Google Authenticator, the most recent addition to our suite of multifactor authentication options, is a mobile app that allows you to add a second step of verification to your LastPass account for free (as well as your Gmail and other online accounts). The app generates codes that you enter when prompted to gain access to your LastPass account.If you've been using Google Authenticator as a multifactor authentication with LastPass, you may have recently noticed a warning to update the app. With an error message indicating that the "old" version of Google Auth will no longer be supported, the prompts redirect you to Google Play to install the "new" version. We discovered that Google silently launched version 2 (2.15 to be exact) of Google Authenticator on March 21st - not just an upgrade, but a new app.
If you want to get technical, the new app's program name is com.google.android.apps.authenticator2, while the old one was com.google.android.apps.authenticator. Because version 2 is a new app, and Google appears to be removing the old version from the store, the "update" process is a little more involved. The upgrade prompts will take you to Google Play, where you can install the new version, migrate your tokens, and uninstall the outdated version. If you attempt to install version 2 with version 1 still installed, you'll see prompts to uninstall the latter.
Google offers the following updates to the app in their changelog:
- Updated look and feel
- New entry for Google Play, same great app
- "Scan barcode" and "Manually add account" options moved to Menu > Add account.
To expand on that explanation:
- The signing key used on the old version of Google Authenticator (SHA1 fingerprint:
24:BB:24:C0:5E:47:E0:AE:FA:68:A5:8A:76:61:79:D9:B6:13:A6:00) is also used to sign: Scoreboard, Goggles, Finance, Google Voice, Shopper, Transalte, Chrometophone, Earth, Reader, and a few others.
- The signing key used on the new version of Google Authenticator (SHA1 fingerprint:
38:91:8A:45:3D:07:19:93:54:F8:B1:9A:F0:5E:C6:56:2C:ED:57:88) is used to sign: Google Maps, Google Play Store, Gmail, Google+, Google Chrome and Google Music.
The changes appear to only affect Android devices, so will not affect those running Google Auth on their iPhone.
The LastPass Team
Maybe, next time, specify earlier that this just affects people with xxxxx device (in this case Android) instead of mentioning it in the last line possible :)
ReplyDeleteAnyway, thanks for the update!
(I was unaffected, as you might have surmised ;) )
It was right in the title ...
DeleteThanks Johan, we updated the title to reflect that detail :).
DeleteAmber
It's right in the title.
DeleteIOS users aren't the brightest stars in the sky!
Still extremely happy LastPass supports this type of extra authentication. I wish more were as security conscious as you guys are!
ReplyDeleteThanks you.
I second that!
DeleteThis might be a bit off topic but it looks like Google is abandoning ChromeToPhone app and migrating to a more generic ChromeToMobile. Chrome Dev 19 has it built-in.
ReplyDeletethank you for the nice update
ReplyDeleteIs it possible to set up my LastPass account so that the Android LastPass app uses Google Authenticator (on the same device) for additional authentication?
ReplyDeleteI use YubiKey for PC logins and don't want to change that. If the mobile LastPass app could invoke Google Authenticator it would prevent someone accessing my LP account on another mobile device. (my phone doesn't have NFC, so the LP Neo isn't an option)
Thanks for the comments, we may offer other options in the future but at the moment only one multifactor device can be enabled for an account at a time.
Delete