LastPass supports multifactor authentication with Duo Security. It is a secure, two-factor authentication application offered for all leading smartphone platforms, including Android, iPhone, Blackberry, and Windows Phone.
Setup a New Integration
- Install the Duo app on your mobile device.
- In order to use Duo Security, a Duo account is required. Register for an account here: https://www.duosecurity.com/lastpass.
- Login to your Duo account.
- In the left menu, choose Applications > + New Applications
- For Application type, choose “LastPass”. Pick any name for your Application name.
- Click Create Application
- On the next page, you’ll find the following information: Integration key, Secret key, and API hostname. Note these values for later.
- Login to your LastPass Vault and go to Settings > Multifactor Options > Duo Security
- Enter the Integration key, Secret key, and API hostname from before
- Switch Duo Security Authentication to Enabled
- A popup will appear to enroll your mobile device:
- Select the type of device that you would like to enroll and then click the “Continue” button. You will then be given on-screen instructions on how to enroll each specific device. Note that LastPass only supports one device at this time.
Once you have enrolled the device(s) that you would like to use for Duo authentication, you can then use it to authenticate you in the login process.
Using SMS Passcodes to Authenticate
When being prompted from LastPass to authenticate your account, you can elect to send an SMS Passcode to your registered mobile device. By clicking the “Send SMS passcodes” link in the Multifactor Authentication window.
If you wish to switch back to Duo Push later, please disable Duo Security in LastPass first. Then delete your registered device in Duo Admin Panel > Devices and start over.
Logging in Offline
When multifactor authentication is enabled, you can choose whether to allow LastPass to store an encrypted vault locally so you can log in without an internet connection or not. If you enable offline access, you will be able to login without using Multifactor (with the exception of Yubikey) in case of a connectivity issue.
With some internet configurations (typically wireless connections and waking from sleep), LastPass may log in offline first before establishing connectivity to your online vault and prompting for your authenticator code. This may cause LastPass to AutoFill any login credentials you have saved in LastPass for the current page you are on. If you wish to disable offline access, you may do so in your account settings.
Table of Contents
- Help Center and FAQs
- Downloading and Installing LastPass
- LastPass Mobile
- LastPass App for Mac
- Your LastPass Icon
- Your LastPass Vault
- Adding & Filling Sites
- Editing an Existing Site Entry and Editing Form Fields
- Importing Passwords
- Account Settings
- Browser Extension Preferences
- Secure Notes & Attachments
- Password Generator
- Form Fill Basics
- Multifactor Authentication
- LastPass for Applications
- LastPass Security Challenge
- LastPass Credit Monitoring
- LastPass Sentry
- LastPass Command Line Application
- LastPass via USB
- Windows 8 Metro
- Uninstalling & Deleting
- Site Map