HELP FILE

Google Authenticator

Google Authenticator is a multifactor app for mobile devices that generates timed codes used during the Two-Step Verification process.

You can begin by installing Google Authenticator on your iOS or Android device (more details for each device type can be found here). Once installed, it is required that you follow all steps in Enable Multifactor Authentication before proceeding.

Please note that if you have more than 1 Multifactor Authentication option enabled for your account, you must select your desired default authentication option from the drop-down menu at the bottom of your Multifactor Options window in order to be prompted to authenticate with your preferred option when logging in to LastPass.

Topics in this article:

Set up and configure

Use the Google Authenticator

Disable authentication for a new or lost device

Admin Console administration

Set up and configure

Note: Please follow all steps in Enable Multifactor Authentication before proceeding.

Once you have clicked the Edit icon for the Google Authenticator, you can then finish the set-up process as follows:

  1. In the Google Authenticator window, click View your barcode in the "To get started" section at the top of the window.
  2. When prompted, enter your Master Password then click Continue.
  3. On your mobile device, open the Google Authenticator app, tap the Add icon or Add an Account option, then tap Scan barcode.
  4. Use your device camera to scan the barcode, which will automatically populate a new entry for LastPass in the Google Authenticator app.
  5. Back on your web browser in the Google Authenticator window, click OK once the barcode has been scanned.
  6. For the "Enabled" option use the drop-down menu to select Yes.
  7. For the "Permit Offline Access" option, use the drop-down menu to choose from the following:
    • Select Allow if you wish to allow access to Google Authenticator even when you are offline. This will store an encrypted Vault locally so you can log in without using Multifactor Authentication in case of a connectivity issue.
    • Select Disallow to prevent offline access, which requires the use of Multifactor Authentication and to be connected to the internet when using Google Authenticator.

      • Note: If this option is selected and you are not connected to the internet and/or https://lastpass.com is not available, you will be unable to access your Vault. Learn more about offline access.

  8. For the "Barcode" option, click View anytime you need to scan your barcode again.
  9. For the "Private Key" option, click View if your mobile device does not have a camera and you'd like to enter the private key manually into the Google Authenticator app.
  10. For the "Regenerate Key" option, click Regenerate if you lost your mobile device or are concerned that the security of your existing key might have been compromised.
  11. For the "More Information" section, you can choose to be directed to the mobile app download or this article.
  12. Click Update when finished, then enter your Master Password and click Continue.
  13. When prompted, enter the verification code displayed in the Google Authenticator app on your mobile device, then click OK.
  14. Click OK on the confirmation message that Google Authenticator has been successfully set up.

Use the Google Authenticator

  1. Open the Google Authenticator app on your mobile device.
  2. On your desktop web browser, log in to LastPass.
  3. On your web browser, you can verify your login by entering the 6-digit code displayed in the mobile app. If desired, check the box to enable the option, "Trust this computer for 30 days" and provide a computer name, then click Authenticate. Learn more about managing your trusted devices.

Disable authentication for a new or lost device

If your phone number has changed or mobile device used for authentication is lost, you can click I've lost my Google Authenticator device on the Multifactor Authentication window. Once redirected, you can enter your LastPass email address and click Send Email to be sent an email with a set of instructions on how to disable Multifactor Authentication. If you do not receive an email, you may have a secondary security email enabled where the email was sent instead, and/or check your spam/junk email filters. If you are an Enterprise user, contact your LastPass Administrator to disable it for you.

Admin Console administration

You can configure various policies that involve this authenticator within the Admin Console, including the requirement of its use and/or additional customization settings. For more information about configuring and enforcing policies, please see detailed instructions for LastPass Teams and Enterprise.