HELP FILE

Smart Card Authentication

LastPass has support for Smart Card readers for computers running Windows, macOS, or Linux. Additionally, SafeSign middleware, Internet Explorer, Firefox, and Chrome support this feature. Safari and Opera can be supported by installing an additional Binary Component via the LastPass Universal Installer.

Note: Feature availability may vary depending on your account type.

OpenSC is also supported as an alternative to SafeSign (currently only on Windows and Linux). Please note that since some web browsers still run in 32-bit mode (even on 64-bit versions of Windows), you may need to install both the 64-bit and 32-bit versions of OpenSC.

  • For Windows, please ensure aetpkss1.dll or opensc-pkcs11.dll is present on your system (located at C:\Windows\System32).
  • For macOS, please ensure libaetpkss.dylib is present on your system (located at /usr/local/lib).
  • For Linux, please ensure libaetpkss.so or opensc-pkcs11.so is present on your system (located at /usr/lib).

Please be sure that an RSA Key is present on your Smart Card. This RSA Key must be capable of encryption and decryption so that LastPass can verify your Smart Card’s security.
For LastPass admins, it is recommended that you complete the steps for enabling Multifactor Authentication in the Admin Console.

It is required that you follow all steps in Enable Multifactor Authentication (Users) before proceeding.

Please note that if you have more than 1 Multifactor Authentication option enabled for your account, you must select your desired default authentication option from the drop-down menu at the bottom of your Multifactor Options window in order to be prompted to authenticate with your preferred option when logging in to LastPass.

Topics in this article:

Set up and configure

Use Smart Card Authentication

Disable authentication for a new or lost device

Set up and configure

  1. Insert your Smart Card into your card reader.
  2. Enable Multifactor Authentication in your LastPass account.
  3. Click the Edit icon for Smart Card Authentication
  4. For the "Type" option, use the drop-down menu and select Smart Card Reader.
  5. For the "Enabled" option, use the drop-down menu and select Yes.
  6. When prompted, enter your Master Password and click OK.
  7. Follow the prompts to finish setting up Smart Card Authentication.
  8. Click Update when finished.

Use Smart Card Authentication

  1. On your desktop web browser, log in to LastPass.
  2. When prompted by LastPass, enter your Smart Card Pin to authenticate.

Disable authentication for a new or lost device

If your Smart Card used for authentication is lost, you can click I've lost my device on the Multifactor Authentication window. Once redirected, you can enter your LastPass email address and click Send Email to be sent an email with a set of instructions on how to disable Multifactor Authentication. If you do not receive an email, you may have a secondary security email enabled where the email was sent instead, and/or check your spam/junk email filters. If you are an Enterprise user, your account may have policies enforced that prevent disabling Multifactor Authentication via email. For these users, please contact your LastPass admin to disable it for you.