We're cross-posting this idea to gather feedback from LastPass Community members on the possibility of combining our Password Manager App with the LastPass Authenticator.
The idea being that users would be able to see all of their Passwords, Secure notes, Addresses, Payment cards, Bank accounts, Wi-Fi passwords, Software licenses & TOTP codes within a single application. The combined application would also be able to receive push notifications in the same way as the LastPass Authenticator Application works today.
Please feel free to comment here or on the linked 'Feature Enhancement' post so we can gage potential interest levels or drawbacks from merging the two apps together.
My first reaction was... Don't combine to one app. Keep them separate so that people have choice. Also, less potential for coding errors. But make the integration between services better. Have robust APIs. Enable push 2FA for all websites. Your browser extension should be able to detect the website I am on and offer the correct 2FA TOTP when I'm asked for it. Having to copy/paste seems archaic in these days! Good luck improving!
But now I am torn between the options. I would love to have TOTP suggested when asked by a website or app (desktop and mobile). And if combining into a single app is the only way to do this then great. Yes, there will be an issue around 2FA for LastPass itself if you combine the app.
My first reaction was...
I am completly OK with you
I was annoyed by the non ergonomic usage for both apps but you say exactly what I hope to see soon
Thaks for your contribution and Thanks for the LastPass Team to implement
I'm not very convinced about putting all the eggs in one basket.
How are you planning to provide the 2FA codes for Lastpass itself?
I am an Authy user and have never used LP authenticator. I know other password managers have the 2FA tokens and the password manager baked into the same app, but it doesn't necessarily mean it is the correct way to do things.
Personally, I like them to be separate, because I really don't want to put all my eggs into one basket. What I like to see is that the authenticator encrypts the secrets and syncs across devices.
Don't combine the apps. But do make it easier for LastPass to fill in TOTP in the browser.
@AshC Why does it have to be one combined app for it to "receive push notifications in the same way as the LastPass Authenticator Application works today"?
Why not just extend the "LastPass Authenticator Application"?
Really sorry to say this but in the light of recent events LastPass (management and technical) have shown a lack of care and competence in keeping our data safe. Assuming that this is still the case, don't do anything too radical in one go. So, take it slowly. Test and retest. Have a staged roadmap that we can all see, comment on and buy into. So, don't combine the apps straight away but provide a link that enables TOTP to be suggested and filled by the LastPass browser extension. And get that right first before moving on. And don't leave unencrypted backups of your whole business on old servers.
I'm concerned as having them separate makes sense, and why is that?
I want my Vault separate than the App. Often we need the App to authenticate into the Vault, if you combine them, how do you restore? We have users use a diff factor to get into vault, then download App, then restore app settings from Vault, then re-activate using their App LP authentication again.
If you take that 2step away, it makes it harder to get into the vault to establish the process cleanly to restore/reinstall.
I'd love to say I'd like LP to consider a user guide on how to recover/restore and what MFA/2FA would need to be activated to make that a smooth process, but I know that's expecting something that won't be produced unless it's a partner org (like mine). 😞
I'm getting old and trying to keep up with, technical, I've been into computer for the last 25 years, but it slow creeping up on me too fast, and NON understand all this new technology, please left as be for now.