After a couple of years of using Lastpass with few if any issues, I installed the Authenticator 2.0.3 update on my iPhone yesterday and it seems to have totally broken things.
Has anyone else seen issues with this? I don't see rioting in the streets so maybe just me.
When I try to log in to Lastpass it sends the usual push notification to the (new looking) authenticator app. I click on accept, but it never gets back to the computer, or to my phone and times out. Trying to open the authenticator itself it seems to have lost the configuration/data with the upgrade -- to restore the Authenticator from backup, I need to log into my Lastpass account which needs my 2FA ... circle of death.
Most of the support instructions seem to be focused on recovering a forgotten master password. I know mine, no problems, the problem is with the 2FA. But I figured maybe I need to reset the password, get back in with no 2FA to break the circle, then I can enable 2FA again once I'm in.
However even the password recovery is not working.
- FaceID recovery passes FaceID ok but then a red circle just spins and eventually times out. No help there.
- I selected SMS me a code, but nothing arrived.
- Call me .. phone never rang
- email me a hint .. nothing arrived
I've opened a support ticket but no response so far.
Any suggestions on how I can get back in?
Thanks in advance for any advice,
After 14 hours (they call this 24x7 email support??) I finally got a response from lastpass support saying, on the MFA screen where you would normally enter the 6 digit code, to select Additional Multifactor Options then specify that I had lost my authenticator app.
The only problem is that there is no such Additional Multifactor Options on that screen, or any other screen I can find, on Lastpass on my iphone, Mac app, Safari or Chrome plugins. The only options I do have in that location are options to "Send me an SMS passcode" or "Call me". Both of which I've tried several times with no effect - no messages or calls received.
I responded to tell them this, and to ask for another solution but another 13 hours have already passed since my response with no further update from LastPass.
Really I think that as a paid customer for an application like LastPass which can block access to all or a user's systems and applications, this level of support is just not good enough. The company claims to provide 7x24 email support -- I don't think that's what they're delivering.
If anyone has any suggestions, or any ability to poke lastpass support, I really appreciate it.
It's now 30 hours since I responded saying "that doesn't work - what else". No response whatsoever from "24x7" support.
I did also track down the phone number and called. Without any knowledge of who I was or what support level I was waiting for, the system just directed me to the web site and hung up.
The sad and scary thing is that looking through the forums I see everyone else has been waiting much longer for any response .. days to weeks.
I must conclude like everyone else that there is no longer any operating LastPass support.
Sad thing for what used to be a good product.
Had the same issue here after the 2.0.3 update, however the 'other options' and send SMS code worked for me to get back into authenticator.
Weirdly the backup it restored was an old one -- from months ago -- and not my most recent list of 2FA sites, so once I remember which ones I added since that backup, it's gonna be a fun time getting back into those systems.
I *really* don't like that a) the Authenticator app can just lose all your locally stored data like that, and b) the only method of recovery at that point is via text message.
These are two really poor points in the Authenticator app usage process.
And of course to have authenticator redirect to LastPass app which redirects back to Authenticator is just piss-poor human computer interaction right there.
Glad to hear the recovery option worked for you.
Good to know as well that this option does at least work for some people. I was wondering whether that was broken in general or just for me. It's possible that I had disabled text message codes since I don't like using them -- especially for something important.
Yes it's definitely a stupid design to have the backups depend on accessing a source you probably cannot access if you need the backups. I think once I get back in (eventually) I will look at moving to a different authenticator .. if I don't leave LastPass altogether. This complete lack of support is really not acceptable for such a critical application.
@hounddogYeah, I hear that. I often disable SMS recovery options as well, particularly because when travelling and using a different SIM card, I don't have easy (nor often cheap) access to my cell phone number.
There definitely needs to be an alternate way to recover that data. IMO the simplest way to accomplish this is to store that backup of the LA data in your LastPass vault data. That way, worse case scenario, you login to LastPass in offline mode and it recovers the data that way. I tried this numerous times when attempting to get this working again, and logging in via offline mode did not work -- it simply kept sending me back to the LA app, then back to LastPass app, and back to LA app in an endless loop. Not even an error saying something like "Your LA data isn't available when offline"
Alternate options to recover (rather than offline LastPass) could be email code (rather than text), or perhaps some form of recovery code that is stored when you first set up LA (similar to BitCoin wallet codes).
That being said, I still don't like the idea that an update to LA will just wipe out your data like that. This is especially true when you can easily switch phones, restore from backup and your LA data is still there. One would think that the *only* acceptable scenario in which an app should lose your data like that is if you wipe your phone and start anew without recovery from backup.
I agree with you. However, I still think that the most unforgivable and inexcusable failure here is the almost complete lack of support (with the one exception of Glenn here in the community and on twitter! Thanks Glenn.)
Any software product/service will break at some time. It's how the companies respond when they break that sets out the good companies from the bad. Unfortunately, despite Glenn's best efforts, LastPass doesn't seem to be living up to their commitments.
oh, in case @GlennD or any of the others from team LastPass are looking here, my ticket is 15706199 - hopefully you might be able to poke the L2 guys please!
Not sure if you managed to get this resolved or progressed any further?
I have exactly the same problem since the upgrade to Last Pass Authentication to version 188.8.131.529 since then it loses all the accounts within it, and on a regular basis.
Thankfully, the accounts have recovered from the backup but this is making me very nervous and my confidence in Last Pass and the Last Pass Authenticator is dissipating more each time this occurs, does anyone know how I can take a manual back up of the secret codes for all the accounts in my Authenticator App just in case, for some reason, the recovery from backup fails.
I have a support ticket running with LastPass Case: 15744455 but as per the originator of tis thread the response times are far from being commercially acceptable, on the 27th July they told me that they will be consulting this with our support team and will be running a few tests to try to reproduce and solve this for you.’
In a single day since they wrote back to me I have lost the authenticator accounts on my iPhone a further 4 times.
Not great at all, if @GlennD could chase this for me that would be appreciated too 😉
Hi @c8rls and sorry that you've also suffered with this.
So eventually after a week of downtime the support team removed the 2FA from my account so I was then able to get back in to my account and to then recover the configuration of the authenticator.
Since then I have enabled a different 2FA application. Although it's less convenient than using the LastPass one with the push notifications, I won't trust the LastPass Authenticator until I see an update that mentions it is fixing the configuration loss issues in the current version.
I need to do more research to understand how it works when you have multiple 2FA apps configured and what happens when one of them fails to know if this is a safer recovery option. Lastpass support recommended enabling SMS as a recovery option but in my view that's stupid and dangerous and the fact that they recommend this reduces their credibility in my eyes. To me, this is the same as having 2 very high-end locks to secure your front door, then leaving a window open in case you lose the key.
However more importantly than this, I need to decide whether I will remain using LastPass at all, or whether I will take the painful step of moving everything to another password manager app. A password manager is so central to work and home functions that it's critical, if a problem arises, that dependable support is available. That's why I have a paid subscription and not free software. Sadly it's become very evident from my own experience and from the shared experiences of pretty much everyone in this forum in recent times, that LastPass no longer provides an acceptable level of support. I need to try to investigate which out of the competing password managers do better in this area.