LastPass supports multifactor authentication with Duo Security. It is a secure, two-factor authentication application offered for all leading smartphone platforms, including Android, iPhone, Blackberry, and Windows Phone. You can get Duo Security here: https://www.duosecurity.com/editions
Set Up A New Application
- In order to use Duo Security, a Duo account is required. Register for an account here: https://www.duosecurity.com/lastpass.
- Login to your Duo account.
- In the left menu, choose Applications > Protect Application
- Search for LastPass in the list and click Protect this Application
- On the next page, you’ll find the following information: Integration key, Secret key, and API hostname. Note these values for later.
- Optionally set up additional settings such as Group policies and Username Normalization in the Duo Admin Console. Find all options here.
Set Up DUO In LastPass Admin Console
Once you have finished setting up your new integration, then you will need to enter Duo Integration information in LastPass Admin Console.
In Admin Console, click Advanced Options > Enterprise Options > Duo Security tab. Enter the required information here including the Value field and click Update.
Enable Duo Security As End Users
Users will be prompted to enable Duo Security or select Duo Security as a multifactor authentication option when they log in to their LastPass accounts. Below is an example of the prompt to confirm Duo Security Username that users should see:
Click Ok to proceed. On the next page users will be prompted to enroll their devices:
On the next page, click Start Setup button:
You will then see another screen which will prompt you to choose which type of device you would like to enroll to use for two-factor authentication. Please note that LastPass currently only supports the enrolling of a single device:
Select the type of device that you would like to enroll and then click the “Continue” button. You will then be given on-screen instructions on how to enroll each specific device. Once you have enrolled the device(s) that you would like to use for Duo authentication, you can then use it to authenticate you in the login process.
Select Duo Push or SMS As End Users
When you finish enabling Duo Security as end users, you will be presented with the Duo Authentication Window after entering your login credentials to log in to LastPass next time. This is when you can switch from Duo Push to authentication codes via SMS. On the window, click “Next SMS password starts with 3 (send more)” link to have the codes sent to your registered device.
If you wish to switch back to Duo Push, please contact your Enterprise Admins to have them disable Duo Security for your account in Admin Console > Users tab first. Then delete your registered device in Duo Admin Panel > Devices so you can start over.
If you have switched phones or Duo tokens, follow the steps below to reset up your LastPass account with Duo:
- Disable Duo authentication for your LastPass account.
- Have the duo admin go to Duo Admin Panel > Users tab > click on your account and remove your phone number under Phones*.
- Log into your LastPass account and re-enable Duo authentication. You will be prompted to enroll your device again.