The QR code, and decoded data which it contains, are shown below. Once scanned, the LastPass Authenticator app is then associated with the user’s LastPass account and will be used to verify all future logins. After clicking to enable LastPass Authenticator, the user is presented with a QR code to scan using their device’s camera. This is accomplished by logging into the LastPass account on a workstation, then accessing the “Multifactor Options” found under the LastPass Vault > Account Settings menu. LastPass Authenticator Setup ProcessĪfter installing the LastPass Authenticator app, users must associate their device with their LastPass account. Protocol analysis and TLS decryption was performed using MITM proxy, along with a number of other packet sniffing and analysis tools. For this examination, we studied the behavior of LastPass Authenticator as installed on an Apple iPhone 5S. We’ve looked at the enrollment and authentication processes in detail in our lab in order to better understand the technology being used and whether or not the security is adequate for protecting a high-value asset such as LastPass. In this post, we’ll take an in-depth look at the architecture, communications, and security of the LastPass Authenticator app. In March of 2016, LastPass announced the availability of LastPass Authenticator, a smartphone app that provides push-based multi-factor authentication (MFA) for users of their cloud-based password management service. Recommendation: Use LastPass Authenticator for personal and premium accounts, but stick with Duo or YubiKey for MFA with LastPass Enterprise.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |