Multifactor authentication simply refers to adding a second piece of information that must be submitted before allowing access to your account. After entering your LastPass email address and master password, you would be prompted to submit the information from another, often physical, device. This means that even if someone compromises your master password, they can't gain access to your account without the second form of authentication.
LastPass offers several options for multifactor authentication. Some are part of the basic free version of LastPass, while others are offered as a Premium feature:Google Authenticator (Free): Once you've installed the app on a supported smartphone and added your LastPass account to the app, you simply launch the Google Auth app and enter the generated key in the browser dialog when you're logging in to your LastPass account. See our help article for more information about getting started with Google Authenticator.
Grid (Free): Grid works by generating a spreadsheet of random values that resemble a Battleship grid. Once enabled, you'll be prompted to find four values from the spreadsheet and enter them to gain access to your account. See our help article for more information about getting started with Grid.
Sesame (Premium): Once enabled for your account, Sesame generates secure One Time Passwords (OTPs) for you to login to your account. The feature can be run from a USB thumb drive, and you have the choice to copy the OTP to the clipboard or launch the browser and pass the value automatically. See our help article for more information about getting started with Sesame.
YubiKey (Premium): A YubiKey is a key-sized device that you can plug into your computer's USB slot to provide another layer of security when accessing your LastPass Account. YubiKeys are immune from replay-attacks, man-in-the-middle attacks, and a host of other threat vectors. The key can be purchased from Yubico and bundled at a discounted rate with LastPass Premium. See our help article for more information about getting started with the YubiKey.
Fingerprint and Smart Card Readers (Premium): LastPass has support for a small selection of fingerprint readers, including Windows Biometric Framework, and experimental support for smartcard readers.
Three other things to note about multifactor authentication:
- You can mark your personal device(s) as "trusted", so you do not have to enter your multifactor authentication data every time you login in that location. When you go to a device that is not saved as trusted you will then be required to submit the second form of authentication.
- You can permit mobile access to your data to ensure you can continue using the mobile apps even with multifactor authentication enabled. You can then restrict mobile access to specific devices to prevent unauthorized access on any "untrusted" mobile devices.
- Enabling multifactor authentication will bump up your "Security Check" score by 10 points.
We hope you'll try one of our multifactor authentication options for increased security with your LastPass account!
The LastPass Team
Have a LastPass tip of your own? Or a feature or question you'd like us to cover? We'd love to hear your thoughts at firstname.lastname@example.org.