Storing your passwords in the cloud is convenient, but security can be a concern. LastPass provides two free multi-factor authentication methods to lock your password vault up tight: a mobile app or a piece of paper.
With two-factor authentication, you need more than just your password to log in. Even if your LastPass password is captured by a keylogger, no one can log into your account without the second authentication key. Only one two-factor authentication method can be enabled at a time, so choose the one you prefer.
LastPass supports Google Authenticator, which is officially available as an app for Android, iPhone, iPod Touch, iPad and BlackBerry devices. Unofficial apps are also available for Windows Phone, webOS and Symbian.
After you’ve installed the Google Authenticator app on your mobile device, click here and log in with your LastPass account. The link will take you to the Google Authenticator tab in your LastPass account’s Settings window.
Launch the Google Authenticator app on your mobile device and use the scan function to scan the QR code displayed on your screen. If your device doesn’t have a camera or you’d rather type in a code manually, you can click the “Click here if you’re unable to scan the barcode” link and use the Manually Add Account function to type in the displayed code.
Your LastPass account will appear in the list after you add it.
Next, click the Google Authenticator Authentication drop-down box and set it to Enabled. You’ll be asked to enter the current code from your Google Authenticator app. After that, click Update and you’ll be secure.
The next time you log into your LastPass account from an untrusted device, you’ll be asked for your current code. Each code is temporary; the codes change every 30 seconds. LastPass allows you to disable the authentication via an email confirmation if you ever lose your mobile device.
Don’t have a mobile device or just don’t want to use one? Don’t worry, LastPass also offers a paper-based multi-factor authentication system known as “grid.”
To enable grid, access the LastPass website and log into your LastPass vault. Click the Settings link at the left side of your screen to access your account settings.
Access the Security tab and use the Print Your Grid link to view your grid.
Print this grid to a piece of paper; you’ll need it to log in. You may want to print multiple copies.
After you print the grid, activate the Enable Grid Multifactor Authentication check box and click Update.
The next time you log in from an untrusted device, you’ll be prompted to enter several values from your grid. No one without access to your grid will be able to log in. If you lose your grid, you can disable grid authentication via email confirmation.
If either form of authentication is compromised, you can use the “Reset Your Grid” or “Click here to regenerate your Google Authenticator key” link in your LastPass settings window.
LastPass also supports using a USB flash drive, fingerprint reader, smart card or YubiKey as an authentication device. Each requires a LastPass Premium subscription to use.
Chris Hoffman is a technology writer and all-around computer geek. He's as at home using the Linux terminal as he is digging into the Windows registry. Connect with him on Google+.
- Published 02/6/12