Sesame: Multifactor Authentication with a USB Thumb Drive

LastPass Premium members can use an ordinary USB thumb drive as a second form of authentication when logging into their LastPass account. Having a physical second form of authentication will help further ensure that your account will remain safe because both your Master Password and your USB thumb drive are required to log in.

Enabling Sesame

If you are already a Premium member, you can simply download Sesame onto your USB device and run the application.  You will see the empty Sesame dialog:

On your first run, you will be prompted to activate the software by Adding your LastPass login to the user list.  Then, you will be sent an e-mail asking you to confirm the registry of Sesame.

By default, the email link will expire after 10 minutes to protect your security. If you click on the link and it says ‘Link Expired’, please re-send yourself the activation link and try again.

Once activated, Sesame will create secure One Time Passwords (OTP) that are subsequently required to login. You have the choice to copy the OTP to the clipboard or launch the browser and pass the value automatically.

Like all our multi-factor authentication options, you can elect to enable or disable Mobile and Offline Access within the settings for your particular username in Sesame:

 

If you lose your USB device, you can disable Sesame authentication by logging in to LastPass and using the link on the bottom of the Sesame screen.

To disable Sesame while you still have your device, Launch Sesame > select your username > Edit > enter your Master Password > select ‘No, disable Sesame’ > OK.

Sesame is a cross platform application that is available for Windows, Mac and Linux.

Note for Linux users

The USB device is mounted noexec, which prevents running executables from the drive. To fix, remount the device with the exec flag, for example by “sudo mount -o remount,exec <device> <mountpoint>”.

Watch the Tutorial for Using Sesame