Worried about hackers signing into your accounts? If you implement two-factor authentication, it's not enough to simply know your username and password; you 'll also need to provide a secure code from your phone when logging in on an unknown device for the first time.
The most famous example of this is Google Authenticator, and LastPass Authenticator basically takes this a tiny step further – but you'll need a LastPass account to use it.
It's a bit convoluted to set up – and not well explained from within the app itself. Log into your LastPass account through the web, select Account Settings > Multifactor Authentication and click the pencil button next to LastPass Authenticator to set it up. You then install the app, use its camera to scan in the QR code and the device is paired. Add a secondary phone as a backup option (for receiving authorisation codes by text) and you're done.
By default, LastPass will now use this for secondary authentication whenever you log in from a previously unknown device. The big advantage over its obvious rival – Google Authenticator – is that it supports two additional methods of authentication in addition to the six-digit code that pops up within the app itself. You can receive codes via text to your backup device, plus – and this is the clincher – use the app to authenticate your LastPass account with a single tap, saving you the bother of entering any codes at all.
Of course, the long-term success (or failure) of LastPass Authenticator will depend on the third-party apps and services it supports. The good news is that it's TOTP compliant, which means it'll work with any service that Google Authenticator supports, including Google services themselves. You just follow the same procedure for Google Authenticator, but using your LastPass Authenticator app instead.
The key selling point is the one-tap authentication, but this only works with your LastPass account – in other words, it'll speed things up considerably for LastPass users, but for other accounts you're stuck with the code or the fall-back text method.
There's one other major issue too: no in-app security. Once someone's into your phone, they can launch the app and access your codes without any further challenges. We'd like to see additional layers of security implemented in future updates to help you protect the app itself in case your phone gets stolen.
What's New in Version 1.2.434
Some promise here, but the app's main selling point – one-tap authentication – only works with your LastPass account. There's also an issue over the app's own security.