New Study: The One Big Security Trick People Aren’t Using

Security insiders and IT pros have long talked about the security benefits of two-factor authentication (2FA). But a recent consumer survey by LastPass found that 70% of people don’t use or don’t know about 2FA. It looks like many of us are still in the dark when it comes to this simple way to boost security and stop online attacks.

In our survey, we asked 2,000 consumers if they used 2FA. Only 30 percent of respondents said they use a solution on some or all of their personal or professional accounts. Another 29 percent said they do not use 2FA at all, while 41 percent said they had no idea what 2FA even was.

According to the survey, the leading reason respondents gave for not using a 2FA solution was that the majority (52 percent) weren’t sure how it works. It’s clear that current 2FA solutions fall short of providing a user-friendly experience and simple set-up.

If you’re new to the idea of 2FA, the concept is straightforward: Two layers of security are always stronger than one. With 2FA, a second step is required before access is granted when logging in to an account. You combine something you know (your password) with something you have (your smartphone), or something you are (your fingerprint), or somewhere you are (your trusted location). Only once those required pieces of information are supplied is access given.

Why is 2FA so much better? Because even if a password is stolen or compromised, 2FA ensures that an attacker still can’t gain access to an account. Plus, the login notification can serve as an alert that someone may be trying to gain unauthorized access.

Using a two-factor authentication tool is one of the best ways to keep your data and online accounts safe. And now, it’s also one of the easiest, thanks to LastPass Authenticator. LastPass Authenticator is making it simple and convenient for anyone to follow best practices for protecting their information. Our one-tap push notification makes it dead simple for anyone to authenticate to their LastPass account. It’s fast, convenient, and easy-to-use.

Plus, LastPass Authenticator allows you to activate 2FA for not just your LastPass account, but for many other important accounts as well. Anywhere Google Authenticator is supported, you can also enable LastPass Authenticator, so you can also consolidate your 2FA into a single app.

We’re on a mission to make it simple and convenient for you to follow best practices for protecting your personal information. More great updates are on the way for LastPass Authenticator, so stay tuned!

Research Methodology

LastPass commissioned a survey through Lab42 of 2,000 adults ages 18+ with at least one online account. Respondents represented the United States, France, UK, Germany, Australia and New Zealand. Data was collected May 4-May 18, 2016.



  • Rob Janssen says:

    LastPass Authenticator works great (or at least: just as good as Google Authenticator from which I came). However, I would appreciate it *very* much if the much requested import/export/backup functionality was implemented. The new iPhone is coming up in a few months and I’m *NOT* looking forward of (re)activating all my (20+!) 2FA protected accounts to get the data into my new phone. Lastpass already has a form of encrypted (cloud) storage for LastPass itself so it shouldn’t be *that* hard to store the 2FA secrets either in the same LastPass DB or at least under the same account. I am considering Authy because it does have this functionality and will be switching if this functionality hasn’t been implemented by then (I know this sounds like a ‘threat’ but it’s reality; I’ve done the whole circus twice before (once when I went from iPhone 5 to 6, once to go from Google Authenticator to LastPass Authenticator) and it’s a big PITA to do). Other than that I’m happy with LPA.

  • rwizard says:

    I am a long time user of Yubikey with Lastpass, and because I keep keys in multiple locations, as well as allowing family members to use their Yubikeys (normally used with their accounts) to log in to my account when they need to, I REALLY wish that you would allow enrollment of more than 5 Yubikeys in my account. I first asked for this a couple of years ago, and as an early adopter of Lastpass, I’d be very grateful if this were fixed. The rest of the world may not be using hardware based 2FA, but I use the heck out of it, and so do my friends, family, and anyone else I can persuade about its value.

    I also want to remind everyone that SMS (text message) based 2FA has recently been deprecated by NIST because it is simply too insecure. I would urge folks NOT to use that method. The reason is that there are effective exploits for intercepting SMS messages, allowing an attacker to completely negate the intended benefit of 2FA.

  • Richard says:

    What happens if you can’t access your phone? how does one log-in then? Call you some how? or perhaps get an e-mail then?

  • Colin says:

    2FA is good for people with smart phones, but for people who don’t most 2FA sites will not work. I did have Google’s 2FA turned on for bit, but with my computer listed as trusted I would have to use the 2FA code every time I logged on to google.

  • sylvia Hopkins says:

    Please consider remaking the video re 2FA. She spoke way too fast (we’re supposed to absorb what is to be done!) and several words are not clear enough to be understood.

  • Marco says:

    At the moment, I use Authy. I’m ready to switch to LP Authenticator when it supports backup and sync of my accounts among devices. This is important for two reasons: practicality and security (if my phone is lost, it is not a pain to regain access to all my 2FA-protected accounts).