We're cross-posting this idea to gather feedback from LastPass Community members on the possibility of combining our Password Manager App with the LastPass Authenticator.
The idea being that users would be able to see all of their Passwords, Secure notes, Addresses, Payment cards, Bank accounts, Wi-Fi passwords, Software licenses & TOTP codes within a single application. The combined application would also be able to receive push notifications in the same way as the LastPass Authenticator Application works today.
Please feel free to comment here or on the linked 'Feature Enhancement' post so we can gage potential interest levels or drawbacks from merging the two apps together.
My first reaction was... Don't combine to one app. Keep them separate so that people have choice. Also, less potential for coding errors. But make the integration between services better. Have robust APIs. Enable push 2FA for all websites. Your browser extension should be able to detect the website I am on and offer the correct 2FA TOTP when I'm asked for it. Having to copy/paste seems archaic in these days! Good luck improving!
But now I am torn between the options. I would love to have TOTP suggested when asked by a website or app (desktop and mobile). And if combining into a single app is the only way to do this then great. Yes, there will be an issue around 2FA for LastPass itself if you combine the app.
My first reaction was...
I am completly OK with you
I was annoyed by the non ergonomic usage for both apps but you say exactly what I hope to see soon
Thaks for your contribution and Thanks for the LastPass Team to implement
I'm not very convinced about putting all the eggs in one basket.
How are you planning to provide the 2FA codes for Lastpass itself?
I am an Authy user and have never used LP authenticator. I know other password managers have the 2FA tokens and the password manager baked into the same app, but it doesn't necessarily mean it is the correct way to do things.
Personally, I like them to be separate, because I really don't want to put all my eggs into one basket. What I like to see is that the authenticator encrypts the secrets and syncs across devices.
Don't combine the apps. But do make it easier for LastPass to fill in TOTP in the browser.
@AshC Why does it have to be one combined app for it to "receive push notifications in the same way as the LastPass Authenticator Application works today"?
Why not just extend the "LastPass Authenticator Application"?
My initial response was... Combine your apps into no one. Separate them to give people an option. less chance for code mistakes, too. Nevertheless, improve service integration. dependable APIs. Make push 2FA available on all website. When I'm asked for a 2FA TOTP, your browser extension ought to be able to recognise the website I'm visiting and provide the appropriate one. Copying and pasting feels antiquated today! Good luck making progress!
However, I'm now torn between the choices. I wish a website or app could propose TOTP when I ask for it (desktop and krnl). And if integrating them into one app is the only way to achieve this, fantastic. Yes, there will be a problem with LastPass's 2FA.
Putting all of my eggs in one basket is not something I strongly support.
How do you intend to give Lastpass users the 2FA codes?
Though I use Authy, I've never used LP Authenticator. I am aware that several password managers integrate their 2FA tokens and password managers into the same pgsharp, however this does not necessarily mean that this is the best practise tinytask.