You can utilize Multifactor Authentication with SecureAuth, which generates a 6-digit, OTP (one-time password) code via SMS/Text message or via the SecureAuth app on the user's mobile device that they can use for authenticating as they log in to their LastPass account. The SecureAuth Authenticate mobile app is available for iOS and Android.
To get started, LastPass admins must complete the steps for enabling Multifactor Authentication in the Admin Console.
Once the administration steps are complete, LastPass users can set up and use SecureAuth. To do so, it is required that all steps in Enable Multifactor Authentication (Users) be followed before proceeding.
Please note that if you have more than 1 Multifactor Authentication option enabled for your account, you must select your desired default authentication option from the drop-down menu at the bottom of your Multifactor Options window in order to be prompted to authenticate with your preferred option when logging in to LastPass.
Topics in this article:
- Download the SecureAuth Authenticate app on your iOS or Android device.
- Open the app and tap Begin Setup, then tap Add Account.
- Enter a Name for the account, then enter the Provisioning Link (provided by your SecureAuth admin).
- Enter your UserID in the "Username" field, then tap Submit.
- Choose the delivery method for the Registration Code to be sent to you. This may include sending an email, phone/mobile contact via a call or SMS/Text, using the SecureAuth OTP mobile app, or a push notification to a designated device.
- Once your method is selected, a Registration Code is generated and sent. Enter it in the "Registration Code" field.
- Next, enter the password associated with your UserID, then tap Submit.
- The "screen lock" feature of your mobile device must be enabled, and additionally configured to use a PIN code and/or fingerprint identification in order to unlock your device. If this has not yet been set up, you will be prompted to do so.
- The SecureAuth Authenticate app will now display 6-digit codes to be used to log in to LastPass.
- Enable Multifactor Authentication in your LastPass account.
- Click the Edit icon for SecureAuth.
- For the "Enabled" option, select Yes from the drop-down menu.
- For the "Permit Offline Access" option, use the drop-down menu to choose from the following:
- Select Allow if you wish to allow access to LastPass even when you are offline. This will store an encrypted Vault locally so you can log in without using Multifactor Authentication in case of a connectivity issue.
- Select Disallow to prevent offline access, which requires the use of Multifactor Authentication and to be connected to the internet when using LastPass.
- When finished, click Update.
- Enter your Master Password, then click Continue.
- Enter the SecureAuth User ID to confirm.
- If prompted, enter the 6-digit code that is generated on the SecureAuth Authenticate app.
- SecureAuth is now enabled for your LastPass account.
- Open the SecureAuth Authenticate app on your mobile device.
- On your desktop web browser, log in to LastPass.
- You can authenticate in the following ways:
- On your web browser, enter the 6-digit code displayed in the mobile app. If desired, check the box to enable the option, "Trust this computer for 30 days" and provide a computer name, then click Authenticate. Learn more about managing your trusted devices.
- On your web browser, click Send SMS passcodes to have an SMS/Text message containing a verification code sent to your mobile device. Once received, enter the code in your web browser, (if desired, check the box to enable the option, "Trust this computer for 30 days" and provide a computer name) and click Authenticate. Learn more about managing your trusted devices.
If your phone number has changed or mobile device used for authentication is lost, you can click I've lost my device on the Multifactor Authentication window. Once redirected, you can enter your LastPass email address and click Send Email to be sent an email with a set of instructions on how to disable Multifactor Authentication. If you do not receive an email, you may have a secondary security email enabled where the email was sent instead, and/or check your spam/junk email filters. If you are an Enterprise user, your account may have policies enforced that prevent disabling Multifactor Authentication via email. For these users, please contact your LastPass admin to disable it for you.