For convenience, I am using LP Authenticator (for a 1 tap authentication on my phone) and Authy as a backup (I can access Authy not only on my phone, but in a browser, an iPad, etc. in case I lose my phone).
I’m thinking for good measure I will set up a 3rd way…using the paper Grid which I would keep in my wallet without any labels so no one would really know what it is if my wallet gets stolen.
My question is this (which I couldn’t seem to find after doing various internet searches)…if I set up a 3rd method to do 2FA, will LP also use this if my first two methods don’t work? I know you set the default method in LP and if you can’t use that, it triggers the next method. How does it chose the next method? Will it exhaust all methods if you have more than 2 or just choose one and then give up after that?
I don’t know the answer, but I just wanted to comment that if you stop paying for LastPass, the 2FA magically evapourates. I was paying for it when it was $1/mo mostly so I could use a Yubikey, and when they tripled the price and I stopped paying, it stopped prompting for my Yubikey, but in every other way remains functional. (I presume it would stop working on a mobile, as that is part of the premium, but I never used it that way anyway.)
I may be doing this wrong, but I don’t think it works as you are expecting.
I set up 3 multifactor options.Lastpass Authenticator, Google Authenticator, and the grid feature.
When I try to log in, the only one it offers is Lastpass Authenticator. It will not accept the Google Authenticator code. And, the only options it allows with Lastpass Authenticator entry is to verify login with app, enter code from app, or request an SMS code.
So I went back into the multifactor setup, and clicked on the info button, and got to a statement about multiple multifactor option use.
At the bottom of the multifactor setup page, there is a default multifactor option selection. You can only select one. Seems like it defaulted to Lastpass, because I hadn’t selected one.
I then selected Google Authenticator. This time when I got the request to authenticate with Google Authenticator app, there is a “Lost my device” choice. They then send you an email, with a link to disable authenticating with Google. If you then try to login, it defaults to Lastpass Authenticator.
Since I can’t get around the Lastpass Authenticator option at this point, I don’t know how I would get back in if I did not have access to my phone.
Thanks for testing that. And yes, your last statement is what I am wondering as well. If you didn’t have your phone at that point, you could not enter the # from the LP authenticator app (nor could you get the SMS code). You would expect it to allow you to then have a selection to enter one of your grid codes, but I can see from the photo, it doesn’t.
So, this seems to me like a dead end unless if you contacted support and they forced a way to reset it to allow you to use your grid code? Who knows, but this seems worrying.
As I mentioned in a separate post, there is still a potential security issue by using the LP Authenticator app…it always allows you to get an SMS. So, I disabled that function and now I use Google Authenticator and the Grid codes. I’ll keep the grid codes in my wallet without any mention of what it is. I think this is the best way to set up a backup 2FA (in addition to using Authy which allows you to access Authy from a web browser or another device).
Kind of a shame. I liked the LastPass Authenticator feature where you simply opened the app and clicked OK to authenticate. Like the similar feature on Google.
