Introducing Support for Google Authenticator

We’re happy to announce the inclusion of Google Authenticator as a new multifactor authentication option for LastPass. With the latest LastPass plugin and a supported mobile device, you can now use your phone in conjunction with your master password to generate a secure key that is needed to login to your account. Authenticator token support has been a hotly anticipated addition to LastPass, and we’re happy to make good on that obligation to our users.

We strongly believe in multifactor as being an excellent way to protect your sensitive data, and so we are opening this feature up to all LastPass users, including free accounts. For further information on setting up your account with Google Authenticator, or running it on unsupported devices, please see our helpdesk article.

97 Comments

  • KVM Switches says:

    This is such an amazing feature for LastPass. I’ve used Google Authenticator for my Google account ever since it was introduced, and I’ve never had a reason to turn it off. Given I have an Android device, so it’s easier for me to utilize this, but it’s still such a great security feature. In “friendly” environments, you should be able to use key authentication instead of a password which is more comfortable and secure. Using Google Authenticator and key based authentication should work fine.

  • Anonymous says:

    Wow thanks! I feel much safer now!

  • Anonymous says:

    @Drew. I highly doubt you “develop stuff that would make your head spin” if you don’t understand multifactor authentication.

    Multifactor authentication combines something you know with something you have.

    Using Authenticator in conjunction with your account means you have to have both your master password and a six digit code from Google that changes every 30 seconds in order to log in.

    If you lose your phone, Google has some backup methods of obtaining a code. The process for obtaining these codes and revoking access to the phone’s codes is detailed on Google’s website. Even if someone took your phone, and you hadn’t yet deactivated it, they would still need your master password to log in.

  • Drew says:

    Honestly, this is way too complicated, or else not explained clearly enough. I develop stuff that would make your head spin, but can’t sort out how this system works and what the potential pitfalls are. What if my phone gets stolen? Oh, I click that thing your supposed to click when you lose your phone. Wait, how the heck will I remember where THAT is? (When I am upset/panicked because my phone has been stolen). And what is to keep the crook from clicking that and taking over everything? It seems to me if this one object (my smart phone) gets in the wrong hands, I am totally screwed. How is that safe???

    The crew at LastPass needs to get their heads into the real world long enough to realize there is a need to explain things SIMPLY and in LAY TERMS so people know what the heck is going on and can REMEMBER it. As it is you’re explaining things at a level that only security professionals (or enthusiasts) can understand and evaluate. I don’t think you even realize it!

  • lucasbfr says:

    Awesome feature but if I may, this is something you should have been added for premium users only, that would have differentiated further free and premium versions.

    I’m still a very happy free user ;)

  • Anonymous says:

    I tried it and it immediately locked me out of my gmail acct. on my desktop. It would not recognize my password or allow any access although I could still access it on my iPhone. I had to reauthorize everything to get back into my account. No thanks.