Autenticação Multifatorial

Time-based One-Time Password Authentication

In addition to the above multifactor authentication options, LastPass also works with Time-based One-Time Password Authentication (TOTP) such as Authy and Microsoft Authenticator. Clique em aqui to see the full list of options:

Before you get started to enable the multifactor authentication (MFA), be sure you’re running the latest updates for the LastPass browser extensions and mobile apps. You can always find the latest updates here: https://lastpass.com/download

A seguir, follow the steps below to enable it in LastPass Account Settings:

1. Download the MFA app of your choice from the app store on your mobile device
2. Follow the instructions on the app’s welcome screen to set up the app on your device if needed. The example is Authy. If you use Microsoft Authenticator app, you can skip the steps 3 para 6 and go to LastPass Account Settings in step 7.
3. Authy will then send you a verification email to either your email or via SMS to your phone.
4. Tap the option to add a new account.
5. Create a password for Authy backup codes (be sure to store this password in LastPass!).
6. Login to your LastPass account on a desktop PC or laptop browser.
7. Open the LastPass Icon > O Meu Cofre LastPass > Account Settings on the left menu.
8. Clique no “Opções Multifatoriais” separador.
9. Scroll to the “Google Authenticator” opção.
10. Clique em “editar” for the Google Authenticator option.
11. Next to the Barcode field, clique “view”.
12. Enter your master password when being prompted
13. In the MFA app on your phone, tap the Scan QR Code button.
14. Hold your phone up to the computer to scan the Google Authenticator barcode.
15. Clique em “done” in the MFA app on your phone. Now your MFA token should appear and re-generate every 30 segundos.
16. On your desktop browser, click Enable.
17. Enter the MFA code on your mobile device to pair the MFA app with your LastPass account when being prompted
18. Click Update and enter your master password again to complete the process
19. The next time you login to LastPass you will be prompted to enter your authentication code. Just open the MFA app, and enter the code when prompted.

Smart Card

O LastPass tem suporte experimental para leitores de smart cards como função Premium. Atualmente, apenas os computadores que executam o Windows, Mac OS X, ou Linux, SafeSign middleware, e Internet Explorer, Firefox, ou Chrome suportam esta funcionalidade. Safari e Opera podem ser suportados pela instalação de um componente binário adicional.

OpenSC is also supported as an alternative to SafeSign (currently only on Windows and Linux). Por favor, note que uma vez que alguns navegadores ainda são executados no modo de 32 bits, mesmo em versões do Windows de 64 bits, você poderá precisar de instalar versões do OpenSC tanto de 64 bits como de 32 bits.

• Para o Windows, certifique-se que aetpkss1.dll ou opensc-pkcs11.dll estão presentes no seu sistema (normalmente em C: Windows System32).
• Para o Mac OS X, certifique-se que libaetpkss.dylib está presente no seu sistema (normalmente em /usr/local/lib).
• Para o Linux, please ensure libaetpkss.so or opensc-pkcs11.so is present on your system (typically in /usr/lib).

Certifique-se que um smart card está inserido no seu leitor de cartões antes de tentar ativar a autenticação de smart card. Também, certifique-se que uma chave RSA está presente no seu smart card. Esta chave RSA tem de ser capaz de encriptação e desencriptação para que o LastPass possa verificar a segurança do seu cartão.

Para ativar a autenticação de smart card:

1. Abra um navegador suportado com a mais recente extensão LastPass instalada.
2. Faça Login no LastPass como um utilizador Premium.
3. Open the LastPass Icon > O Meu Cofre LastPass > Account Settings on the left menu.
4. Clique no “Opções Multifatoriais” separador.
5. Choose the Fingerprint/Card Reader Authentication option and click the pencil icon to open the edit window.
6. Enable Card Reader.
7. Introduza a sua senha mestre LastPass, e depois siga o resto das instruções no ecrã.
8. Clique em Atualizar.

Whenever you login with Multifactor Authentication enabled, you are prompted to use your authentication code to login. Underneath the entry field for your code , there is a link entitled:

“If you lost your device, click here to disable authentication.”

ou

“I’ve lost my device.”

Clicking this link will send an e-mail to your LastPass account e-mail address (or security e-mail address if you have set one), that will contain a link that will temporarily disable your Authenticator. If you are unable to access your e-mail for some reason, and have lost your Authenticator device, please do the following:

• Check your email settings. Go to your A Minha Conta page (LastPass Icon > More Options > Avançado > My Account) > Email Notifications > Change Settings. Make sure the appropriate email types are enabled.
• The email may have blocked by an email filter or sent was sent to Spam. To ensure that this does not occur, please add support@lastpass.com as a contact and to your email filter’s whitelist. Then prompt LastPass to send you another email.

If you have a security email set, the email you are looking for may be there. Note that your security email is different then the email you use to login to LastPass with.

*Note: This does not apply to LastPass Authenticator. If you need to disable LastPass Authenticator, please contact your Enterprise Admin or the LastPass support team.

If you do not want to be prompted for Multifactor on devices that you trust, you can enable your device as “Trusted”. When logging onto a computer using multifactor authentication, o LastPass irá dar-lhe a opção de tornar o computador um computador de confiança ao ativar Confiar neste computador:

Nota: You see the trusting option when using LastPass plugin on desktop browsers, LastPass mobile app, and LastPass native app on Windows and OS X. You will not see this option when logging via lastpass.com.

You can disable a trusted computer at any time by going to the LastPass Vault > click on Account Settings on the left menu > Trusted Devices tab and de-selecting the check box under Enabled column next to the entry or delete the entry entirely by clicking the x sign. If you want to rename the trusted devices, click on the pencil edit icon and type the new name into the field. Then hit Enter to save the change.

When multifactor authentication is enabled, you can choose whether to allow LastPass to store an encrypted vault locally so you can log in without an internet connection or not. Se você ativar o acesso off-line, you will be able to login without using Multifactor (with the exception of Yubikey) in case of a connectivity issue.

Com algumas configurações de internet (geralmente conexões sem fio e acordar do sono), o LastPass pode entrar off-line antes de estabelecer a conectividade com o seu cofre on-line e solicitar o seu código autenticador. Isso pode fazer com que o LastPass Preencha Automaticamente quaisquer credenciais de login que você tenha guardado no LastPass para a página atual em que você se encontra. Se você quiser desativar o acesso off-line, poderá fazê-lo nas suas configurações de conta.

Some multifactor authentication options have a ‘Permit Mobile Device Access’ option in the multifactor settings. This allows users to access their account via a mobile device without prompting for their multifactor while using a form of multifactor that is not supported on mobile devices (e.g. Yubikey). If ‘Permit Mobile Device Access’ is enabled, users will be required to setup a backup multifactor option that does not permit mobile device access. Portanto, users who attempt to login to their account on a mobile device, will then be prompted for their 2nd (backup) multifactor option.

Por favor note que, that in order to disable the 2nd (backup) multifactor authentication, the 1st one will need to be toggled back to “Disallow” in multifactor settings.