Anything that has to do with passwords and password management requires as many layers of security as you can wrap around it. Especially, if it is a cloud based password manager like LastPass. Yes, we are living in paranoid times and it is always wise to batten down the stable door. LastPass as we have seen with our numerous previous articles, is definitely among the top-tier applications when it comes to password management. To add to all the other security barriers, LastPass has tried to make itself more impregnable by adding Google Authenticator support.
Multi-factor authentication is the norm now. Google Authenticator and its 2-step verification process has been a part of Google services for some time. Basically, Google Authenticator uses a mobile app that generates a security code even if you mobile device does not have an internet connection. This unique code is the second layer of security after your username and password. The Google Authenticator app is available for Android, iOS, and Blackberry. See the aforementioned Google Authenticator link for download and installation instructions.
Step 2. Browse to this LastPass page and log in with your credentials. You enter into the Google Authenticator tab inside your LastPass settings page.
Step 3. As is explained clearly on the tab, you have to open the Google Authenticator app (which you installed in the first step) on your mobile device and scan the bar code that is displayed.
Step 4. You can click on the blue link that says – Click here if you are unable to scan the barcode…– if you don’t have a camera or there is some other problem.
Step 5. When you point your camera at the bar code on the screen, the scan gives you a verification code as shown in the screen below (I have blocked out my Gmail ID in the screenshot, with which the account is associated):
Step 6. Click on the dropdown for Google Authenticator Authentication and set it to Enabled. Enter the Google Authenticator code in the pop-up box. Google Authenticator authentication is complete.
Step 7. Now, all you have to do as a final step is to hit Update button at the bottom, enter your LastPass Master Password again and you are done.
As a failsafe if you don’t have internet connection, you can choose whether to allow LastPass to store an encrypted vault locally. If you enable offline access, you will be able to login without using your Google Authenticator code in case of a connectivity issue.
Two-factor authentication is highly recommended because it just makes it that much more difficult for hackers to get to your passwords. Wouldn’t you agree? Tell us if you think that 2-Factor verification is the way to go as a cure for paranoia.