Introducing Toopher and Duo Support for LastPass

We’re excited to announce that two new options join the family of multifactor authentication methods we support with LastPass! LastPass now supports Toopher and Duo, both of which can be run from your Android or iOS smartphone and are free for consumers.

We’ve talked up multifactor authentication over the last few years and especially in the last several months as it marks a growing trend in personal security. Multifactor authentication refers to the use of a second piece of information or a device that generates that information before allowing access to an account. By adding a second step, you’re requiring that two pieces of data be entered by a user – typically a username and password that the user knows, then a code or generated key that the user provides with a device or app. Adding multifactor authentication creates another barrier to entry, so that even a compromised password does not translate to a compromised account. By enabling multifactor authentication with your LastPass account, you’re significantly increasing the security surrounding the “hub” of your online life.



To get started with Toopher:

  • Download the Toopher app from the app store on your device.
  • Start the app on your device.
  • Login to LastPass and launch your “settings” menu in the LastPass vault.
  • Click the “multifactor options” tab and select “Toopher”.
  • Switch Toopher to “enabled”, and enter the pairing phrase generated by the Toopher app on your mobile device. Select the “=” button on the Toopher app to generate this phrase.
  • Look for the “push notification” on your phone, and select “allow”.

Toopher is now enabled for your LastPass account. You can automate authentication by telling your mobile device to automatically log you in next time, by sliding the “automate when near here” slider. Toopher will automatically enable authentication for you when you’re in the same location logging in to the same computer.


To get started with Duo:

  • Download the Duo app from the app store on your device.
  • Start the app on your device.
  • Login to LastPass and launch the “settings” menu in the LastPass vault.
  • Click the “multifactor options” tab and select “Duo Security”.
  • Switch the status to “enabled” and select the link to enroll in Duo.
  • Enter your telephone number, and send yourself the text message.
  • Follow the steps to complete enrollment.
  • Once complete, ensure that you’ve also “updated” your LastPass settings.The next time you login to LastPass, Duo will send a “push notification” to your phone, and allow you to “approve” login.

We offer a range of other multifactor options, both free and Premium, so be sure to pick one that best suits your work flow. For more details on available options, see our list here:

Have you tried multifactor authentication? What do you think? Will you try Toopher or Duo?


  • Zach says:

    Thanks for adding support to more services! I’ve recently replace Google Authenticator with Authy and I would love to see LastPass support native Authy push as well!

  • Anonymous says:

    Please, just add SMS/TEXT as an Multi factor method. It is much safer, and less of a hassle, I think. Google uses that method too. And I love it. No phishing site can send me the sms code, while it can ask me for the Google Authentication code.

    Furthermore, the data from Apps can be stolen. I.e. the Google Authentication data (and others) can be stolen, while it would be far more difficult to intercept an sms/text message.

    And last but not least. I switch phones a lot/ perfom factory resets/ change my phone ROM, etc. Every time I get locked out from Lastpass, because I don’t have the multifactor auth. app anymore (Google Authenticator/Toopher etc). This would not happen when Lastpass sends me a sms/text message.

    • Razii says:

      If you print (or save it someway) QR code that is shown during enabling Goggle Authenticator, you can reinstall google authenticator on a new phone and use the same QR code to get 2FA back on a new phone. As for stolen data, if your phone is encrypted and not rooted, it’s not easy (if not impossible) to steal GA data from the phone.

  • Anonymous says:

    I have been using Sesame as my Multifactor Authentication tool for the past couple of years and it’s been great. Love the additional layer of protection that it provides, and I’d never go back to Singlefactor Authentication now.

    Recently changed to Duo as it makes sense since I always have my mobile phone with me and saves me carrying around my special USB drive. So far, it’s proven to be a fabulous combination. Takes only a couple of minutes to set up, and so far it’s been a dream to use.

    As for a couple of the questions re: what if I lose my phone? That was my initial question / concern, as at least with Sesame I could deactivate it via my security email.

    After a bit of sussing around, I found out that I can simply delete that phone from my Duo account and then use another mobile phone (an older NON-smart phone can also work) or even a landline (yes, a few of us still have one of these too at work or even home).

    So the Lastpass and Duo combo seems pretty good. (Toopher also looks pretty good yet I have yet to try that one to comment.)

  • Anonymous says:

    I have just sep up toopher and had the exact same thought: what if I lose my phone?

  • Anonymous says:

    interesting, but what if you loose your phone or other way that make you no more have your phone ? what will happen to your lastpass account ? you’ll be able to log and modify the authentification ?