LastPass Premium members can use an ordinary USB thumb drive as a second form of authentication when logging into their LastPass account. Having a physical second form of authentication will help further ensure that your account will remain safe because both your Master Password and your USB thumb drive are required to log in.
If you are already a Premium member, you can simply download Sesame onto your USB device and run the application. You will see the empty Sesame dialog:
On your first run, you will be prompted to activate the software by Adding your LastPass login to the user list. Then, you will be sent an e-mail asking you to confirm the registry of Sesame.
By default, the email link will expire after 10 minutes to protect your security. If you click on the link and it says ‘Link Expired’, please re-send yourself the activation link and try again.
Once activated, Sesame will create secure One Time Passwords (OTP) that are subsequently required to login. You have the choice to copy the OTP to the clipboard or launch the browser and pass the value automatically.
Like all our multi-factor authentication options, you can elect to enable or disable Mobile and Offline Access within the settings for your particular username in Sesame:
If you lose your USB device, you can disable Sesame authentication by logging in to LastPass and using the link on the bottom of the Sesame screen.
Sesame is a cross platform application that is available for Windows, Mac and Linux.
Note for Linux users
The USB device is mounted noexec, which prevents running executables from the drive. To fix, remount the device with the exec flag, for example by “sudo mount -o remount,exec <device> <mountpoint>”.
Administering Sesame in Enterprise
You can require Sesame for your users via the ‘Require LastPass Sesame’ policy. This policy can be enabled for your Enterprise account by accessing your Enterprise console and clicking the ‘Setup’ tab > ‘Add Policy’ button > Select ‘Require LastPass Sesame’ from the dropdown menu:
Table of Contents
- Getting Started
- Admin Dashboard
- Shared Folders
- LastPass Single Sign-on for Applications
- Advanced Options
- Multifactor Authentication
- Terminating User Accounts from Your Enterprise
- LastPass for Applications
- Site Map
- Sample Survey
- Email Templates for End User Roll Out and Training