AUTHENTICATE WITH GOOGLE
We’re going to highlight the Google Authenticator as a prime two-factor authentication (2FA) tool. Install it on your phone, then fire up the service you want to protect with 2FA. LastPass uses Google Authenticator (among others) to do so. Using that as an example, head to LastPass Vault > Account Settings > ‘Multifactor options’. Click the Edit button and Enable it. Use the Barcode option to display a QR code. On your phone, open Google Authenticator, tap ‘+’ and click ‘Scan barcode’, then point your phone at the on-screen QR code. You should now find that LastPass has been added to Google Authenticator.
Anytime someone tries to access your LastPass Vault from a new device, they must enter the current code (this updates every 30 seconds) before access is granted. There’s an option to allow access for 30 days, before another 2FA prompt appears on that device. Without your phone, there’s no access.
2FA is great, but does have a couple of caveats. Firstly, the service using it mustn’t be monumentally stupid. It was discovered that some services could have 2FA circumvented by simply calling up and providing some basic personal information, making the use of 2FA more security theatre than actual security. The second is that potentially the 2FA code is locked to the one phone. Technically, a rooted Android device enables you to transfer the Google Authenticator secrets, but if you get a new phone, ensure you disable 2FA on your services, before wiping your old one. Otherwise, you could be locked out of vital services. LastPass keeps the QR code secret, so you can have it on multiple devices, and transfer it later on – provided that you can log in, of course.
Because of the magical nature of cryptography maths, many services also offer offline access options, usually via a bank of single-use passcodes that you can print or scribble down, and keep safe somewhere. This means that if your phone is lost, stolen or broken, you will still be able to access your accounts.