cancel
Showing results for 
Search instead for 
Did you mean: 
cyanid3
New Contributor

Getting locked out repeatedly due to 2FA issues

Alright, so I had 2FA enabled on my phone for a long time now.

Yesterday, Lastpass decided to stop accepting the 2FA codes generated by the application (Authy in this case)
I clicked on "Send SMS Passcode". The SMS never arrived.
I clicked on "Lost device, disable multi factor authentication", it sent a link to my email after confirming my master password. The link does not work.
I contacted support who were kind enough to disable 2FA on my account.

Today, I re-enabled 2FA on my phone. It accepted the 6 digit code generated by my phone when activating the 2FA option.
Enabled multiple other 2FA options (Grid, Transakt, Lastpass Authenticator). All activated without issues. Set Lastpass authenticator as default. It's supposed to receive Push notifications, I believe. Not sure.
Tried to log out, then log in again.
No Push notifications arrive.
2FA code does not work.
SMS passcode does not arrive.
Disable link does not work.
No alternate options are provided to log in (Grid, Transakt, Google Authenticator)

This is unbelievable. I've reopened the support ticket. Will not be closing it until SMS passcodes and disable 2FA links start working. I'm lucky that I have alternative devices that are currently logged in. Is this some level of complacency after being bought out by LogMeIn? Or is it just something that was always the case but never stumbled upon by me?
9 REPLIES 9
Rolo
New Contributor

Re: Getting locked out repeatedly due to 2FA issues

The Google authenticator I've used for a long time suddenly stopped working (invalid code) after I added the LastPass authenticator (I kept Google authenticator enabled).

I verified that Google was still enabled and that I was using the correct private key; it just doesn't work anymore.

I'm afraid to remove/re-add it for fear of that blowing up the LastPass authenticator but I will have to deal with it soon. The problem with the LastPass authenticator is that it is a single-point-of-failure that does 'fail' in that my phone is regularly wiped/re-flashed or replaced, putting me in a self-contradictory position that I will be unable to restore my LP authenticator since I will need a working LP authenticator to log into LP to restore the authenticator...

With the Google authenticator, I can replicate it at-will by using WinAuth, which I have on my desktop, laptop, and Surface, so I'm never stranded (I don't actually use Google's authenticator anymore).

Re: push notifications. I kinda got them. I had the LP auth app open already and it did pop up in the app. It was either delayed or it didn't push until after I typed a name and checked the trust box.
jonat
Active Contributor

Re: Getting locked out repeatedly due to 2FA issues

Google Authenticator is much more a "single-point-of-failure" in that, unlike LastPass Authenticator (and Authy), it has no provision for backing up or transferring the "seeds" to another device. I would not be astonished if enabling LastPass Authenticator effectively disables Google Authenticator since they both use the same mechanism and you would have generated a new "seed" when you enabled LPA. (What everyone refers to as "Google Authenticator" is really an open standard.) Perhaps the LastPass account settings interface doesn't properly account for that.

I use Authy for services that support this kind of 2FA, but use Duo Security for LastPass itself. I also have set a Security email address and checked that it works.
cyanid3
New Contributor

Re: Getting locked out repeatedly due to 2FA issues

As of this point, I'm using Transakt as it sends push notifications (which actually arrive). My only quibble is the pointlessness of enabling multiple 2FA options. If the default one has issues, there's no way to use any of the enabled alternate 2FA methods.
Rolo
New Contributor

Re: Getting locked out repeatedly due to 2FA issues

"jonat" wrote:
Google Authenticator is much more a "single-point-of-failure"...

I don't use Google authenticator itself; I use WinAuth, which emulates it. I keep a local encrypted offline backup as well as have it installed on my desktop, laptop, and Surface. If I lose all those, I'm likely dead anyway. 😉

WinAuth is also the only thing I've found that also emulates Blizzard's goofy authenticator (and a few other gaming ones).

Additionally, I don't use my smartphone much.
jpenny84
Respected Contributor

Re: Getting locked out repeatedly due to 2FA issues

You can only use one multifactor authentication method at a time.

https://lastpass.com/support.php?cmd=showfaq&id=5686
Rolo
New Contributor

Re: Getting locked out repeatedly due to 2FA issues

"jpenny84" wrote:
You can only use one multifactor authentication method at a time.

https://lastpass.com/support.php?cmd=showfaq&id=5686


Thank you; I was looking at the documentation but didn't find anything.
cyanid3
New Contributor

Re: Getting locked out repeatedly due to 2FA issues

You can only use one multifactor authentication method at a time.

https://lastpass.com/support.php?cmd=showfaq&id=5686


Unfortunately, the email to disable 2FA does not work and is accepted by LastPass as being an issue that they're working on. Hence the main issue.
vikramp
New Contributor

Re: Getting locked out repeatedly due to 2FA issues

Hi 

 

Case Id 17681402

 

I am not able to get inside last pass due to two factor authentication. I have a new mobil.e  number

AshC
GoTo Moderator

Re: Getting locked out repeatedly due to 2FA issues

@vikramp  It looks like Customer Support was able to disable 2FA for your login, but let us know if there are any other issues. 

 


Ash is a member of the GoTo Community Care Team.

Was your question answered? Please mark it as an Accepted Solution.
Was a post helpful or informative? Give it a Kudo!