Introducing Support for Google Authenticator

We’re happy to announce the inclusion of Google Authenticator as a new multifactor authentication option for LastPass. With the latest LastPass plugin and a supported mobile device, you can now use your phone in conjunction with your master password to generate a secure key that is needed to login to your account. Authenticator token support has been a hotly anticipated addition to LastPass, and we’re happy to make good on that obligation to our users.

We strongly believe in multifactor as being an excellent way to protect your sensitive data, and so we are opening this feature up to all LastPass users, including free accounts. For further information on setting up your account with Google Authenticator, or running it on unsupported devices, please see our helpdesk article.


  • I have tried and tried to make this work without success. Google Authenticate on my iPhone works fine with my Google account, but not LastPass. It seems LastPass wants me to delete my current GA configuration and scan a new barcode. I do not want to lose two-factor authentication of my Google account.

  • I see multiple mentions of SMS with Google Authenticator, but no mention of how to actually use the SMS portion of Google Authenticator. Any idea how to make Lastpass use Google Authenticator and have it use SMS instead of a time-based code?

    • Amber Gott says:

      Hi David: We don’t currently support the SMS-capability of Google Auth. It’s something we’ve considered though, and may revisit in the future.

  • Anonymous says:

    Could someone please explain how to recover my 2 stage auth if Google Authenticator fails? Cause GoogAuth has failed me several times for no apparent reason and I’ve had to use their recover key.

    • Amber says:

      If you’ve enabled it for LastPass and the app fails or you lose the device, you can choose the “disable” option when you next login to your LastPass account. We’ll send an email to your account email address (or security email address, if you have one set), you can then disable GAuth and re-enable it when you’ve fixed the app/downloaded it to a new device. If the GAuth app itself fails, though, there may be other issues at play, Google’s troubleshooting steps may be of help:

  • KVM Switches says:

    This is such an amazing feature for LastPass. I’ve used Google Authenticator for my Google account ever since it was introduced, and I’ve never had a reason to turn it off. Given I have an Android device, so it’s easier for me to utilize this, but it’s still such a great security feature. In “friendly” environments, you should be able to use key authentication instead of a password which is more comfortable and secure. Using Google Authenticator and key based authentication should work fine.

  • Anonymous says:

    Wow thanks! I feel much safer now!

  • Anonymous says:

    @Drew. I highly doubt you “develop stuff that would make your head spin” if you don’t understand multifactor authentication.

    Multifactor authentication combines something you know with something you have.

    Using Authenticator in conjunction with your account means you have to have both your master password and a six digit code from Google that changes every 30 seconds in order to log in.

    If you lose your phone, Google has some backup methods of obtaining a code. The process for obtaining these codes and revoking access to the phone’s codes is detailed on Google’s website. Even if someone took your phone, and you hadn’t yet deactivated it, they would still need your master password to log in.

  • Drew says:

    Honestly, this is way too complicated, or else not explained clearly enough. I develop stuff that would make your head spin, but can’t sort out how this system works and what the potential pitfalls are. What if my phone gets stolen? Oh, I click that thing your supposed to click when you lose your phone. Wait, how the heck will I remember where THAT is? (When I am upset/panicked because my phone has been stolen). And what is to keep the crook from clicking that and taking over everything? It seems to me if this one object (my smart phone) gets in the wrong hands, I am totally screwed. How is that safe???

    The crew at LastPass needs to get their heads into the real world long enough to realize there is a need to explain things SIMPLY and in LAY TERMS so people know what the heck is going on and can REMEMBER it. As it is you’re explaining things at a level that only security professionals (or enthusiasts) can understand and evaluate. I don’t think you even realize it!

  • lucasbfr says:

    Awesome feature but if I may, this is something you should have been added for premium users only, that would have differentiated further free and premium versions.

    I’m still a very happy free user ;)

  • Anonymous says:

    I tried it and it immediately locked me out of my gmail acct. on my desktop. It would not recognize my password or allow any access although I could still access it on my iPhone. I had to reauthorize everything to get back into my account. No thanks.

  • +1 for B’s comment regarding using backup access codes like how Google’s 2-step verification works. I store my email password in LastPass so if I were to ever lose my phone I could lose access to LastPass and email.

  • Anonymous says:

    I, too, would like to see SMS verification (as I don’t own a smartphone).

  • Phantas says:

    OMG! This…is…awesome! Frikkin love it! THANK YOU!

  • IBAN says:

    Great, Great, Great! I love Lastpass. Now even more.

  • Bob says:

    Love it, this is the one feature I’ve been missing :-) You guys are awesome.

  • Anonymous says:

    Only 1 person has pointed out that google has way too much access to our ptivate info. Improvements to secutiry are great but not at that expense. They log hold store analyse and distribute our data in many many instamces. Just read their terms of service. So why would this be an exception? Its time WE got as smart as our smart apps.

  • Anonymous says:

    Great idea! Thanks

  • Is there any chance that this app will be available for Symbian any time?

  • MotorDad says:

    I use Yubikey on desktop/laptop, and am satisfied with that level of multifactor. How does GoogleAuth help make my iPhone Lastpass more secure? My understanding is via iPhone all someone else would need is my UserID and password, unless Lastpass is monitoring EIN/SIM/MAC addr of the mobi. Someone please educate me on this.

  • Daniel15 says:

    I’d love to see support for Verisign VIP. My phone (a Nokia E63) doesn’t support the Google authenticator, but does support Verisign VIP (which I can use on and PayPal)

  • Anonymous says:

    A Third hand up for GA for mobile and Yubi for desktop please! If I could use Yubi for phone, now that’s the option I’d prefer.

  • Anonymous says:

    Nice idea but the Google Authenticator app never worked for me, the numbers it generated were just never accepted and I had to use text message authentication instead, which works fine actually.

  • Anonymous says:

    You can’t use GA for mobile devices and yubikey for desktops ! Do you foresee an evolution ?

  • Javadog says:

    Any chance this will make its way to Windows Phone?

  • Anonymous says:

    Thank you so much, now I can rest assure I’m safe and I can use your generated password

  • David Lee says:

    2-factor authentication is great. Please now do this with AuthAnvil and you’ll have a true business service that I can use with my clients.

    Check out your own forum thread @

  • Anonymous says:

    Man, I am so infinitely torn right now. I would absolutely love being able to ditch the piece of paper I have planted all over the place (grid option) for this, but having to activate 2-factor on my Google Account for it to work is kind of killing the deal for me. There’s the potential of getting locked out of Google and LastPass if I can’t get the text message for some reason (since you can only auth a trusted system for 30 days) and barring that, I would need to create application passwords for my phone, e-mail and tons of other crap that doesn’t support the two factor. Appreciate it, but looks like I’m going to be sticking with grid auth unless a stand alone app comes along sometime )=

  • Anonymous says:

    Thank you for this innovative step, Lastpass

  • Stephan says:

    I have been using YubiKey since the beginning to protect my LastPass. It is not working on mobile devices, though. The introduction of Google-Authenticator-support is a really great thing and makes safe passwords for even more people easily available. I am know able to use 2-factor-auth on my smartphone, too! Great! Thank you for that innovative step!

  • Anonymous says:

    I love LastPass! Keep doing what you are doing! Adding GA is tight and awesome! I tell all my friends and employees about you all the time! Thanks for making me look good!

  • bill says:

    Is Google authenticator supposed to work with Linux? I haven’t tried it recently, but when it first came out last month I couldn’t get it to work with Firefox in Linux Mint.

  • Anonymous says:

    Personally I think this is sad, I think goggle is dangerous they are into our private lives way to much. Do your homework.

  • Eitan says:

    Fantastic guys , keep the hard work up and keep it simple . . . And I’ll keep to pay

  • dmcgee says:

    OK … this is really good.

    One more step and your where I’d like to see this go…

    I want bluetooth integration between my mobile device receiving a one time 2-factor token and the lastpass app on my pc/tablet. And I want it to happen automagically!!

    Great Stuff…. Keep it coming and I’ll keep paying!!

  • Danny Walker says:

    Fantastic work you guys. I love lastpass and google authenticator. very glad to see these two fantastic services combined :)

  • Anonymous says:

    Regarding the GUI of LastPass, my main problem is while the Firefox version is fine as is the IE plugin, all other versions have the menu text on the left… then like double the amout of space, in other words, the menus are WAY too wide and are clumsy. It appears to me like IE and Firefox toolbar buttons are using the standard Windows GUI controls for menus, whilel the others are like… manually drawn since they look like white boxes instead of actual “menus” in the traditional sense. This happens in Chrome, Opera, and the other thing is a non standard interface… like Safari’s interface looks completely unlike the other ones. Also the menu items I think could be organized a little better and not as randomly placed. Local pass valut (chrome://) is ugly and outdated. LOL. What a hater I sound like. I’m not. The functionality is great, it serves its purpose well; and despite my complaints, I’m about to pay for the Premium service, even though I really wouldn’t use any of those extra features besides the iPhone app. That would be nice.

    Speaking of — you have a plugin for dolphin HD for android? what about the dolphin browser for iPhone? I’m not positive if it supports plugins or not though. I want to say no, not as of now, but I use that one and I’d like to see LastPass for dolphin/iphone.

    I am very interested in employing GA as a way of multi-factor auth, but I need to read more about it to educate myself. For instance, third party apps that authenticate via Google using OpenID, from what I’ve read you have to change to specific passwords that google generates or something. I’m thinking of going with like.. quad or quint factor authentication. I’ll use lastpass to manage the passwords, google authenticator, also use the grid and a yubi key, and then taking it out of the box here… I’m giving the only copy of my grid to my brother. so I will have to contact him to get a grid code. That makes things double blind, like in science. Also I’ll make him give me a fake code along with the real one… placebo. I’m going to make everything so secure I will most likely prevent MYSELF from hacking into my passwords, or logging into any of my sites. That’s secure.

    Also thinking of dual control bioauthetication. Retina scanners. One here, one offsite in an undisclosed location. I’m not gonna tell you whose eye will be required. I won’t even know.

    Psych. Just throwing you off the trail. This is where the real mind “f” comes in. the second eye is gonna be… MY OTHER EYE! the scanner’s gonna be over at my neighbor’s place. How like… did you imagine the second eye was also gonna be mine? You didn’t did you…?

    That’s the beauty of it! You’ve always gotta be one step ahead of the hackers. One told me he’d haQ my saQ whatever that means, but I’m ready now.

  • Anonymous says:

    Any chance for a redesign of and the Chrome extension? I can’t help, but lastpass has the ugliest UI in the world. Even MS-DOS has been better looking. Sorry, but truth.

  • Anonymous says:

    Awesome new feature, I love lastpass!

  • Mykintosh says:

    Great staff.But russian manual make me laugh :-)
    Made by google translate.

  • How do I use authenticator with lastpass mobile? You cant use both same time?

  • Anonymous says:

    After being hacked earlier in the year i’m glad to see that you have finally rolled out another 2 step login.

  • KhaaL says:

    YES! finally! THANK YOU! You can’t imagne how much I’ve been looking forward to burn my grid and never see it again!