HELP FILE

Use the Google Authenticator

Google Authenticator is an authentication app for mobile devices that generates time-based codes used during the Two-Step Verification process.

Limitations and compatibility

Set up the Google Authenticator app

  1. Install the Google Authenticator app on your iOS or Android device (more details for each Android device type can be found here).
  2. On your mobile device, open the Google Authenticator app.
  3. Tap the Add icon or Add an Account option, then tap Scan barcode.
    Your device camera is now ready to scan a barcode in LastPass to set up the Google Authenticator for your LastPass account.

Set up and configure your LastPass account

  1. Log in to LastPass and access your Vault by doing either of the following:
    • In your web browser toolbar, click the LastPass icon LastPass, then select Open My Vault.
    • Go to https://lastpass.com/?ac=1 and log in with your username and Master Password.
  2. Select Account Settings in the left navigation.
  3. Select the Multifactor Options tab.
  4. Click the Edit icon Edit option for Google Authenticator.
  5. For the "Enabled" option, select Yes.
  6. For the "Permit Offline Access" option, use the drop-down menu to choose from the following:
    • Select Allow if you wish to allow access to Google Authenticator even when you are offline. This will store an encrypted Vault locally so you can log in without using Multifactor Authentication in case of a connectivity issue.
    • Select Disallow to prevent offline access, which requires the use of Multifactor Authentication and to be connected to the internet when using Google Authenticator.
      Note:

      If this option is selected and you are not connected to the internet and/or https://lastpass.com is not available, you will be unable to access your Vault. Learn more about offline access.

  7. For the "Barcode" option, click View.
  8. If prompted, enter your Master Password and click Continue.
    Your barcode is now displayed, which you can use your mobile device camera to scan and create an entry for your LastPass account.
    Tip: For the "Private Key" option, click View if your mobile device does not have a camera and you'd like to enter the private key manually into the Google Authenticator app.
  9. Click Update when finished.

  10. Enter your Master Password and click Continue.
  11. When prompted, enter the verification code displayed in the Google Authenticator app on your mobile device, then click OK.
  12. Click OK on the confirmation message.
    The Google Authenticator has been successfully set up to be used when you log in to your LastPass account.

Using the Google Authenticator to log in to LastPass

You can log in and access your LastPass Vault from a desktop or mobile device.

Log in from the desktop and authenticate
  1. Open the authenticator app on your mobile device.
  2. Log in to LastPass and access your Vault by doing either of the following:
    • In your web browser toolbar, click the LastPass icon LastPass then click Open My Vault.
    • Go to https://lastpass.com/?ac=1 then enter your username and Master Password and click Log In.
  3. When prompted for multifactor authentication, your default multifactor option is served (if multiple). If desired, you can tap or select Use Alternative Multifactor, then select your desired multifactor option from the list at the bottom.

    Note: If you are part of a company account and a policy has been enforced to only allow one multifactor option, the "Use Alternative Multifactor" section will not be displayed.

  4. Follow the prompts to authenticate, which will vary depending on how multifactor authentication is configured for your account (e.g., 6-digit passcode, SMS code, push notification, etc.).
  5. If desired, toggle on the switch for the Trust this computer for 30 days setting and provide a computer name on the LastPass authentication dialog. Otherwise, click Authenticate Login.

    Learn more about managing your trusted devices.

You have now logged in to LastPass and authenticated using the multifactor option configured for your account.
Log in from a mobile device and authenticate
  1. On your iOS or Android device, open the LastPass Password Manager mobile app.
  2. Enter your username and Master Password, then tap or select Log In.
  3. When prompted for multifactor authentication, your default multifactor option is served (if multiple). If desired, you can tap or select Use Alternative Multifactor, then select your desired multifactor option from the list at the bottom.

    Note: If you are part of a company account and a policy has been enforced to only allow one multifactor option, the "Use Alternative Multifactor" section will not be displayed.

  4. Follow the prompts to authenticate, which will vary depending on how multifactor authentication is configured for your account (e.g., 6-digit passcode, SMS code, push notification, etc.).
  5. If desired, you can toggle on the switch for Trust this device so you are not prompted to authenticate within the next 30 days. Otherwise, tap or select Next to continue.
    You have now logged in to the LastPass Password Manager mobile app and authenticated using the multifactor option configured for your account.

Using multiple Multifactor Authentication options

Disabling authentication for a new or lost device

Regenerate a key for the Google Authenticator

You can regenerate a key for the Google Authenticator in order to set it up for your LastPass account again if you lost your mobile device or are concerned that the security of your existing key may have been compromised. Please note that this will require you to re-associate the Google Authenticator with your LastPass account, then re-enable the Google Authenticator from the Multifactor Options in your LastPass Account Settings.

  1. Log in to LastPass and access your Vault by doing either of the following:
    • In your web browser toolbar, click the LastPass icon LastPass then click Open My Vault.
    • Go to https://lastpass.com/?ac=1 and log in with your username and Master Password.
  2. Select Account Settings in the left navigation.
  3. Select the Multifactor Options tab.
  4. Click the Edit icon Edit option for Google Authenticator.
  5. For the "Regenerate Key" option, click Regenerate.
  6. Enter your Master Password, then click Continue.
    Google Authenticator is now disabled for your LastPass account.
  7. When prompted, click OK.
What to do next: Re-associate Google Authenticator with your account, then re-enable Google Authenticator in your Multifactor Options.