Duo Security


LastPass supports multifactor authentication with Duo Security. It is a secure, two-factor authentication application offered for all leading smartphone platforms, including Android, iPhone, Blackberry, and Windows Phone. You can get Duo Security here: https://www.duosecurity.com/editions



Set Up A New Application


  1. In order to use Duo Security, a Duo account is required. Register for an account here: https://www.duosecurity.com/lastpass.
  2. Login to your Duo account.
  3. In the left menu, choose Applications > + New Application
  4. For Application type, choose “LastPass”. Pick any name for your Application name
    Duo-Application Type
  5. Click Create Application.
  6. On the next page, you’ll find the following information: Integration key, Secret key, and API hostname. Note these values for later.



Set Up DUO In LastPass Admin Console


Once you have finished setting up your new integration, then you will need to enter Duo Integration information in LastPass Admin Console.

In Admin Console, click Setup > Add Policy > Select either Require Use of Duo Security or Require Use of Any Multifactor Options. Enter the required information here and click Save.

Duo - Setup In Admin Console


Enable Duo Security As End Users


Users will be prompted to enable Duo Security or select Duo Security as a multifactor authentication option when they log in to their LastPass accounts. Below is an example of the prompt to confirm Duo Security Username that users should see:

Enable Duo - Step 1 - Login


Click Ok to proceed.  On the next page users will be prompted to enroll their devices

Enable Duo - Step 2- Enroll Device

On the next page, click Start Setup button.



You will then see another screen which will prompt you to choose which type of device you would like to enroll to use for two-factor authentication. Please note that LastPass currently only supports the enrolling of a single device:



Select the type of device that you would like to enroll and then click the “Continue” button. You will then be given on-screen instructions on how to enroll each specific device. Once you have enrolled the device(s) that you would like to use for Duo authentication, you can then use it to authenticate you in the login process.



Select Duo Push or SMS As End Users


When you finish enabling Duo Security as end users, you will be presented with the Duo Authentication Window after entering your login credentials to log in to LastPass next time.  This is when you can switch from Duo Push to authentication codes via SMS. On the window, click “Next SMS password starts with 3 (send more)” link to have the codes sent to your registered device.

Duo - Select To Send SMS


If you wish to switch back to Duo Push, please contact your Enterprise Admins to have them disable Duo Security for your account in Admin Console > Users tab first. Then delete your registered device in Duo Admin Panel > Devices so you can start over.