How To Enable Multifactor Authentication in LastPass [gallery]

Written by Brian Burgess

First, NSA. Now, Heartbleed. It’s time to enable two-factor or multifactor authentication in LastPass, Google or other systems you use. Here’s how. And why.

aNewDomain.net — With all the news about the Heartbleed server security bug and the continuing NSA e-surveillance revelations, it’s time to take online security seriously. Multifactor authentication is your best bet at heading off government spies, and Heartbleed hackers, at the pass. Here’s Brian Burgess with How To enable multifactor authentication in LastPass.

If you’re not already using LastPass, you should be. Even without all the hoohah, it’s a great password manager that generates strong passwords, helps you keep track of them and keeps your passwords safely encrypted in a secure vault in the cloud. To keep your passwords even more secure, it’s easy to enable multifactor authentication in LastPass.

Multifactor authentication — also often called two-factor authentication (TFA, 2FA, T-FA), two-step or multifactor verification — keeps your data more secure than just a regular password. It provides an extra layer of protection for your online accounts just by adding another layer of verification for your account. After you enter your password, the system will ask you a second time for a personal identifier to verify that you are who you say you are.

This could arrive in the form of a unique code sent as a text to your smartphone — Gmail offers this. Or you might get the code via apps that generate a unique code for you every time, such as with Google Authenticator for iOS devices or Android. On Windows Phone, there’s a free app for multifactor authentication that is an eponymous Authenticator. Of all the vendors, though, Google gives you the most avenues to access your 2FA code. It will even call your home phone with the code. Check out my Google Authenticator screen below.

sshot-14

How services send you the second code for verification will vary depending on how the company implements its 2FA features.

Google lets you use Google Authenticator to send you its code to your smartphone, or it even will call your landline with the code, as I showed above.

Now let’s look at LastPass. While LastPass is a secure solution for passwords, it adds an extra layer of protection that is even better. Noted security expert Steve Gibson recommended LastPass in his TWiT podcast — Security Now Episode 450 — the show where he discussed Heartbleed ramifications and overall computer security. We at aNewDomain.net couldn’t agree more. LastPass has been our featured Friday utility six times in the last four years.

LastPass Multifactor Authentication

Sign in to your LastPass account and click Settings in the Actions menu on the left.

sshot-1

When the Edit Settings box comes up, click the Security tab on the top.

Then select Grid Multifactor Authentication.

sshot-2

Now for the most important part: Click Print your Grid.

sshot-3

LastPass will take you to a page with a number-by-letter grid. This grid is unique to your account and can only be used by you. Right click the page. Select Print.

sshot-4

In addition to printing out the grid, I recommend you also save the file as a PDF and store it in a secure location.

That way you’ll always have it when you need it.

sshot-5

After you”ve saved the grid, check Grid Multifactor Authentication.

Then click OK to the warning message that comes up next.

sshot-6

Now click the Update button at the bottom.

sshot-7

And enter in your master password to confirm the multifactor authentication in LastPass.

sshot-8

The next time you log in, you’ll need to enter in your master password — and you’ll also need to use the grid you printed out to enter in the values for each coordinate.

You’ll need that grid to find the four digits it wants — digits that are found only using the grid unique to your account.

sshot-9

It’s a lot to go through to add another layer of protection in LastPass, but remember that you only need to do it once for each computer you log into.

Just check that the computer is trusted and give it a name. You’ll need to go through this process for each computer and mobile device you use. Privacy is a hard job, but someone’s got to keep things in order. It ought to be you.

One caveat to this is, you can’t always use multifactor authentication in LastPass on your mobile devices.

For example I get an error message when launching the LastPass app on iPad Mini with Retina running iOS 7 and on iPod Touch running iOS 6.

I’m still able to go into LastPass via Safari or Chrome on Apple iOS , though that does weaken the convenience and effectiveness of multifactor authentication in LastPass.

I should add that you do get the option to disable the grid multifactor authentication in LastPass. An email with the instructions for that are sent to your email when you set up the option.

And, after you disable multifactor authentication in LastPass, it is possible to turn it back on later.

With the exception of my iOS 6 and iOS 7 multifactor authentication in LastPass problems, the feature and app work well with other mobile systems I’ve tried. I’ve personally verified that multifactor authentication in LastPass works with the Google Nexus 7, Windows Phone 8.1, and Kindle Fire HDX.

Error

For aNewDomain.net, I’m Brian Burgess.

Based in Pelican Rapids, MN, Brian Burgess led the relaunch of BYTE with Gina Smith, co-founded aNewDomain.net with Gina, John C. Dvorak and Jerry Pournelle in 2011, and serves as the editor-in-chief of GroovyPost.com. He is the How To gallery captain here at aNewDomain.net. Email him at Brian@aNewDomain.net or Brian@Groovypost.com and find him on Google + and on Twitter as @mysticgeek.