2-Step for Shared Entries (TOTP)
Overview
There are a variety of options that services can offer for completing 2-step verification, including:
- App-based authentication (e.g., Microsoft Authenticator, Google Authenticator, Duo)
- via notifications and/or one-time passcodes (OTPs)
- Phone calls
- Texting/SMS codes or special links
2-step authentication on shared accounts can be a lot to coordinate, but LastPass offers an option to simplify this: Time-based One-Time Passwords (TOTP). TOTP is a 2-step authentication option that can be added to the password entries in your vault. This feature ties the verification process to the LastPass platform instead of a single device, which can make it easier for a group to complete 2-step prompts.
2-Step / TOTP
TOTP is available for password entries in your vault if the service can use an authenticator app, such as Google Authenticator or Microsoft Authenticator. Like all LastPass vault records, the codes are encrypted, backed up and securely synced to all your devices.
- LastPass generates 6-digit one-time passcodes using SHA-1 algorithm, and these codes are regenerated every 30 seconds
- TOTP codes generated from the LastPass Authenticator mobile app are completely separate from TOTP codes generated from your LastPass vault, and cannot be used interchangeably for authentication
- TOTP codes are only supported for site entries in your vault (i.e., not support for secure notes or items)
- If your computer's clock is not synced with universal Internet time, it could cause the TOTP code to be invalid and you may encounter an error when entering it
You can set up 2-step Authentication for a shared password directly within the LastPass vault entry so that everyone with the shared entry can complete the 2-step prompt without needing to contact someone else for the code.
Setting up TOTP
When prompted to set up 2-step by a service, look for the secret key and copy it.Select the Enter your secret key button on the Edit password screen.Paste or enter in the secret key and then select Activate. Once you see the dots for the 6-digit in the One-time passcode field for the entry, save the password entry.
Using TOTPNow that the 2-factor has been set up for the vault entry, all users with that entry can copy the TOTP to their clipboard to provide the one-time passcode for login.
What if a site only allows phone or email verification?
If you need 2-step for a shared credential that doesn't offer app-based authentication, consider using a shared email like a distribution list to set up the account. If an existing distribution list doesn't fit well for the team who needs access, contact IT for options.
Related Articles
Shared Entries and Folders
Sharing Options There are two approaches for sharing LastPass vault entries. Here is a basic summary to help you decide which is best for the situation: Individual Entries Shared Folders More control over viewing rights for individual password ...LastPass Families as a Benefit
Your LastPass account with Abdo includes a FREE LastPass Families account. Taking advantage of this perk outside of work is encouraged and completely voluntary. The increased security of your personal accounts and information not only benefits you, ...LastPass: Basics
Overview Just like you are expected to use your email and other important applications that are part of your job, you are expected to use LastPass for the increased security of firm and client information. LastPass is a password manager that works ...Configuring LastPass Preferences
LastPass is both an online service and an extension that runs locally in your web browser to provide service, even if online access to LastPass is unavailable. Some of the settings cannot be changed per organization policy, but you still have a fair ...LastPass Extension Troubleshooting
The LastPass extension has a separate cache from your browser cache. If your LastPass browser extension is not displaying content or behaving abnormally, you can clear the extension cache. 1. 2. 3. Once the extension cache has been cleared, you ...