LastPass Authenticator Now Easier To Use With Cloud Backup Feature

News
By Lucian Armasu
published

LastPass announced a new cloud backup feature for its LastPass Authenticator (not to be confused with the LastPass Password Manager), which should remove some of the hassle of changing or resetting phones for its users.

Two-Factor Authentication

Two-factor authentication seems to be gaining steam lately as more companies experience data breaches. Two-factor authentications come in multiple forms, such as an SMS code (not recommended anymore), Time-Based One-Time Password (TOTP) code, or a public key paired with a private key inside a hardware token.

Attackers can’t access your account when a second-factor protects it, even if they have your password. It’s usually significantly harder to gain your second-factor code than it is to get your password. They can gain the passwords in bulk in a data breach, whereas to gain your second-factor code, they need to hack you, specifically. Plus, they still need your password, too, to be able to enter your account.

LastPass Authenticator’s Cloud Backup

LastPass Authenticator's new cloud backup feature is opt-in, so users have to enable it in the app settings manually. It also works in conjunction with the LastPass Password Manager, which has to be installed first on a mobile device.

When the user enables the feature, the seed key of the QR code is stored on LastPass’ servers to remember all of the user’s two-factor authentication pairings for various websites. Thus, when the user resets or changes phones, those pairings can be retrieved from LastPass’ servers instead of the user having to go to each site to re-pair.

When the user launches the LastPass Authenticator on a new phone or a freshly reset phone, he or she will be asked to add a new account manually or restore from backup. According to LastPass, restoring takes only a few seconds, and then everything should work just as before.

LastPass said that the new cloud backup feature shouldn’t increase a user's level of risk and they should be able to use the LastPass Authenticator as a second-factor for the LastPass Password Manager, too.

However, it’s not usually a good idea to store everything in one place. Users who are worried about this may want to use a different authenticator to log in to the LastPass Password Manager itself while using the LastPass Authenticator for all of their third-party websites.

Lucian Armasu
Lucian Armasu
Lucian Armasu is a Contributing Writer for Tom's Hardware US. He covers software news and the issues surrounding privacy and security.
4 Comments Comment from the forums
  • dstarr3
    Gotta admit, I've been using LastPass for about a year now, and I really dig it. 2FA just makes it even better.
    Reply
  • lahma
    Agreed. LastPass and other services like it would make the internet and devices much more secure if only an exponentially higher number of people would use them. Sure, 2FA and account-specific random passwords aren't going to stop all attacks (such as phishing and taking advantage of user's ignorance), but it does make attacks much more time consuming and targeted, meaning in many cases, it just won't be worth the attacker's time.
    Reply
  • rantoc
    Also makes surveillance/hacking that much easier, access to one key place and wham access to all. Kinda like the store everything on the cloud approach, collect all eggs in one basket and once that drops everything is lost...
    Reply
  • dstarr3
    19720396 said:
    Also makes surveillance/hacking that much easier, access to one key place and wham access to all. Kinda like the store everything on the cloud approach, collect all eggs in one basket and once that drops everything is lost...

    Except everything on LastPass' servers is end-to-end encrypted, so even if someone did hack their servers, they wouldn't get any useful data out of it.
    Reply