The best way to improve your digital security and protect your identity online is to get a password manager.
These services store and replay your passwords so you don’t have to remember them.
They also generate complex, unique passwords so that each of your logins is safe should one get stolen, instead of all your accounts going down because you use the same password (or handful of passwords) on every website.
But many have rightly pointed out that this makes your password manager a precious thing, and one that needs to be carefully secured.
That’s where two-factor authentication enters the picture, with apps like LastPass Authenticator.
This simple iPhone app lets you quickly and securely log in to LastPass, and adds an additional layer of security for any site that supports Google Authenticator.
For those unfamiliar with two-factor authentication, it’s a mode of authentication that goes beyond simple passwords.
Instead, you use two of the following three things to prove your identity: something you know (such as a password), something you have (such as a secure app, or an authorized phone), and something you are (such as a biometric check, like scanning your fingerprint).
The idea is that if someone steals your password, they still won’t be able to log in to your account. While it might just seem like an extra hoop to jump through, two-factor authentication is a simple way to greatly increase your personal security.
The Forging of LastPass AuthenticatorSetting up LastPass Authenticator couldn’t be simpler.
It’s available as a free download from the iPhone App Store and took just seconds to install on my iPhone 6.
If you’re not hip to Apple’s phones, LastPass has versions of its authenticator for Android and Windows Phone.
Once the app is installed, it prompts you to log in to your LastPass account from a computer.
This is perhaps the biggest hurdle to setting up your account, as it requires a second device. You then navigate to the Multifactor portion of the LastPass settings (the second-biggest hurdle, if you’ve never looked at it before) and click the pencil icon next to LastPass Authenticator to edit your settings.
This was easy for me since I have done it so many times for so many other tools, but new users might benefit from a more thorough tutorial in the LastPass Authenticator App.
You’re then walked through a three-step setup process that links the LastPass Authenticator app to your account.
First, snap a picture of the LastPass-generated QR code. Next, enter the phone number you want to use to receive SMS codes should LastPass Authenticator be unavailable, which is a great feature.
Finally, confirm your settings and you’re ready to go.
Now whenever you log in to LastPass, it prompts you to enter your authentication code and sends a push alert to your phone. You can open the LastPass Authenticator app and type in the randomly generated code that refreshes with a new code every few seconds, but there’s a better way.
Swiping the push alert and you’re taken to a screen where you simply tap a confirmation button.
And then you’re logged in.
One Authenticator to Rule Them AllOne of the features I love in LastPass is that it even the free version supports numerous multifactor authentication options.
Free account users can enable the LastPass Authenticator, Duo Mobile, Google Authenticator, Transakt, Microsoft Authenticator App, Grid Multifactor Authentication, and Twilio Authy. LastPass Premium subscribers get access to more options.
These include Sesame Multifactor Authentication and the family of Yubico YubiKey devices.
It also includes fingerprint authentication, which is a bit annoying for free users whose phones already support biometric authentication.
Google Authenticator is the simplest of all these options.
The free service lets you pair your device to different services using scannable QR codes. You then log in by entering your password and, when prompted, a randomly generated six-digit one-time-use passcode.
Codes change regularly, and you must enter them within the time allotted for each code.
It’s extremely flexible, works with many different services, and can be used to authenticate apps on the same device on which you have Google Authenticator installed.
The only downside is that entering six digit codes before they expire can be a little nerve-wracking.
Duo Mobile is a slicker solution, but one not supported by nearly as many services.
It also uses six-digit passcodes that can be used wherever Google Authenticator is accepted, but for some sites you simply login by tapping an alert on your phone.
It’s fast and seamless, and I’m honestly surprised it’s not more widespread.
Also, as a Michigander, I’m obliged to mention that Duo is based in the lovely city of Ann Arbor. Hashtag Midbest.
The trick with all of these one-time use password schemes like Google Authenticator is that they are tied to the specific device. You can’t transfer them if you get a new phone and if your phone is inoperative, you have to use backup passwords. You remembered to print those out, right? Twilio Authy is much more flexible.
It lets you transfer your Authenticator logins to another device within seconds, meaning you’re never locked out.
Though Duo is the most similar to LastPass Authenticator, there are some differences.
For one thing, we had trouble enabling Duo on a LastPass account when it was reviewed last year.
Setting up LastPass Authenticator, on the other hand, took about two minutes.
Duo sports Apple Watch integration, whereas LastPass Authenticator, sadly, does not.
Both offer the tap-and-login experience, though LastPass Authenticator only offers this when logging in to LastPass (or other LogMeIn service).
Duo can work with any site that decides to support it, but these are few and far between.
One important note for Duo, Google Authenticator, and LastPass Authenticator is that they require a smartphone or some other mobile device to function.
This is a bit awkward since it means you simply cannot log in to your account without your phone. LastPass Authenticator addresses this with a backup authentication option that sends a six digit passcode to a phone number you select via SMS. Of course, if you can’t use LastPass Authenticator because your phone is unavailable, this isn’t much help.
I really like that the app provides a backup authenticator option with SMS codes, but I wish I could designate a secondary multifactor option myself.
It would, for instance, be great to use my YubiKey when my phone fails.
Yubico’s YubiKey is an interesting proposition.
This physical device comes in two sizes: The YubiKey 4, which is about the size and thickness of a house key, and the YubiKey Nano, which is so small it sits nearly flush inside a USB port.
Both enter a lengthy one-time-use passcode whenever tapped.
It looks like this: “ccccccetdlvrjtbunhckucbtjvdeciggnlihdgfthdlt.” Unlike two-factor apps, a YubiKey can never run out of batteries, though like Duo it has seen precious little adoption.
The YubiKey Neo can authenticate certain Android devices thanks to NFC, but in general these are primarily a desktop and laptop solution.
That said, Editors’ Choice winner Dashlane is doing great things with the YubiKey and the new FIDO two-factor protocol, which effectively eliminates the need for a password in the first place.
Lord of the Authenticators?LastPass Authenticator brings a lot to the table.
For LastPass users, it is perhaps the simplest way to add critical multifactor authentication.
It’s also available for users of LastPass’ free version, and works anywhere Google Authenticator is accepted.
And because it adds two-factor authentication to LastPass, it effectively makes the rest of strong, unique passwords in LastPass that much more secure.
Outside of LastPass, LastPass Authenticator loses some of its luster.
Its one-tap feature works with only a scant number of services, unlike Duo.
It also further ties you to your phone as an authenticator.
If you’re the tech person in your family and have recently encouraged some or all of them to sign up for LastPass, get them started with LastPass Authenticator as well.
It’s easy, secure, and makes your entire digital identity that much more secure.
But I’m still witholding our coveted Editors’ Choice award until we’ve had a chance to explore this burgeoning space more closely.