LastPass Authenticator's Cloud Backup option explained
LastPass Authenticator is a free application for Android and iOS devices that can generate two-factor authentication codes for you.
The application is compatible with LastPass accounts, but works also with other services that support two-factor authentication such as Google or LogMeIn. The app supports all services or apps that use Google Authenticator, or TOTP-based two-factor authentication.
Once you have added an account to the app, it either generates two-factor authentication codes continuously when open, or displays confirmation prompts that you need to respond to, to sign-in to the selected service.
LastPass Authenticator is compatible with the company's password manager application, but does not require it. Some functionality is limited however when you don't connect LastPass Authenticator to a LastPass Account.
LastPass Authenticator Cloud Backup
Cloud Backup is a new feature of LastPass' Authenticator application for Android and iOS. It allows you to back up all authentication tokens in the cloud for easy recovery if you have to restore your mobile device or switch to a new device entirely.
The main use of the feature is comfort. Instead of having to set up all two-factor authentication services manually again when you switch smartphones or reset yours, you can restore them from backup instead.
Handy if you run ten or more of these two-factor authentication services in the LastPass Authenticator application.
Cloud Backup requires that you link a LastPass account to LastPass Authenticator. The data is linked to that account then, and account access is required to restore the backup at a later point in time on the same device or another device.
You enable Cloud Backup in the settings under backup. Tap on the menu icon and select Settings to open those on your device. Check the "backup to LastPass" option on the settings page.
What happens then depends on whether you have linked a LastPass account to the Authenticator app already, or not.
If you have, you get a message that asks you to confirm the email address of the account. If you have not, the app walks you through the steps of downloading the LastPass Password Manager application, creating an account, signing in, and linking it to the company's Authenticator application.
Changes made from that point on are synced to the linked LastPass account. This includes, among others, adding or removing services, editing names, or changing the order in which accounts are listed in the application.
LastPass encrypts the MFA data on the device, before it is transferred to company servers. The data is secured in the same way as LastPass password data, which means that LastPass cannot access the data as it is protected by a user's master password.
You can start the restoration process on the apps' start page. Just tap on the restore from backup button there to initiate the restoration. You do need to confirm your LastPass account at this time, and if things go well, all the authentication data is synced to the LastPass Authenticator application afterwards.
One interesting feature of cloud backup is that notifications are only pushed to the most recent device you use. This means that the "old" device won't receive any verification notifications anymore. Codes generated on the old device will continue to work however.
Closing Words
LastPass Authenticator's cloud backup feature is helpful when you switch devices. This can happen after your old device was stolen, or when you purchase a new device.
Users who trust LastPass with their passwords and other sensitive information have no reason not to use the backup feature as well. Those who don't trust cloud saved data won't anyway.
This can be useful if you switch phones or mobile devices a lot, or if you just want to have a restoration mechanism in place when things go terribly wrong.
Now You: What's your take on this new cloud backup feature?
I’m not t he hardest nail around here. Pound on my head and it hurts. I need a class setting to really learn and understand LastPass. Why do I need or want LastPass Premium?
I rather keep my 2fa codes, though I do use LP for password. I have all 2fa codes added to an old iPod I don’t use, but check/charge once a month. I also have all QR codes saved in a encrypted VeraCrypt container, which is backed up by CrashPlan.
Btw, if you use 2fa for LP login, which you should, you’re screwed if you lose the device and can’t check email added to LP. So then have to use Yubikey or some other 2fa for LP.
I rather not have both passwords and 2fa codes in one place, though I do use LP for passwords. I have all 2fa codes added to an old iPod I don’t use, but check/charge once a month. I also have all 2fa QR codes saved in a encrypted VeraCrypt container, which is backed up by CrashPlan.
I can see this being super useful because when my OnePlus One decided to stop working and Titanium Backup couldn’t restore my apps, I couldn’t use my Google Authenticator.