HELP FILE

Use the LastPass Authenticator

LastPass Authenticator is a multifactor app for iOS and Android mobile devices.

Features and compatibility

The LastPass Authenticator supports 3 different authentication methods:

  • Time based 6-digit codes
  • One-tap push notifications
  • SMS 6-digit codes

LastPass Authenticator is also TOTP compliant, meaning it’s compatible with all apps and websites that support Google Authenticator. That means you can conveniently manage Multifactor Authentication for multiple services, all from LastPass Authenticator.

Note:

Feature availability may vary depending on your account type.

For LastPass admins, it is recommended that you complete the steps for enabling Multifactor Authentication in the Admin Console.

Note: Not what you're looking for? Please see information about the LastPass MFA authenticator.

Set up and configure your LastPass account

  1. Log in to LastPass and access your Vault by doing either of the following:
    • In your web browser toolbar, click the LastPass icon LastPass, then select Open My Vault.
    • Go to https://lastpass.com/?ac=1 and log in with your username and Master Password.
  2. Select Account Settings in the left navigation.
  3. Select the Multifactor Options tab.
  4. Click the Edit icon Edit option for the LastPass Authenticator.
  5. For the "Enabled" option, select Yes from the drop-down menu.
  6. For the "Permit Offline Access" option, use the drop-down menu to choose from the following:
    • Select Allow if you wish to allow access to LastPass even when you are offline. This will store an encrypted Vault locally so you can log in without using Multifactor Authentication in case of a connectivity issue.
    • Select Disallow to prevent offline access, which requires the use of Multifactor Authentication and to be connected to the internet when using LastPass.

      If this option is selected and you are not connected to the internet and/or https://lastpass.com is not available, you will be unable to access your Vault. Learn more about offline access.

  7. When finished, click Update.

  8. Enter your Master Password, then click Continue.
  9. When prompted, click Enroll.
  10. When a new web browser window or tab appears, click Set up mobile app, then proceed to the next steps.

Set up the LastPass Authenticator app

You must have either an iOS device running iOS 10 or later, or an Android device running Android OS 4.0.3 (Ice Cream Sandwich) or later.
  1. Install the LastPass Authenticator on your mobile device for iOS or Android.
  2. On your web browser, click Next to proceed with the enrollment, then open the LastPass Authenticator app on your mobile device.

  3. If you have already used the LastPass Authenticator on your mobile device for a different account or application, tap Add new account. Otherwise, do the following:
    1. Tap the Add icon on the bottom of your device screen.
    2. Tap Scan Barcode.
    3. Using your mobile device's camera, scan the barcode displayed in your computer's web browser.
  4. When prompted on your web browser, click Set up text message.
  5. Enter your mobile device phone number, then click Next.
  6. An SMS message is sent to your mobile device containing a verification code. Enter the code into your web browser, then click Finish text setup.
  7. Click Activate, then click Done.
  8. In your Vault, click OK on the confirmation message.

    Activate

Using the LastPass Authenticator to log in to LastPass

You can log in and access your LastPass Vault from a desktop or mobile device.

Log in from the desktop and authenticate
  1. Open the authenticator app on your mobile device.
  2. Log in to LastPass and access your Vault by doing either of the following:
    • In your web browser toolbar, click the LastPass icon LastPass then click Open My Vault.
    • Go to https://lastpass.com/?ac=1 then enter your username and Master Password and click Log In.
  3. When prompted for multifactor authentication, your default multifactor option is served (if multiple). If desired, you can tap or select Use Alternative Multifactor, then select your desired multifactor option from the list at the bottom.

    Note: If you are part of a company account and a policy has been enforced to only allow one multifactor option, the "Use Alternative Multifactor" section will not be displayed.

  4. Follow the prompts to authenticate, which will vary depending on how multifactor authentication is configured for your account (e.g., 6-digit passcode, SMS code, push notification, etc.).
  5. If desired, toggle on the switch for the Trust this computer for 30 days setting and provide a computer name on the LastPass authentication dialog. Otherwise, click Authenticate Login.

    Learn more about managing your trusted devices.

You have now logged in to LastPass and authenticated using the multifactor option configured for your account.
Log in from a mobile device and authenticate
  1. On your iOS or Android device, open the LastPass Password Manager mobile app.
  2. Enter your username and Master Password, then tap or select Log In.
  3. When prompted for multifactor authentication, your default multifactor option is served (if multiple). If desired, you can tap or select Use Alternative Multifactor, then select your desired multifactor option from the list at the bottom.

    Note: If you are part of a company account and a policy has been enforced to only allow one multifactor option, the "Use Alternative Multifactor" section will not be displayed.

  4. Follow the prompts to authenticate, which will vary depending on how multifactor authentication is configured for your account (e.g., 6-digit passcode, SMS code, push notification, etc.).
  5. If desired, you can toggle on the switch for Trust this device so you are not prompted to authenticate within the next 30 days. Otherwise, tap or select Next to continue.
    You have now logged in to the LastPass Password Manager mobile app and authenticated using the multifactor option configured for your account.

Manage registered accounts on iOS

  1. Tap to open the LastPass Authenticator app.
  2. Tap Edit in the upper-right of the screen.
  3. Make any of the following changes:
    • Edit the account name
    • Edit the username/email address
    • Reorder the list of registered accounts (tap and hold the Move icon next to the entry, then drag into desired position)
    • Delete the registered account (tap the Delete icon next to the entry, then select Delete to confirm)
      Warning: A message is displayed that removing your account may prevent you from signing in, and that before removing, you should turn off 2-factor authentication for that account.
  4. Click Done when finished.

Manage registered accounts on Android

  1. Tap to open the LastPass Authenticator app.
  2. Long-press on your desired account.
  3. Make any of the following changes:
    • Tap Copy to copy the code
    • Tap the Edit icon to edit the account name
    • Tap the Delete icon to remove the account – You are warned that you should disable Multifactor Authentication for your account before removing it so that don't encounter sign-in issues.
      Warning: A message is displayed that removing your account may prevent you from signing in, and that before removing, you should turn off 2-factor authentication for that account.

About using multiple multifactor authentication options

Please note that when you have more than one multifactor authentication option enabled for your account, you must select your desired default authentication option from the drop-down menu at the bottom of your Multifactor Options window in order to be prompted to authenticate with your preferred option when logging in to LastPass.

Select preferred Multifactor Authenticator

Set up push notifications for other sites

If desired, you can set up push notifications via the LastPass Authenticator for an all-in-one authentication experience for compatible sites, such as:

  • Amazon.com (excludes AWS)
  • Google.com
  • Dropbox.com
  • Facebook.com
  • Evernote.com
    Note: LastPass push notifications for the sites listed above are web browser-specific. This means you will need to re-enable push notifications each time you log in to these sites when using different web browsers.
To use push notifications, you must be actively logged in to your LastPass account via the LastPass web browser extension.
  1. In your web browser toolbar, click the inactive LastPass icon .
  2. Enter your username and Master Password, then click Log In.
    An active LastPass icon LastPass is displayed to indicate you are now logged in to LastPass.
  3. In your web browser, navigate to your desired site and select the LastPass Authenticator to be used as your authentication option within the site's security or account settings (instructions for every site will vary).
  4. When the site prompts you to enter a 6-digit code for verification, open the LastPass Authenticator app on your mobile device, then do the following:
    1. Tap the Add icon in the bottom of your device screen.
    2. Tap Scan Barcode.
    3. Using your mobile device's camera, scan the barcode displayed in your computer's web browser.

    Note:  If setting up the LastPass Authenticator to use another service, you can tap Enter Manually and enter the Service, Account, and Key for a service that supports manual entry.

  5. After adding the barcode in the LastPass Authenticator app, go back to your site's security settings and enter the 6-digit code displayed in the LastPass Authenticator to complete the set up.
  6. Once the setup is complete, log out of your site and log back in again. You will be prompted once to manually enter the 6-digit authentication code.
  7. Once you have authenticated, the LastPass web browser extension will prompt you to click Enable to allow push notifications for your site.
  8. The next time you visit your site, you will be prompted with a push notification in the LastPass Authenticator app, where you can tap Approve to authenticate.

    Note:  If for any reason you are not prompted to authenticate with a push notification, you can still manually enter the 6-digit code from the LastPass Authenticator app, or authenticate by sending a code via SMS.

Re-enable push notifications for a site

If you disabled push notifications for the LastPass Authenticator when you authenticate after logging in to certain sites, you can re-enable them at any time.

  1. Log in to LastPass and access your Vault by doing either of the following:
    • In your web browser toolbar, click the LastPass icon LastPass then click Open My Vault.
    • Go to https://lastpass.com/?ac=1 and log in with your username and Master Password.
  2. Select Account Settings in the left navigation.
  3. Select the Never URLs tab.
  4. Under the "Never Ask About TOTP-to-Push" section, click the Delete icon in the Action column for the sites in which you want to re-enable push notifications.

    Note: If desired, you can also delete any entries where no URL or domain is specified.

    The next time you visit the site(s), you will be prompted to authenticate with a push notification via the LastPass Authenticator.

Disabling authentication for a new or lost device

If your phone number has changed or the mobile device you use for authentication is lost, you will need to disable Multifactor Authentication for the LastPass Authenticator. To do so, you can use SMS account recovery to log in to your account and disable authentication.

Restoring authentication using Cloud Backup

With LastPass Authenticator’s Cloud Backup feature, you can restore your multifactor tokens if you lose or upgrade your mobile device. Combined with our unique, one-tap verification experience, LastPass Authenticator gives you all the security you need from your LastPass Authenticator app, without any of the frustration.

Enable Cloud Backup

The Cloud Backup feature is supported on iOS and Android devices.
  1. Open the LastPass Authenticator app on your mobile device.
  2. Tap the Options icon in the toolbar.
  3. Toggle on the switch to enable the option Backup to LastPass.
    • If you have not yet installed the LastPass Password Manager mobile app (for iOS or Android) installed, you will be prompted to download and log in. Once logged in, switch back to the LastPass Authenticator app, toggle the option to enable "Backup to LastPass" again, then the backup will begin and display a confirmation message at the bottom of the screen once it is complete.
    • If you already have the LastPass Password Manager mobile app, you are prompted to confirm your email address, then the backup will begin and display a confirmation message at the bottom of the screen once it is complete.
  4. Once enabled, you can tap the Options icon in the toolbar of the LastPass Authenticator app, then tap Backup Now anytime you want to create a backup.

Restore from Cloud Backup

Push notifications will be transferred to the device on which you restore your database as they can only be enabled on one mobile device at a time.
  1. Install both the LastPass Password Manager (for iOS or Android) and the LastPass Authenticator (for iOS or Android) apps on your mobile device.
  2. Open the LastPass Authenticator app, then tap Restore from backup.
    • If you are already logged in to the LastPass Password Manager app, tap to confirm your account email address.
    • If you are not logged in, the LastPass Manager app will open and prompt you to log in. Once logged in, your account(s) in the LastPass Authenticator app will be restored.