After a couple of years of using Lastpass with few if any issues, I installed the Authenticator 2.0.3 update on my iPhone yesterday and it seems to have totally broken things.
Has anyone else seen issues with this? I don't see rioting in the streets so maybe just me.
When I try to log in to Lastpass it sends the usual push notification to the (new looking) authenticator app. I click on accept, but it never gets back to the computer, or to my phone and times out. Trying to open the authenticator itself it seems to have lost the configuration/data with the upgrade -- to restore the Authenticator from backup, I need to log into my Lastpass account which needs my 2FA ... circle of death.
Most of the support instructions seem to be focused on recovering a forgotten master password. I know mine, no problems, the problem is with the 2FA. But I figured maybe I need to reset the password, get back in with no 2FA to break the circle, then I can enable 2FA again once I'm in.
However even the password recovery is not working.
- FaceID recovery passes FaceID ok but then a red circle just spins and eventually times out. No help there.
- I selected SMS me a code, but nothing arrived.
- Call me .. phone never rang
- email me a hint .. nothing arrived
I've opened a support ticket but no response so far.
Any suggestions on how I can get back in?
Thanks in advance for any advice,
After 14 hours (they call this 24x7 email support??) I finally got a response from lastpass support saying, on the MFA screen where you would normally enter the 6 digit code, to select Additional Multifactor Options then specify that I had lost my authenticator app.
The only problem is that there is no such Additional Multifactor Options on that screen, or any other screen I can find, on Lastpass on my iphone, Mac app, Safari or Chrome plugins. The only options I do have in that location are options to "Send me an SMS passcode" or "Call me". Both of which I've tried several times with no effect - no messages or calls received.
I responded to tell them this, and to ask for another solution but another 13 hours have already passed since my response with no further update from LastPass.
Really I think that as a paid customer for an application like LastPass which can block access to all or a user's systems and applications, this level of support is just not good enough. The company claims to provide 7x24 email support -- I don't think that's what they're delivering.
If anyone has any suggestions, or any ability to poke lastpass support, I really appreciate it.
It's now 30 hours since I responded saying "that doesn't work - what else". No response whatsoever from "24x7" support.
I did also track down the phone number and called. Without any knowledge of who I was or what support level I was waiting for, the system just directed me to the web site and hung up.
The sad and scary thing is that looking through the forums I see everyone else has been waiting much longer for any response .. days to weeks.
I must conclude like everyone else that there is no longer any operating LastPass support.
Sad thing for what used to be a good product.
Had the same issue here after the 2.0.3 update, however the 'other options' and send SMS code worked for me to get back into authenticator.
Weirdly the backup it restored was an old one -- from months ago -- and not my most recent list of 2FA sites, so once I remember which ones I added since that backup, it's gonna be a fun time getting back into those systems.
I *really* don't like that a) the Authenticator app can just lose all your locally stored data like that, and b) the only method of recovery at that point is via text message.
These are two really poor points in the Authenticator app usage process.
And of course to have authenticator redirect to LastPass app which redirects back to Authenticator is just piss-poor human computer interaction right there.
Glad to hear the recovery option worked for you.
Good to know as well that this option does at least work for some people. I was wondering whether that was broken in general or just for me. It's possible that I had disabled text message codes since I don't like using them -- especially for something important.
Yes it's definitely a stupid design to have the backups depend on accessing a source you probably cannot access if you need the backups. I think once I get back in (eventually) I will look at moving to a different authenticator .. if I don't leave LastPass altogether. This complete lack of support is really not acceptable for such a critical application.
@hounddogYeah, I hear that. I often disable SMS recovery options as well, particularly because when travelling and using a different SIM card, I don't have easy (nor often cheap) access to my cell phone number.
There definitely needs to be an alternate way to recover that data. IMO the simplest way to accomplish this is to store that backup of the LA data in your LastPass vault data. That way, worse case scenario, you login to LastPass in offline mode and it recovers the data that way. I tried this numerous times when attempting to get this working again, and logging in via offline mode did not work -- it simply kept sending me back to the LA app, then back to LastPass app, and back to LA app in an endless loop. Not even an error saying something like "Your LA data isn't available when offline"
Alternate options to recover (rather than offline LastPass) could be email code (rather than text), or perhaps some form of recovery code that is stored when you first set up LA (similar to BitCoin wallet codes).
That being said, I still don't like the idea that an update to LA will just wipe out your data like that. This is especially true when you can easily switch phones, restore from backup and your LA data is still there. One would think that the *only* acceptable scenario in which an app should lose your data like that is if you wipe your phone and start anew without recovery from backup.
I agree with you. However, I still think that the most unforgivable and inexcusable failure here is the almost complete lack of support (with the one exception of Glenn here in the community and on twitter! Thanks Glenn.)
Any software product/service will break at some time. It's how the companies respond when they break that sets out the good companies from the bad. Unfortunately, despite Glenn's best efforts, LastPass doesn't seem to be living up to their commitments.
oh, in case @GlennD or any of the others from team LastPass are looking here, my ticket is 15706199 - hopefully you might be able to poke the L2 guys please!