Multi Factor Authentication

How to add MFA to your LastPass account.

TL;DR - Too long; didn't read​

LastPass will help you store all your passwords and Multi Factor Authentication makes it really difficult for hackers to get into your accounts.

So turn on MFA on your LastPass account and reduce the risk of getting hacked.

  1. Log Into LastPass
  2. In the general settings, check that your email address is accurate and can receive emails from LastPass, check that your recovery phone number is accurate
  3. Download Google Authenticator on your phone – AndroidiOS
  4. Go to the Multifactor Options tab in LastPass
  5. Click the Edit Pencil Icon on the the Google Authenticator row
  6. Click ‘view barcode’ and scan the barcode with Google authenticator  
  7. Enable Google authenticator. Allow offline access if you will need to access your passwords without an internet connection.
  8. Click update to save your new settings, you will be prompted to enter your master password and the code from Google authenticator.
  9. If you remember a computer LastPass will not ask for a authenticator code for 30 days on that specific web browser.
  10. Rest easy knowing your passwords are secure.

The Complete Step by Step Tutorial

Multi-Factor Authentication is one of the best security measures you can implement when it comes to protecting your online accounts, and with the Google Authenticator App it doesn’t have to be a hassle.

Click on
Account Settings” you can find this at the bottom of the left side menu.

Multi Factor Authentication: LastPass 1

It is important to understand that, without the OTP from the authentication app on your phone, you will not be able to access your account. 

To make sure you can still access your LastPass account if your phone breaks, gets stolen or is lost, setup a recovery email and phone number.

Under the “General Tab” of the Account Settings menu, you can update your email address, and send a test email to make sure your email account can receive messages from LastPass.
Multi Factor Authentication: LastPass 2

If you scroll to the bottom of the General Settings you will see the Recovery Phone Number.

If you lose access to your phone, you can request to have your account recovered through SMS verification or email verification. 

Make sure that you have a plan for recovering your account if you lose access to your authentication device.

Multi Factor Authentication: LastPass 3

Still in the Account settings menu – Select Multifactor Options by clicking the tab in the top menu.

Next, click on the Pencil (edit) icon next to Google Authenticator

Multi Factor Authentication: LastPass 4
Click View Barcode.
Multi Factor Authentication: LastPass 5

Leave the barcode open in that browser tab, while you do the next steps on your mobile device.

Multi Factor Authentication: LastPass 6
*Remember to scan your LastPass Google Authenticator barcode, not the one in this tutorial.
Download and Install Google Authenticator on your Mobile Device.

Open the Google Authenticator App on your Phone and Tap on the Plus Icon to add an account to your authenticator

Multi Factor Authentication: LastPass 8
Tap on Scan a barcode
Multi Factor Authentication: LastPass 9
Now point your phone camera at the Google Authenticator barcode on your LastPass browser tab.
Multi Factor Authentication: LastPass 10
If everything went to plan, you should now have Google Authenticator generating OTPs for LastPass.
Multi Factor Authentication: LastPass 11
Now set Google Authenticator to Enabled, Allow offline access and Click the Update Button.
Multi Factor Authentication: LastPass 12

You will be prompted to enter your master password as well as the code from Google Authenticator.

If you enter the Authentication code correctly, MFA will now be active on your LastPass account.

When you log into your LastPass account you will be required to enter your authenticator code.
Multi Factor Authentication: LastPass 13

You can allow LastPass to Trust that specific computer for 30 days, which means you will only have to put the authenticator code in once a month on that computer.

Summary

Multi-Factor-Authentication is very difficult to bypass because the person attempting to break into your account will need your phone to gain access. 

This is not 100% secure though, In August 2019, Twitter CEO Jack Dorsey had his Twitter account hacked into through a SIM Swap attack, these are some extreme measures, but can be mitigated through the use of an authenticator app and I know it’s annoying but putting a pin code on your phone’s SIM card will also help.

For some more LastPass trips and tricks click here.

If there is anything I missed, let me know in the comments below.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top