LastPass Authenticator aims to make two-factor authentication simpler
LastPass has released LastPass Authenticator 1.0 for Android, iPhone and Windows Phone. It’s aimed at LastPass users who want a simple and convenient way to add two-factor authentication to their major online accounts.
The app is TOTP-compliant, so works with the same services as the better known Google Authenticator app, but aims to carve a niche for itself with a unique proposition for end users.
Like Google Authenticator, LastPass Authenticator works by generating six-digit codes for users to manually enter into sites when logging on through a new device with two-factor authentication enabled. Users can also set a backup phone as a secondary form of authentication -- when prompted, a text message containing the code is sent to the phone in question.
LastPass Authenticator requires a LastPass account to work, but aims to make this worthwhile for users of the service by adding a third, simpler option for those authenticating their LastPass.com accounts -- instead of entering a code, users can tap the green button on their device to authenticate automatically.
It’s a bit convoluted to set up -- and not well explained from within the app itself. Log into your LastPass account through the web, select Account Settings > Multifactor Authentication and click the pencil button next to LastPass Authenticator to set it up. You then install the app, use its camera to scan in the QR code and the device is paired. Add a secondary phone as a backup option (for receiving authorisation codes by text) and you’re done.
Users have already highlighted one major issue -- the complete lack of any in-app security. Once launched, the app simply generates codes -- there’s no additional challenges made, and users cannot (yet) add extra layers of protection like an in-app passcode or password challenge.
LastPass Authenticator 1.0 is available now as a free download for Android, iOS and Windows Phone. A free LastPass.com account is required to use it.