LastPass Authenticator Makes Two-Factor Easy

Exciting news! Today we’re introducing LastPass Authenticator, a free two-factor authentication app for your LastPass account and other supported services. LastPass Authenticator offers simple, secure two-factor authentication by generating 6-digit, time-based passcodes or sending you a push notification for one-tap login to LastPass. With a user-friendly experience, simple set-up, and convenient push notifications, LastPass Authenticator is an ideal option for you to boost your security.

What Is Two-Factor Authentication?
Two-factor authentication has emerged as a way to go beyond the password and add even more security to the accounts we need to protect. Two factors are always stronger than one, and here at LastPass we’ve always recommended two-factor authentication for optimal security.

The first “factor” is typically a username and password that the user enters. The second factor is typically something the user has (like a generated code), something the user is (like a fingerprint), or even somewhere the user is. Requiring both is what adds additional security to an account. Even if the password for an account is compromised, an attacker would be thwarted in their attempt to access that account without the additional login data.

LastPass was one of the first password managers to offer two-factor authentication integration and we currently support 15 different options. Now we’re adding another option that’s convenient and easy for LastPass users!

Why LastPass Authenticator?
Here’s just a few of the reasons we think you’ll love our new app:

  • Enjoy a better experience: LastPass Authenticator offers user-friendly, secure two-factor authentication with simple set-up and one-tap login to LastPass.
  • You choose how to login: The app supports 6-digit generated passcodes, SMS codes, and automated push notifications that let you approve or deny a login in one tap.
  • Use it with more than LastPass: Enable LastPass Authenticator anywhere Google Authenticator is supported.
  • Leverage what you already have: You always have your smartphone with you, so there’s no need to keep track of extra devices.
  • Add more security: Protect from man-in-the-middle attacks by utilizing a different channel than your primary authentication (where your username and password are submitted).
  • It’s free!

We’re on a mission to make it simple and convenient for you to follow best practices for protecting your personal information. With LastPass Authenticator, it’s easier than ever for you to turn on two-factor authentication for your LastPass account and other services.

How LastPass Authenticator Works
Getting started with LastPass Authenticator is fast and simple! LastPass Authenticator is a free mobile app available today on the app stores for iOS, Android, and Windows Phone.

Here’s how you can activate LastPass Authenticator with your LastPass account:

  1. Head to the app store on your mobile device and download the app.
  2. On your desktop or laptop, login to LastPass and open your vault.
  3. Launch “Account Settings” from your vault.
  4. Under “Multifactor Options”, edit LastPass Authenticator.
  5. Follow the prompts on your screen, view the barcode and scan it with the LastPass Authenticator app.
  6. Set your preferences and save your account changes.

Screenshot 2016-03-15 09.57.42

When you next login to LastPass or another supported vendor service:

  1. Open the LastPass Authenticator app to generate a 6-digit, 60-second code or approve the automated push notification or send yourself a code via SMS.
  2. Enter the code into the login prompt on the screen or approve the authentication request.

Graphic-1

Note that push notifications are available for logging in to LastPass accounts only.

Use It Everywhere You Use Google Authenticator, Too
LastPass Authenticator is also TOTP compliant, meaning it’s compatible with all apps and websites that support Google Authenticator like Facebook, Dropbox, Evernote, WordPress, and many more. That means you can conveniently manage two-factor authentication for multiple services, all from LastPass Authenticator.

Get the App Today!
Get more protection for your LastPass account and turn on easy two-factor authentication today. We think you’ll love the easy integration with your LastPass account and the user-friendly authentication options.

 

99 Comments

  • Myron says:

    Amazon 2FA does not work – I get an “invalid qr code” error every time I try to add it.

  • SC says:

    Can’t get it to take on Dropbox. Just says invalid QR code.

    Also, seems no way to add accounts without a QR code. Google authenticator can accept typed codes.

    • Anatoly_LP says:

      The new Android release that corrects the QR code scanning is available now, and the iOS release is waiting for Apple’s approval, and should be available in a few days. If you still have issues with the new releases, please contact our support staff at https://lastpass.com/supportticket.php

      The request for adding services manually has also been logged with the LastPass Authenticator team.

  • Christophe-Marie Duquesne says:

    1. Could you please explain what is the advantage of lastpass authenticator over other authenticator solutions? It looks like to me that FreeOTP and google authenticator can do exactly this same job. Personally I prefer using FreeOTP because it is opensource+independent. Why should I switch to lastpass authenticator?
    2. It would be nice if the lastpass apps were opensource and available through F-Droid, so that a. we can verify things such as the fact that lastpass only uses the password to decrypt the password database locally, and b. people who are using cyanogen and do not want to be spied by the google apps can install it without google play.

  • Jay says:

    Would it be possible to bake LastPass the two factor authentication portion into the main Lastpass app? This is the way Twitter works and I appreciate having that baked right in. Since a lot of people already have their accounts setup in other apps (Authy, Google Authenticator, etc), it doesn’t make sense to switch apps, especially when some don’t have export functions and the new Lastpass Authenticator doesn’t yet support importing.

    • Anatoly_LP says:

      Hi,

      We wanted to have a completely free option for our customers to use, with both LastPass and other apps. Unfortunately it couldn’t work as a 2FA for LastPass accounts if it was in the main app.

  • SL says:

    Does it backup your tokens in Lastpass? When a phone is replaced do you have to set it all backup or is it restored?

  • CWoods says:

    Why do you require a secondary phone for backup purposes in order to use the LastPass Authenticator?

    • Anatoly_LP says:

      Hi,

      We recommend a secondary phone just in case your primary is lost or stolen, but it is not an absolute requirement, so you can enter any phone number you like.

      • CWoods says:

        You can not opt not to enter a second phone number and you can not simply put in any number you like as a) you don’t want this information going to some random number and b) if you say put in the number of your home phone (for those that still have them) you still can’t proceed as there’s no way to receive the 6 digit code on such a phone number to complete the activation.

        So it is in fact an absolute requirement – as you can’t complete the enabling w/out it. It is not optional.

        I had no such requirement back when I activated the Google Authenticator for LastPass…

    • Sjaak says:

      I assume you would otherwise lock yourself out if your phone is not working or unavailable for use.

      • CWoods says:

        I don’t believe that is the case at all here. I have enabled the Google Authenticator previously which, while not as tightly integrated serves similar function and that did not require me to specify a secondary phone.