Lastpass keeps asking to enter dual factor authentication

Hello,

What is your chosen two factor device?

Have you read Entry Types > Credentials > Types > LastPass , some configuration choices have a significant impact.

In your lastpass account, you should see a mobile device that you have authorized...

Best regards,

I'm having similar issues. I enabled the LastPass authenticator some months ago after having used Google authentication, and now every time RDM wants to access my credentials I have to approve it on my device. That's ok except that if I'm not holding my device ready to approve, RDM times out and I have to start again. It's very annoying.

Is there also no way to get RDM to request trusted access this way so I only have to approve once like before with the Google authenticator?

Hi,
I don't know if it's possible but we could investigate. How long does it take before it timeouts?

By the way LastPass does not provide an official SDK and we did our own implementation. This means that sometime we have limited in what we can do.

Regards

Not sure exactly I'll try and time it next time, but it's around 10-20 seconds maybe. It then pops up an message about "out of bounds authentication". I'll try and screenshot it next time.

Do you have anything in the log?

Regards

Yes, I exported the entries for today, where can I securely upload it to?

You can send me a private message

Regards

Done

Hello,

David assigned this issue to me and I'm taking a look at it. I have an idea of what we could do to for this but it might not work. I'll keep this thread updated on progress.

Regards,

After testing with LastPass authenticator, I found a few things we can do differently in RDM to make it easier to use.

We'll have the option to choose "Lastpass authenticator" as the two-factor option in the lastpass entry; you will need to select this two-factor mode or else it will not work.
There is something to note though and that is that we can't change the "timeout" for the push notification. What it will do though if it times out is ask you for the code the LastPass Authenticator app provides you (like when using Google Authenticator).

The change will be available in the next beta version of RDM.

Regards,

Thanks Hubert, at least this should be better than we have now.

Once released I will obviously test and report back how it goes.

Apologies for not reporting back sooner on the update for 2FA.

It's definitely more reliable and works every time, however that's only when I remember to be ready on my phone to approve it. Two things that would improve its use:

Hello,

Sorry for the delay.

Adding a prompt would be easy, though we'd have to think about how to best integrate it. If it's configurable per-entry it would prompt each time you open an entry with that setting enabled, which might not be what you want.

For RDM asking multiple times, is it when you connect to different machines using a different lastpass entry or is it when opening entries using the same lastpass entry?

Regards,

For me it happens every time I open RDM. Once application is running it's not asking anymore untill process is closed.

Hello,

Unfortunately at the moment we don't have a way to bypass this behavior. When RDM is restarted it will always prompt again the first time. This is also the case for Google Authenticator. Sorry about that.

Regards,

I did not have this issue untill I upgraded my computer. Is it recent development?

I checked and you're right, it used to work in previous versions but now on RDM restart it asks again. I'll check to see what we modified between then and now.

Regards,

It looks like we did change something in regards to the "trust this device" option and the issue will be resolved in the next RDM minor version update. I think this will also work for LastPass Authenticator as well as Google Authenticator since they are quite similar.

Regards,

Looks like the new option has simply added an extra step I need when approving, now I have a two-min counter that I also have to hit "Approve" on. However this still doesn't help the short timeout if my phone is not at hand, and I have to grab it etc. Isn't it possible for RDM the first time LastPass is used in a session to pop up a simple "Please have your authenticator to hand before proceeding" or something appropriate.

Hello,

Could you explain what you mean by adding an extra step? Unfortunately we don't have a lot of control over the behavior of the 2 factor authentication due to LastPass not providing a public API.

For the prompt before proceeding with the authentication, I'll discuss this with David.

Regards,

Next version of RDM will have an option in File > Options > Types > Credentials to show a prompt before the 2FA authentication in LastPass. The option is turned off by default. We would appreciate feedback on the feature to know if it's appropriate for your use case.

Regards,

Sorry for the delay, the prompt works perfectly, many thanks :)