You can utilize Multifactor Authentication with Symantec VIP. It provides one-time password codes from a mobile app that the user can key in as they log in to their LastPass account to authenticate.
To get started, LastPass admins must complete the steps for enabling Multifactor Authentication in the Admin Console, as well as add all users' Credential IDs as registered devices in the Symantec VIP Manager portal (or by using the self-service portal here).
Once the administration steps are complete, LastPass users can set up and use Symantec VIP.
Topics in this article:
- Download the Symantec VIP Access authenticator app on your iOS or Android device.
- If you have not done so, log in to LastPass.
- In your web browser toolbar, click the LastPass icon then click Open My Vault.
- Select Account Settings in the left navigation.
- Click on the Multifactor Options tab.
- Click the Edit icon for Symantec VIP.
- For the "Enabled" option, select Yes from the drop-down menu.
- For the "Permit Offline Access" option, use the drop-down menu to choose from the following:
- Select Allow if you wish to allow access to LastPass even when you are offline. This will store an encrypted Vault locally so you can log in without using Multifactor Authentication in case of a connectivity issue.
- Select Disallow to prevent offline access, which requires the use of Multifactor Authentication and to be connected to the internet when using LastPass.
- When finished, click Update.
- Enter your Master Password, then click Continue.
- Enter the "Credential ID" value that appears on the VIP Access app.
- Enter the 6-digit "Security Code" that is generated on the VIP Access app.
- Once both values are entered, Symantec VIP is enabled for your LastPass account.
- Open the Symantec VIP Access app on your mobile device.
- On your desktop web browser, log in to LastPass.
- On your web browser, enter the 6-digit code displayed in the mobile app. If desired, check the box to enable the option, "Trust this computer for 30 days" and provide a computer name, then click Authenticate. Learn more about managing your trusted devices.
Please note that if you have more than one Multifactor Authentication option enabled for your account, you must select your desired default authentication option from the drop-down menu at the bottom of your Multifactor Options window in order to be prompted to authenticate with your preferred option when logging in to LastPass.
If your phone number has changed or mobile device used for authentication is lost, you can click I've lost my device on the Multifactor Authentication window. Once redirected, you can enter your LastPass email address and click Send Email to be sent an email with a set of instructions on how to disable Multifactor Authentication. If you do not receive an email, you may have a secondary security email enabled where the email was sent instead, and/or check your spam/junk email filters. If you are an Enterprise user, your account may have policies enforced that prevent disabling Multifactor Authentication via email. For these users, please contact your LastPass admin to disable it for you.