LastPass Password Manager Now With Google Authenticator Support
One way to improve online account security is to use so called 2-step verification systems when they are offered by companies and services. Companies like Google, PayPal or Yahoo are already offering multifactor authentication systems to their users.
These systems are optional for now and improve security by combining standard log ins with a second verification step. A mobile device is usually used for that second step, but other solutions (like PayPal's ID Protection device) are available as well.
The password manager LastPass had been my password manager of choice before I switched to the Open Source password manager KeePass.
LastPass supports multifactor authentication systems for some time now, for instance with the help of Yubikeys. But those usually came with a cost.
LastPass back in November introduced support for Google's Authenticator app to add another multifactor authentication option to the service.
Google Authenticator is a mobile application for Android, iOS, Blackberry and Symbian devices that generates a temporary verification code that users need to enter when they log into LastPass from untrusted devices.
Google Authenticator needs to be linked to LastPass before the new security feature can be used. Here is how this is done.
- Google Authenticator needs to be installed on a mobile device. Google offers installation instructions for Android, iOS and Blackberry devices. Please note that you need to enable 2-step verification using the phone number as Google Authenticator cannot be setup otherwise.
- Once Google Authenticator is up and running properly, LastPass users need to visit this link to link the authenticator with their LastPass account. This is done by either scanning the displayed barcode with the mobile device, or by entering the Google Authentication key displayed on the website manually.
LastPass will from now on display a Google Authenticator Authentication page for log ins to the service from untrusted devices.
LastPass users then need to open the Google Authenticator app to generate a one-time verification code that they enter on the LastPass website to sign in. Users who require offline access to their LastPass password database can configure this during configuration. It is also possible to trust devices to avoid having to generate and enter verification codes on every log in.
Additional instructions about the setup are available on the LastPass Support website.
The new multifactor authentication adds a second layer of protection to the LastPass login process that makes it a lot harder for attackers to access a user's password database.
Advertisement
Looks like a great addition to LastPass but I still can’t be convinced to switch from RoboForm. It has more features and is extremely user friendly. Works great with my droid and iPad, plus I have the option to store all of my data locally if I don’t wish to use the online account.
I use RoboForm it is good at saving passwords and keeping my data safe and dont have to worry about being hacked
Using this thing for email. Glad to see that Lastpass added this. Thank you.
Whether passwords are stored locally or in the cloud is of less concern to me as how securely encrypted the passwords are wherever they are stored. Those with knowledge of how to secure their network, their computer and their data might prefer having their passwords stored locally. Those who are not networking and security savvy might be better off storing passwords in the cloud and letting those who DO have the knowledge protect their data.
This is a pretty sweet addition, as i use it for google myself.
For Lastpass i got myself a yubikey. So for everyone without a yubikey its a sweet addition.
Martin,
I’d be interested in hearing the reasons why you decided to switch from LastPass to KeePass; in fact, an article comparing the two and listing your own conclusions would be an informative read. I’ve been a LastPass user for a long time, but am curious about KeePass and would consider a switch as well if KeePass offers a solution that is as workable but more secure than LP.
Thanks for your blog and the articles you write; I’ve learned a lot here!
Dan
Dan, the main reason for the switch was a) a maybe hack of LastPass data and b) the consequence that I prefer to store my passwords locally instead.