Install and log in to LassPass
This guide explains how to install, log in and set up multifactor authentication in the password manager, LastPass.
This guide is aimed at...
- Staff only
Before you start
- You should have contacted the Information Security Group and requested to have a LastPass account created for you. You should also have received an email reply from them with further instructions.
- You will need to have LastPass installed on your device. Download the browser plugin from LastPass and/or the app from the app store for your mobile. If you are using Desktop @ UCL, this has already been done for you.
1. Create a Master Password
You should have received an email from the Information Security Group with an activation link. This is a prompt to create a strong, unique Master Password. Follow the instructions in the email.
Use a password that's memorable because LastPass won't save it for you. It's the only password you have to remember.
LastPass recommend using a "passphrase" for your Master Password, like tony$growler$venT$15 - it's meaningless to others and difficult for hackers to guess, but something you can commit to memory.
2. Log in to LastPass via your browser or app on your phone
2.1. LastPass via your browser
2.1.1 If you haven't already done so, download the browser plugin from LastPass. If you are using Desktop @ UCL, this has already been done for you.
Once you’ve downloaded and installed LastPass, the extension appears in your browser toolbar.
2.1.2. To log in to your account and start using all of the LastPass features, click on the grey LastPass icon in your browser toolbar.
2.1.3. Enter your email address and your LastPass Master Password, then click Log In.
Once you're logged in, the LastPass icon will turn red to indicate a successful login.
As you start logging in to websites, LastPass will ask to save those logins for you. When you return to those websites, LastPass will recognise them and enter the login for you.
The LastPass extension includes a drop-down menu where you can open your Vault, search your saved items, generate new passwords, and more.
A summary of this can be seen in the Meet the browser extension video (from LastPass):
2.2. LastPass via the app on your device
2.2.2. Open the app and enter your email address and Master Password.
|For iOS 8 and above, the LastPass app syncs all of your passwords and stored data across your iOS devices - from your iPhone to your iPad, Apple Watch and iPod Touch.||The LastPass Android app syncs all of your passwords and stored data across any device running Android 4.0 or later device.|
In order to be able to verify that you have access to the email address you use for your LastPass account, you are required to verify it at least once. The system will send you an email containing a verification link.
2.2.3. Open the email and tap the verification link.
2.2.4. Switch back to the LastPass app, then enter the email address and Master Password once more to be authenticated.
These settings will continue to be saved and will no longer require you to verify your identification via email from this device unless you choose to clear you mobile device configuration settings.
For more information, see Using LastPass on your iPhone and Android devices video (from LinkedIn Learning):
3. Enable multifactor authentication
Multifactor authentication is a feature that asks you for more than just your email address and Master Password when you log in. Its another layer of protection. We highly recommend that you use two-factor authentication with LastPass, this helps to protect against risks such as key logging software. By using two-factor authentication if someone was to get your LastPass password they would not be able to access your account without your authenticator code. LastPass allows you to use authenticators such as Google Authenticator, LastPass Authenticator and many others.
3.1. If you've not already done so, log in to LastPass on your browser.
3.2. In your web browser toolbar, click the LastPass icon.
3.3 Click Open My Vault.
3.4. Click Account Settings.
3.5. Click on the Multifactor Options tab.
3.6. Click on the Edit icon to the right of your desired Multifactor option. These instructions outline the steps for LastPass Authenticator only.
3.7. For the Enabled option, select Yes from the drop-down menu.
3.8. For the Permit Offline Access option, use the drop-down menu to choose from the following:
- Select Allow if you wish to allow access to LastPass even when you are offline. This will store an encrypted Vault locally so you can log in without using Multifactor Authentication in case of a connectivity issue.
- Select Disallow to prevent offline access, which requires the use of Multifactor Authentication and to be connected to the internet when using LastPass.
Note: If this option is selected and you are not connected to the internet and/or LastPass is not available, you will be unable to access your Vault.
3.9. When finished, click Update.
3.10. Enter your Master Password, then click Continue.
3.11. When prompted, click Enrol.
3.12. When a new web browser window or tab appears, click Set up mobile app, then proceed to next steps.
Set up the LastPass Authenticator app
3.14. On your web browser window, click Next to proceed with the enrollment, then open the LastPass Authenticator app on your mobile device.
3.15. If you have already used LastPass on your phone for a different account or application, tap Add new account. Otherwise, do the following:
- Tap the Add icon on the bottom of your device screen.
- Tap Scan Barcode.
- Using your mobile device's camera, scan the barcode displayed on your web browser window.
- From your computer, click Set up text message.
- Enter your mobile number and click Next.
3.16. A text message is sent to your mobile device containing a verification code. Enter the code into your web browser, then click Finish text setup.
3.17. Click Activate, then Done.
3.18. In your Vault, click OK on the confirmation messages.
From now on you can verify your login in the following ways:
- On your mobile device, tap Approve in the Mobile Authenticator app to verify your login, which automatically logs you in to your LastPass account on your web browser. If desired, check the box to enable the option, Trust this device for 30 days and provide a device name, then click Authenticate.
- On your web browser, enter the 6-digit code displayed in the mobile app. If desired, check the box to enable the option, Trust this computer for 30 days and provide a computer name, then click Authenticate.
- On your web browser, click Send SMS passcodes to have an SMS message containing a verification code sent to your mobile device. Once received, enter the code in your web browser, (if desired, check the box to enable the option, Trust this computer for 30 days and provide a computer name) and click Authenticate.
Help and support
- View help guides on the official LastPass website.
- View the tutorials in LastPass (click on the Tutorials tab).