Yes, basic has multifactor. I don’t believe you get fingerprint unlocking for free though. That’s the only feature I’d miss.
See, that to me is worth it. Because I’ve got a crazy master password that is a gigantic pain to type in on a phone.
Well you do get fingerprint/faceID unlocking on mobile, but you have to save your master password on the phone to do it, and I’m not comfortable doing that. I have a very long password also and I just deal with it. I save commonly-used passwords in Safari with Apple’s keychain and only use Lastpass for uncommon logins.
I backed up my iPhone and restored it back via iTunes; turned out Google Authenticator is not backed up nor was it stored in iCloud (for security reasons). That totally sucks because I have too many websites that I have turned out 2FA. Now that I have to do everything again, is there any other 2FA authenticator that somehow do allow transfer or restore?
Was your iTunes backup encrypted?
Authy (less secure as a result) backs it up to their cloud, verified with your phone # and a password.
My iTunes backup was not encrypted. It is actually surprising to me that Google Authenticator codes were not backup.
I’m considering LastPass Authenticator which does backup to cloud but I’m leery about putting all my eggs into LastPass, as I’m using it as my password manager.
If you do not encrypt your backup then iTunes backups do not contain any passwords. Not that I know specifically if the Google Authenticator “appdata blob” would be included with that. I thought it was common knowledge that the encryption for local backups was needed for any of that sort of info to be backed up. (Not faulting you for not knowing)
Looks like (at least in 2015) it does: https://dpron.com/recovering-google-authenticator-keys-from-ios-backups/
Use Authy. It backs all your keys up to the cloud and encrypts them with your password.
Lastpass Authenticator does that also, but I use 2FA to secure Lastpass and I agree, don’t want them both at the same spot. Also Authy is the only service supported by some sites like Humble Bundle.
Thanks… I will give Authy a try; seems pretty popular as well. It boggles the mind why Google does not provide cloud backup.
It’s a major pain in the ass. I had the same problem several times before I switched to Authy several years ago.
It’s a good time for me to move out of Google Authenticator - but I don’t even remember what are the websites I have turned 2FA on, sigh! Thanks @rei and @stusser and Merry Christmas to you!
Google botched it at least twice when a simple app update wiped the saved app data in the past year.
Another vote for Authy. It’s great.
I have to admit liking the simplicity of Google Authenticator’s interface. Authy has too big icons and the number is just so “in your face” big! Anyway, beggars can’t be choosers at this moment.
Most times when you use a 2FA code generator it will generate a recovery code in case you lose your device that had the code generator on it.
I copy-and-paste that recovery code into the notes section on LastPass. And LastPass is on my iPhone, which is automatically encrypted by Apple. And the LastPass vault is automatically encrypted on top of that.
It’s an eggs-in-basket situation, but I feel it’s still waaaay more secure than the way the vast majority of people operate on the Internet.
LastPass Authenticator is very similar to Google’s UI. But between stuff like the cloud backup (which I didn’t realize it had so when I switched phones I went around disabling 2FA only to find it remembered my old 2FA setup that was no longer valid, whoops), turning the numbers a different color for the last few seconds of validity, and hooking into LastPass’s mobile app for a couple things, I think it’s enough better to warrant the switch.
The only problem is that if someone hacked onto your Lastpass account, you will have both password and 2FA exposed. If you are not using LastPass as password manager, you are “safer”
Yeah but then if your Lastpass account is 2FA protected and your recovery code is in LastPass then you might end up in a bad spot if you need the recovery codes :P
No, because the LP login and recovery code is the one thing not kept in LastPass. It’s safely locked away somewhere, physically.
I guess that makes sense.
I have also been playing around with the idea of switching from Lastpass to something like Keepass + dropbox. Partly because I find managing non-web passwords a bit cumbersome (like database, server, and game passwords). I’ve also had some issues with Lastpass where it wasn’t syncing properly on one of my computers and I had to clear cache to fix it (and thus lost a couple of passwords created in that period). Haven’t committed though cause I’m not sure how much of a pain it will be to fully switch.