Multi Factor Authentication

How to add MFA to your LastPass account.

The Complete Step by Step Tutorial

Multi-Factor Authentication is one of the best security measures you can implement when it comes to protecting your online accounts, and with the Google Authenticator App it doesn’t have to be a hassle.

Click on
Account Settings” you can find this at the bottom of the left side menu.

It is important to understand that, without the OTP from the authentication app on your phone, you will not be able to access your account. 

To make sure you can still access your LastPass account if your phone breaks, gets stolen or is lost, setup a recovery email and phone number.

Under the “General Tab” of the Account Settings menu, you can update your email address, and send a test email to make sure your email account can receive messages from LastPass.

If you scroll to the bottom of the General Settings you will see the Recovery Phone Number.

If you lose access to your phone, you can request to have your account recovered through SMS verification or email verification. 

Make sure that you have a plan for recovering your account if you lose access to your authentication device.

Still in the Account settings menu – Select Multifactor Options by clicking the tab in the top menu.

Next, click on the Pencil (edit) icon next to Google Authenticator

Click View Barcode.

Leave the barcode open in that browser tab, while you do the next steps on your mobile device.

*Remember to scan your LastPass Google Authenticator barcode, not the one in this tutorial.
Download and Install Google Authenticator on your Mobile Device.

Open the Google Authenticator App on your Phone and Tap on the Plus Icon to add an account to your authenticator

Tap on Scan a barcode
Now point your phone camera at the Google Authenticator barcode on your LastPass browser tab.
If everything went to plan, you should now have Google Authenticator generating OTPs for LastPass.
Now set Google Authenticator to Enabled, Allow offline access and Click the Update Button.

You will be prompted to enter your master password as well as the code from Google Authenticator.

If you enter the Authentication code correctly, MFA will now be active on your LastPass account.

When you log into your LastPass account you will be required to enter your authenticator code.

You can allow LastPass to Trust that specific computer for 30 days, which means you will only have to put the authenticator code in once a month on that computer.

Summary

Multi-Factor-Authentication is very difficult to bypass because the person attempting to break into your account will need your phone to gain access. 

This is not 100% secure though, In August 2019, Twitter CEO Jack Dorsey had his Twitter account hacked into through a SIM Swap attack, these are some extreme measures, but can be mitigated through the use of an authenticator app and I know it’s annoying but putting a pin code on your phone’s SIM card will also help.

For some more LastPass trips and tricks click here.