Password management service LastPass has added a cloud backup feature to its Authenticator two-factor authentication (2FA) tool, meaning the keys used to generate its one-off login codes can be stored online along with the user’s standard passwords.
Organisations including Google, Microsoft, Dropbox, Evernote and GitHub allow users to add a second login step that involves a standardised way of generating a temporary password, called a Time-based One-Time Password (TOTP).
LastPass Authenticator is one of the mobile apps that can be used to provide these credentials, competing with similar offerings from Google, Microsoft and others.
To set up the feature, users typically scan a visual code that’s unique to the the account in question, and the resulting key generator is used to produce temporary credentials that are each valid for around one minute.
LastPass Authenticator can be used along with a standard LastPass account that stores a user’s password for all their online services.
Until now, however, if the user’s device was lost or became unusable, they would be required to set up the TOTP feature once again for each of their online accounts on a new device, a potential incovenience LastPass said may have dissuaded some from setting the feature up in the first place.
The cloud backup feature means that when two-factor authentication is set up for an account, the key generator is stored online and can be automatically restored when the user sets up LastPass Authenticator on a new device.
“Everyone should be using MFA; we believe it’s foundational to online security,” LastPass said in a blog post announcing the feature.
The company advised users to make use of the feature only after enabling two-factor authentication for the LastPass service itself – not doing so would mean nullifying the advantages of two-factor authentication, since anyone who gained access to a user’s LastPass account would then also be able to log into services supposedly protected by one-off authentication credentials.
“This new, opt-in feature… does not increase the level of risk to a user’s credentials stored within LastPass when their LastPass account is protected with multifactor authentication,” LastPass stated.
Users might still hesitate to switch the cloud backup feature on, however, since LastPass has been affected by a number of security issues in recent weeks, including several in the main LastPass service in March and a design flaw in LastPass Authenticator last month.
How well do you know the cloud? Try our quiz!
Thoma Bravo agrees to acquire Darktrace for $5.32 billion in cash, delivering some welcome news…
Customer adoption of AI services embedded in cloud services continues to deliver results for Microsoft,…
TikTok's 'secret source' algorithm is so core to ByteDance, it would rather shut down US…
After relocating from California to Texas in 2020, Oracle's Larry Ellison now reveals plan to…
Share price hit after Meta admits heavy AI spending plans, after posting strong first quarter…
For third time Google delays phase-out of third-party Chrome cookies after pushback from industry and…