LastPass now offers the ability to create a time-based one-time passcode (TOTP) in the LastPass vault for Enterprise and Identity users. Time-based one-time passcodes (TOTP) are a form of two-factor authentication (2FA) that add additional security for each login. When a user is logging into a website or application, a TOTP requests that the user provides a verification code to ensure that the individual requesting to login is who they say they are.
TOTP differentiate from the LastPass Authenticator or LastPass MFA application as it is only for Vault site entries as opposed to externally saved sites or applications.
With TOTP, users can secure websites and applications with two-factor authentication to prevent data breaches. LastPass will store the TOTP next to the password of a site to provide simple access to protected sites.
In addition, for shared sites that require two-factor authentication, LastPass offers the ability to share TOTP in order to allow users to access the same site (using the same site credentials) without disabling a secondary form of authentication. This will simplify access for team passwords, such as social media accounts, IT administrator credentials, or shared portal logins.
Admins will have the ability to turn this feature off for their end-users through a new policy, called ‘Don't show TOTP in vault’. When this policy is enabled, end-users will not be able to see the TOTP option in their LastPass vault.
Like all LastPass vault records, the codes are encrypted, backed up and securely synced to all your devices.
To learn more about how to create a TOTP code, read this article.