6 Ways to Lock Down LastPass on iOS

By October 13, 2014 Mobile 11 Comments
LastPass offers many security features to help you protect your account and be safer online. Did you know there are also mobile settings to help you better secure your LastPass app? Check out these 6 mobile security features for iOS today:

1. Use Multifactor Authentication

As we’ve mentioned before, multifactor authentication adds another layer of security to your LastPass account by requiring a second login step before allowing access to your vault. Usually this means entering a code or otherwise proving that you are who you say you are.

LastPass is compatible with many multifactor authentication options that are also available for mobile use. Apps like Duo Security, Toopher, Transakt, and Google Authenticator all install on your mobile device and allow convenient mobile access, while still maintaining the security benefits of running multifactor authentication with LastPass.

2. Add a Fingerprint Prompt with Touch ID

With the release of iOS 8, LastPass now supports Touch ID verification as an alternative to the master password reprompt on the iPhone 5S and 6. This means that when you turn on master password reprompt options, account-wide or on a site-by-site basis, you can use Touch ID as a replacement to entering the master password when using the LastPass Safari extension (and we continue to expand this new feature!). In situations where the app would prompt for the master password, you’ll instead be prompted to authenticate with your finger. For more on setting up and using this feature, check out our video tutorials.

3. Restrict Access to Specific Mobile Devices

Whenever you login to the LastPass mobile apps, LastPass remembers that mobile device for you. On your desktop, you can see this list by opening your LastPass Vault, launch Settings, and view the Mobile Devices tab. Any smartphone or tablet you’ve used with the LastPass app will be listed there, with a unique identifier for each device.

LastPass then lets you restrict your logins on mobile devices to just that list. So, let’s say you have an iPhone and an iPad that you use regularly. After logging in to those devices, you could launch your account settings and check the option to restrict login to those two mobile devices only. If someone were to ever try logging in on another mobile device that isn’t on the list, they won’t be able to complete the login. And if a device is ever lost or stolen, you can disable it in your Mobile Devices settings, or you can delete it completely to remove it from the list of permitted devices.

4. Require a PIN Code when Returning to the App

In the LastPass iOS app, you can open the settings menu to toggle the “Use PIN Code” option. Enabling the PIN reprompt options allows you to protect your LastPass app by requiring a PIN code every time you multitask away from and then back to the app. It’s more convenient than constantly re-entering your master password, but more secure than leaving your app logged in and unprotected.

5. Logout Automatically When You’re Not Using the App

To ensure your LastPass app logs out when you’re no longer using it, you can go to the app’s settings menu to tap “Never logoff when idle” and set a time limit. If you’re using the app and then multitask away for a while, your session will end and you’ll be logged out when the designated amount of time has passed.

6. Safely Remove Data by Clearing the Clipboard

If you’ve been copy-pasting any data from the LastPass app to other apps on your phone, you can open the LastPass app settings to tap “Clear Clipboard”, to ensure that the last thing you copied will not be usable.

Try out these features today by downloading the LastPass app from the App Store, and subscribing to LastPass Premium.

11 Comments

  • Anonymous says:

    I have 6 devices listed in my “mobile devices” tab but I only use two mobilte devices to access LastPass. How do I figure out which ones are mine and delete the others? And how would this have happened?

  • Anonymous says:

    Can I log into iOS 8 Lastpass app using fingerprint instead of master password?

    • Amber Gott says:

      Currently, no. We may update the app to support unlocking it with Touch ID, but you’ll still need to login at least once initially to authenticate with the master password, as that’s part of the encryption key for your LastPass account.

  • Anonymous says:

    Just. Wow. The touchID hook into Safari makes this a killer feature for iPhone 6. Well done, Team LastPass. Loving it.

  • Anonymous says:

    Is it not recommended to set LastPass to remember your password in the iOS app but enable the PIN access? It’s definitely been nice not having to type in the master password every time in logging on through mobile, but I was just curious how this works. I’m assuming the password is stored locally?

    • Amber Gott says:

      Correct, we warn against storing the master password with the “remember password” option, since data does have to be stored locally for LastPass to perform the check on login and it also increases the likelihood of forgetting the master password. For technical specifics of how the feature works, please reach out to the team at https://lastpass.com/supportticket.php

  • Anonymous says:

    Will you be adding an option to auto clear the clipboard after X seconds? Would be nice to have auto clear the clipboard after logout too.

    • Amber Gott says:

      It’s been submitted as a feature request, it’s tricky because the app has to be running in order for the clipboard to be cleared, we may be able to make it clear when the app is killed. We’ll keep looking at improvements to the security features – thanks!

  • Can you also use the TouchID sensor when returning from multitasking instead of a PIN?