Two-step verification in LogMeIn Central

Two-step verification, or multifactor authentication adds a second layer of protection to your account.

Once you set up two-step verification, your login procedure changes: After entering your LogMeIn ID and password, you are also required to verify your identity using either a mobile authenticator app or text message (or using a backup method, which can be either text message or email). For instructions on setting up two-step verification, see Set up multifactor authentication for your account. After setup, you see the following additional screen during login:

With two-step verification, you will be able to log in with the following components, versions, sites:

LogMeIn.com
Host software for Windows, 4.1.4141 and above
Host software for Mac, 4.1.4132 and above
iOS app, all versions
Android app, all versions except "Ignition" branded versions
join.me (all components), all versions

You will be unable to log in to the following components:

Legacy versions of Ignition for Windows: Please switch to the Client desktop app before using two-step verification
Legacy versions of Ignition for Android: Please upgrade to the Android app

Tip: Guidance from PCI DSS v3.0

"To prevent the compromise of multiple customers through the use of a single set of credentials, vendors with remote access accounts to customer environments should use a different authentication credential for each customer."

Frequently Asked Questions

After setting up multifactor authentication, can I change the method to log in?

Yes. See Set up multifactor authentication for your account.

What login methods are available with multifactor authentication?

After entering your login credentials, you can verify your identity in one of the following ways:

use a third-party app, like Microsoft Authenticator
receive a text message with a verification code to your phone
as a backup method - when your phone is not available -, you can receive an email with a verification code

For more information, see section Change the method to confirm your identity when logging in.

Set up multifactor authentication for your account

Multifactor authentication, also known as two-factor verification, works with products and components that allow login via our common login service.

Topics in this article:

Microsoft Authenticator
LastPass Authenticator
Google Authenticator
General troubleshooting
Change the method to confirm your identity when logging in

Microsoft Authenticator

Before you begin: Make sure you have Microsoft Authenticator installed on your mobile device.

Log in to your account at LogMeIn.com using your email address and password.
At the top of the page, select Settings > Account Settings.
Result: The Account Settings page is displayed.
Under Security, look for Setup Multifactor Authentication and select get started. The Protect your account page is displayed.
On the Protect your account page, select Set up mobile app then Next.
In the Microsoft Authenticator app on your mobile device, tap the + (plus) icon to add an account.
Tap Personal account as the type of account. Add an account in the following ways:
- Sign in to your account.
- Open a scanner app on your mobile device to scan the QR code.
Physically hold your device in front of the LogMeIn.com website to scan the code, then select Next.
Enter the six-digit code listed for your LogMeIn account in your Microsoft Authenticator app, then select Finish mobile setup.
Return to the LogMeIn.com website then select Next. Choose the backup method to use when your primary method is unavailable.
- To receive security codes via text message:
  1. Select Set up text message.
  2. Enter the phone number to which login codes should be sent and complete the reCAPTCHA, then select Next.
  3. Go to your phone and open the text message from GoTo.
  4. Check your mobile device for a text from GoTo. Enter the 6-digit code to verify your phone number then select Finish text setup.
- To receive login codes via email:
  1. Select Set up email.
  2. Enter the email address you want to use to receive codes. To use the same address you use to log in to the client, select Next.
  3. Go to your email inbox and open the message from GoTo. Enter the code on the Set up email page in your browser.
  4. Select Finish email setup.
Finally, select Activate at the bottom of the page to turn on multifactor authentication.

Results: The next time you log in, you'll be prompted to enter the security code displayed in your Microsoft Authenticator app.

LastPass Authenticator

Make sure you have LastPass Authenticator installed on your mobile device.

Log in to your account at LogMeIn.com using your LogMeIn ID (email address) and password.
At the top of the page, select Settings > Account Settings.
Result: The Account Settings page is displayed.
Under Security, look for Setup Multifactor Authentication and select get started.
Result: The Protect your account page is displayed.
On the Protect your account page, select Set up mobile app.
If you already have the LastPass Authenticator app downloaded on your mobile device, select Next.

Tip: You can download the app here.

Result: The Set up mobile page is displayed with a scannable QR code.
On your mobile device, launch LastPass Authenticator and select + > Scan QR code to add an account. Then physically hold your device to the browser and scan the QR code.
Result: A message is displayed confirming that your device has been paired to your account.
Return to the LogMeIn.com website then select Next. Choose the backup method to use when your primary method is unavailable.
- To receive security codes via text message:
  1. Select Set up text message.
  2. Enter the phone number to which login codes should be sent and complete the reCAPTCHA, then select Next.
  3. Go to your phone and open the text message from GoTo.
  4. Check your mobile device for a text from GoTo. Enter the 6-digit code to verify your phone number then select Finish text setup.
- To receive login codes via email:
  1. Select Set up email.
  2. Enter the email address you want to use to receive codes. To use the same address you use to log in to the client, select Next.
  3. Go to your email inbox and open the message from GoTo. Enter the code on the Set up email page in your browser.
  4. Select Finish email setup.
Select Activate.

Results: The next time you log in, you'll be prompted to enter the security code displayed in your Google Authenticator app. After setup, the following is expected:

In your LastPass app, tap the on-screen notification to confirm your identity.
In your text messages, enter the one-time code sent to the number.
If your primary method is unavailable, request a code to your backup method.

Tip: Guidance from PCI DSS v3.0

Two-step verification is a requirement in PCI DSS v3.0.

Google Authenticator

Make sure you have Google Authenticator installed on your mobile device. If you experience issues with the Google Authenticator, please contact Google Support.

Log in to your account at LogMeIn.com using your email address and password.
At the top of the page, select Settings > Account Settings.
Result: The Account Settings page is displayed.
Under Security, look for Setup Multifactor Authentication and select get started. The Protect your account page is displayed.
On the Protect your account page, select Set up mobile app then Next.
In the Google Authenticator app on your mobile device, tap the + icon to add an account.
Tap Scan a QR code and physically hold your device in front of the LogMeIn.com website to scan the code, then select Next.
Enter the six-digit code listed for your LogMeIn account in your Google Authenticator app, then select Finish mobile setup.
Return to the LogMeIn.com website then select Next. Choose the backup method to use when your primary method is unavailable.
- To receive security codes via text message:
  1. Select Set up text message.
  2. Enter the phone number to which login codes should be sent and complete the reCAPTCHA, then select Next.
  3. Go to your phone and open the text message from GoTo.
  4. Check your mobile device for a text from GoTo. Enter the 6-digit code to verify your phone number then select Finish text setup.
- To receive login codes via email:
  1. Select Set up email.
  2. Enter the email address you want to use to receive codes. To use the same address you use to log in to the client, select Next.
  3. Go to your email inbox and open the message from GoTo. Enter the code on the Set up email page in your browser.
  4. Select Finish email setup.
Finally, select Activate at the bottom of the page to turn on two-factor authentication.

Results: The next time you log in, you'll be prompted to enter the security code displayed in your Google Authenticator app.

General troubleshooting

If you're unable to set up multifactor authentication or are having trouble using your authenticator, view the troubleshooting steps.

Make sure you set up multifactor authentication using the instructions in this article.
Delete your authenticator app and add your account again.

If these steps don't work, please contact the authenticator app provider directly.

Change the method to confirm your identity when logging in

When multifactor authentication is enabled, you have two options to log in to your account: use a third-party app as described above or receive text messages with a verification code to your phone. Even after setting up multifactor authentication with an authenticator app, you can change the login method any time. Here's how:

Log in to your account at LogMeIn.com using your email address and password.
At the top of the page, select Settings > Account Settings.
Result: The Account Settings page is displayed.
Under Security, select edit next to Setup Multifactor Authentication.
To change from email or a third-party app to receiving text messages, select Use text message instead.
Add your phone number and select Next to receive a text message with your verification code.
Enter that code to the relevant field to verify your phone number.
Select Activate on the Protect your account page.

Remember: You can switch back to using a third-party app any time. You can only use emails as a backup login method, when you do not have access to your phone.

Force users to use two-factor authentication

Force all users accessing your account to follow a two-step process to verify their identity.

Before you begin:

Only LogMeIn Central users with Login policy management permission can edit or enforce a login policy.

Note: One2Many uses two-factor authentication, even if you do not enable this security feature.

The policy is valid when logging in to LogMeIn.com, client apps for iOS and Android, and the Client desktop app.

In LogMeIn Central, select Users > Login Policy.
Result: The Login Policy page is displayed.
Under Login process, select Two-factor authentication.
Result: The You are about to require two-factor authentication confirmation prompt is displayed.
Select Switch on.
Result: Users must follow a two-step process to verify their identity. They can choose any method currently available for the client. The policy cannot force them to use a specific method. For details, see Two-step verification in LogMeIn Central.

Results: Upon next login, Two-factor authentication is applied to all users in the account.

Tip: As a courtesy to your users, you may want to notify them when you apply policy changes. LogMeIn Central does not automatically notify users of policy changes. If users need assistance setting up two-step verification, direct them to: Set up multifactor authentication for your account.

Tip: When using LogMeIn Central in a browser, Login Policy does not allow you to save devices. This only applies if the Master Account Holder enables Two-factor authentication under Users > Login Policy.

Force a user group to use two-factor authentication

Force all members of a User Group to follow a two-step process to verify their identity when logging in to their account.

Before you begin:

Only LogMeIn Central users with User management permission can edit or enforce a login policy.

In LogMeIn Central, select Users > Manage.
Result: The Users page is displayed.
Select edit permissions next to the name of the User Group you want to edit.
Result: The Edit page is displayed.
Under Extra Security, select Two-factor authentication.
Select Save.
Result: Users must follow a two-step process to verify their identity. They can choose any method currently available for the client. The policy cannot force them to use a specific method. For details, see Two-step verification in LogMeIn Central.

Results: Upon next login, the user must set up Two-factor authentication.

Force individual users to use two-factor authentication

Force an individual user to follow a two-step process to verify their identity when logging in to their account.

Before you begin:

Only LogMeIn Central users with User management permission can edit or enforce a login policy.

In LogMeIn Central, select Users > Manage.
Result: The Users page is displayed.
Select the email address of the user you want to edit.
Result: The Edit page is displayed.
Under Extra Security, select Enforce two-factor authentication for this user.
Select Save.
Result: Users must follow a two-step process to verify their identity. They can choose any method currently available for the client. The policy cannot force them to use a specific method. For details, see Two-step verification in LogMeIn Central.

Results: Upon next login, the user must set up Two-factor authentication.

How to switch off two-step verification

You may want to switch off two-step verification if you get a new device or no longer want to take advantage of the feature.

Remember:

You may be required by your administrator to use two-step verification.
One2Many uses two-step verification, even if you switch this security feature off.

Log in to your account using your LogMeIn ID (email address) and password.
Result: The Computers page is displayed.
At the top of the Computers page, select Settings and then Account Settings. The Account settings page is displayed.
Under Security, select Switch off.
Result: You may be prompted to confirm your identity and review your settings before actually switching off two-step verification.
To remove pairing for all existing devices, select Clear all settings when I switch off.

Tip: LogMeIn will still be listed in your app, but any login codes it generates will not be accepted. To avoid confusion, we recommend removing the client from your app.
Select the Switch off button.

What to do next:

I've disabled Two-Step Verification for myself and my users yet I am still required to verify upon logging in. Why?

If you have disabled Two-Step Verification for yourself and your users yet are still required to verify upon logging in, you are likely a user under someone else's LogMeIn Central account as well.
If this is the case, you need to contact the master account holder for the account(s) you are a sub-user under and ask them to disable two-step verification for their users, as well.

Product versions compatible with two-step verification

Two-step verification works with products and components that allow login via accounts.logme.in, also known as Common Login Service. Certain legacy products and components do not meet this requirement.

If you turn on two-step verification, you will be able to log in with the following components, versions, sites:

LogMeIn.com
LogMeIn Pro for Windows, 4.1.4141 and above
LogMeIn Pro for Mac, 4.1.4132 and above
LogMeIn Pro for iOS app, all versions
LogMeIn Pro for Android app, all versions except "Ignition" branded versions - see above

You will be unable to log in with the following components:

Legacy versions of Ignition for Windows: Please switch to the Client desktop app before using two-step verification
Legacy versions of Ignition for Android: Please upgrade to the for Android app

Troubleshooting invalid codes with two-step verification

Incorrect time settings on your mobile device are a common cause of invalid two-step verification security codes.

To fix this, you must synchronize time settings on your device:

On your device, choose automatic date and time.
If this does not resolve the problem, you may want to receive your two-step verification codes via email.

Google Authenticator for Android users can also try the following:

Run the app
Tap the ... menu dots and choose Settings
Tap Time correction for codes.
Tap Sync now.