The company advised users to make use of the feature only after enabling two-factor authentication for the LastPass service itself – not doing so would mean nullifying the advantages of two-factor authentication, since anyone who gained access to a user’s LastPass account would then also be able to log into services supposedly protected by one-off authentication credentials.
“Everyone should be using MFA we believe it’s foundational to online security,” LastPass said in a blog post announcing the feature. The cloud backup feature means that when two-factor authentication is set up for an account, the key generator is stored online and can be automatically restored when the user sets up LastPass Authenticator on a new device. Until now, however, if the user’s device was lost or became unusable, they would be required to set up the TOTP feature once again for each of their online accounts on a new device, a potential incovenience LastPass said may have dissuaded some from setting the feature up in the first place. LastPass Authenticator can be used along with a standard LastPass account that stores a user’s password for all their online services.
To set up the feature, users typically scan a visual code that’s unique to the the account in question, and the resulting key generator is used to produce temporary credentials that are each valid for around one minute. LastPass Authenticator is one of the mobile apps that can be used to provide these credentials, competing with similar offerings from Google, Microsoft and others.
Organisations including Google, Microsoft, Dropbox, Evernote and GitHub allow users to add a second login step that involves a standardised way of generating a temporary password, called a Time-based One-Time Password (TOTP). Password management service LastPass has added a cloud backup feature to its Authenticator two-factor authentication (2FA) tool, meaning the keys used to generate its one-off login codes can be stored online along with the user’s standard passwords.
0 kommentar(er)
