Add to browser.

Click Add extension above − it takes less than a minute to download!

Add to browserCreate Account

You're almost done.

Next, click the LastPass browser button above to create your account or log in.

Add to browserCreate Account
Log in and access LastPass using the browser icon.

Add to Firefox.

Click "Allow" then "Install" above. The installation takes
less than a minute! Next, you'll create your account, or log in if you already have one.

Step 1.

Click "Allow"

Step 2.

Click "Install" and LastPass will be installed in under a minute.

Step 3.

Create your account.

Is LastPass Authenticator Cloud Backup secure?

How is this secure?
The LastPass Authenticator database is protected with the same security architecture as the LastPass vault. In short, all sensitive data is encrypted using our local-only encryption model in which LastPass *never* knows your master password.


This type of encryption means that all sensitive data is encrypted and decrypted exclusively on the user’s local machine or device, rather than after the data syncs to LastPass’ servers. Sensitive data never touches LastPass servers in a way that can be visible to LastPass.
 
Is the MFA data encrypted?
Yes, the data is encrypted. LastPass allows users to choose which LastPass account will be used to store the backup data, then the Authenticator database is locally encrypted before uploading it to the LastPass servers. We use firewalls and best practices to protect the servers and service, as well as regular third party audits. The encrypted data is meaningless to LastPass and to anyone else without the decryption key.
 
Does this expose a vulnerability?
No, this does not increase the level of risk to a user’s credentials stored within LastPass when their LastPass account is protected with multifactor authentication. Enabling the cloud backup feature requires turning on multifactor authentication for your LastPass account.
 
When a user has MFA set up on their LastPass account, an attacker cannot restore second factor codes without first authenticating with the user’s device.
With or without cloud backup enabled, in order for an attacker to access one of your accounts they would need both your Master Password and possess the second factor device, ie a mobile phone.
 
If someone were to break into LastPass, a user’s MFA data is encrypted with the same AES 256-bit encryption used throughout LastPass.

*Please note that when you are attempting to restore from a backup that you choose the restore option and not the Enable Backup option as that will overwrite the current set.

Still Having Trouble?
Look for answers in our vibrant customer-to-customer community help forums.
Forums
View your account information and view the status of previously submitted support tickets.
View Tickets
Submit a support ticket and we'll get back to you as soon as we can!
New Ticket

Please review these answers to your question:

Still Having Trouble?
Look for answers in our vibrant customer-to-customer community help forums.
Forums
View your account information and view the status of previously submitted support tickets.
View Tickets
Submit a support ticket and we'll get back to you as soon as we can!
New Ticket

Browse through our FAQs:

Quantcast