/commenters here have so I was glad to be walked through it, sortof a paint-by-the-numbers thing — do this, then this, then that, then the other, POOF! you’re done.
LastPass has a security check IE how bombproof have you made your passwords, have you kept them up to date, how strong is your master login password, etc and etc, blah blah blah. I was at 90% because of not using authentication; I ran the test again after setting this up and I am 100% secure as their software can get me. Cool.
Thx for writing it up, Martin, read about it from your “Interesting Reads” and installed it immediately.
I have LastPass Premium account and it works with Google Authenticator. You can enable it through the account settings.
Going to stick with Authy. It works and since the marriage with Logmein and Lastpass is still not a year old do not want to put all my eggs in one basket so to speak.
I’ve tried this earlier today, but even if I chose NOT to trust the current computer, when I login next time it does not require me to use the new app to login. So I think there’s some issue there…
Well, it’s not obvious… :)
Why would I use this if I already use Google Authenticator?
The “automated push notifications that let you approve or deny a login in one tap” (supported by Last Pass itself and probably more services in the future) is what’s differentiates it from Authy.
That was my question exactly. What’s the need for another app like this when one exist already and the new one doesn’t add anything new…
The only thing I can think of is not trusting another company with your two-factor authentication data. If you only use LastPass for 2-factor authentication, then you may trust their solution more than others.