Oct 23, 2013

LastPass Now Supports Transakt Multifactor Authentication

In an effort to continue bringing great new technology to our users, we've added support for Transakt to our family of multifactor authentication options.

Transakt is a mobile app developed by Entersekt that provides banking-grade multifactor authentication via your mobile device. Transakt adds a second authentication layer to your LastPass account, allowing you to approve your login by responding to a simple Accept or Reject prompt directly on your smartphone or tablet.

With the ever-increasing number of online and mobile accounts amongst today's consumers, attacks are at an all-time high as advanced technology capabilities are used to steal valuable information and personal data. Transakt protects you against threats such as phishing, man-in-the-middle, man-in the-browser, and replay attacks. It’s free to install and a snap to configure for use with LastPass.

Getting Started with Transakt


After you have completed the LastPass installation, do the following:
  1. On your mobile phone or tablet, go to gettransakt.com.
  2. Install the Transakt app.
  3. On your computer, go to My LastPass Vault and log in using your email address and your LastPass master password.
  4. From the Actions menu, click Settings.
  5. Click the Multifactor Options tab and select Transakt.
  6. From the Transakt Authentication list, select Enabled. A popup screen displays a unique sign-up code:
  7. Open the Transakt app.
  8. In the Introduction screen, click Let’s begin. In the Transakt Signup screen, do either of the following:
    Click Scan code and scan the code displayed on your computer screen.
    Click Enter code and type in the eight-digit code.
  9. On your computer, click OK when you receive the message that Transakt authentication has been successfully set up.
  10. On the Multifactor Options page, click Update.
  11. When prompted, enter your LastPass master password.
  12. Log out of LastPass. The next time that you log in to LastPass, an authentication request will be sent to your Transakt app and you can simply click Accept.
Let us know in the comments below if you give Transakt a try!

34 comments:

  1. So, Transakt is 'instead' of Google Authenticator right? Instead of typing in the whole number, you just press Accept or Reject?

    ReplyDelete
    Replies
    1. It's very easy to use and the app appear more responsive than the DUO app - not sure why..

      Delete
    2. The app crashes every time I try to run it on my Sony so I have no idea how "Easy" it is. Google Authenticator feels as convenient as having a key to a lock box that holds your house keys, under a mat at someone elses house a few miles from yours.

      Delete
  2. Whats the deal with the LastPass OTP generation on the Transakt app?
    The OTP is only 8 characters long and doesn't seem to work.
    Am I incorrectly assuming it's for LastPass (despite it saying so on the app)?

    ReplyDelete
    Replies
    1. Yeah..same for me. Maybe I dont get it? I did all the steps above. Then logged out from Lastpass. I can only log in with my master password, nothing happens in the app.

      Delete
    2. Herman below is correct - this is a Transakt OTP for use when your device is offline, rather than a LastPass OTP. Hope that clarifies.

      Delete
    3. Ok, thanks Amber. I misundetstood the use of this app then :)

      Delete
  3. OTP generation should only be used if you do not receive the authentication message (for example when you do not have network coverage/Wifi connection)

    ReplyDelete
  4. This comment has been removed by the author.

    ReplyDelete
  5. hmm..I have a concern with the way Transakt works.
    What if I lose my phone and try to login to LastPass. Somebody who has possession of my phone(assuming no pin/password lock) can simply click 'Reject' and prevent me from logging in?

    Seems like a disaster waiting to happen.. :/

    ReplyDelete
    Replies
    1. I really hope you do not lose your phone, but if it does happen you can always disable Multifactor authentication on LastPass and register your new phone with Transakt following the same steps :)

      Delete
    2. Herman, but I can't disable 2-factor auth because I can't login into LastPass account because somebody is actively pressing Reject...

      If a device is actually lost or broken or has pin/password situation is slightly different in that LastPass won't get an active Reject signal...

      Delete
    3. This comment has been removed by the author.

      Delete
    4. If you reject the 2-factor auth message you will get the following alert:
      "Multifactor authentication failed!
      Would you like to disable multifactor authentication?"

      You can then disable 2-factor authtentication using LastPass's validation process.

      Delete
    5. Ok, then I guess it's not as bad as I thought. :)

      Delete
    6. If you can disable multi factor authentication, what is the point of it?

      If you choose to disable multi factor authentication, the fall back meganism to validate your identity relies on your email. Which is a plain text transferred over the internet.

      I like the idea of a list of pre-generated codes (like google uses when you use 2-factor auth) better than fall back on email.

      At east, I would like the option to disable the ability to disable 2-factor authenication using emali.. - get my drift?

      Delete
  6. How can I login, when my Phone is offline? Where would I enter the OTP?

    ReplyDelete
    Replies
    1. At login Lastpass displays a dialog:
      "Please complete multifactor authentication on your phone or mobile device.
      Alternatively, enter a passcode in the box below:"

      There is a textbox where you can enter your OTP.

      Delete
    2. On all my browsers (Safari,Firefox,Chrome) on OSX this text box doesn't appear. And the text is also just "Please complete multifactor authentication on your mobile device."

      Delete
    3. Sorry to hear of the trouble, Steph. Are you seeing the prompts to accept or reject the login on your mobile device?

      Delete
    4. If the mobile device is online the prompt works, yes. But if I take the phone offline, as it would be if I'm abroad (no data roaming), I should be able to enter the OTP. No text box -> no OTP...

      Delete
    5. The OTP textbox does not appear on browser plugins. It only appears when you login at the lastpass website.

      Delete
  7. SQRL will be the answer we are all looking for. Google SQRL for more information.

    ReplyDelete
  8. I don't necessarily agree. The info about the account is stored centrally, and I have to snap a QR code every time I sign in?

    ReplyDelete
  9. Transakt worked well enough on web/PC logins. I did have to manually activate the Transakt app on my Windows Phone device otherwise I wouldn't receive notifications.

    Transakt seemed to do nothing for mobile LastPass. In fact, after entering my master password, I eventually get a message that says "Multifactor authentication required! Upgrade your browser extension so you can enter it." which is a very perplexing message indeed.

    ReplyDelete
  10. bug on Ubuntu 13.10 , Chrome & Lastpass 3.0.0 :
    1. the icon stay black, as there was not conenction on the server
    2. the sites are not reported when click on the icon, and the form stay blank, even if sites were filled in before v3.0.0 ...

    ReplyDelete
    Replies
    1. Please reach out to our team here: https://lastpass.com/supportticket.php so we can debug this with your account directly.

      Delete
  11. I have LP Wallet on my iPad, but it only accepts a password as normal. Is the mobile app Transakt aware?

    ReplyDelete
    Replies
    1. Yes, I can confirm the app is Transakt aware. If you're still seeing errors, please reach out to the team: https://lastpass.com/supportticket.php - also ensure that this device is not set as "trusted" in your LastPass Icon > My LastPass Vault > Settings > Trusted Devices.

      Delete
  12. Can anyone confirm that Transakt, like Duo and Toopher, can only work with one mobile device at a time. Consequently, if two people use the same LastPass account, they cannot each use their own mobile devices as the second authentication factor?

    ReplyDelete
    Replies
    1. Yes, this seems to be the case, at least when using the "push" feature with LastPass. You might be able to use OTPs on the second device, but we have not fully tested this scenario.

      Delete
    2. Please test it. My wife could have the "push" feature and I could use the one time password feature. I would use Transakt if that worked.

      Delete