Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

JD2015

macrumors 6502a
Sep 16, 2014
849
526
Curious why you recommend not using lastpass authenticator?
If someone was to crack your password to lastpass, then it gives them access to the lastpass Authenticator if using their inbuilt one. They then have full access to everything. Using a different software or hardware authenticator removes this risk as adds in another obstacle. They would then have to get access to the Authenticator of choice also. I also set up a specific email for the last pass account to make it even less likely that someone can guess my login details. Just little things I seen people suggest over the years to secure your password manager of choice.
 
  • Like
Reactions: circatee

VineRider

macrumors 65816
May 24, 2018
1,419
1,251
If someone was to crack your password to lastpass, then it gives them access to the lastpass Authenticator if using their inbuilt one. They then have full access to everything. Using a different software or hardware authenticator removes this risk as adds in another obstacle. They would then have to get access to the Authenticator of choice also. I also set up a specific email for the last pass account to make it even less likely that someone can guess my login details. Just little things I seen people suggest over the years to secure your password manager of choice.
I see your logic about adding another obstacle. However, if you have two factor authentication turned on, a person cannot get into your LastPass account to restore the backup. I tested this by logging out of LastPass vault and then installed the authenticator onto an iPad that didnt have the authenticator installed. To restore the authenticator backup requires logging in to LastPass and I couldn’t do that without two factors of authentication.

Logging in to my LastPass vault required either a code from the authenticator app or an sms code sent to my phone. You cannot restore the authenticator backup without first logging into the vault. A catch-22 if you don’t have both authentication factors.

So, unless someone has my password and my phone, they cannot get into LastPass to restore the authenticator backup. Also, if they don’t have both authentication factors they cannot get into my vault to begin with.
 
  • Like
Reactions: JD2015 and circatee

circatee

Contributor
Nov 30, 2014
4,492
3,048
Georgia, USA
Have you ever exported from LastPass to 1Password, and did your LastPass items have attachments, too?
It seems to export from LastPass to 1Password, this is done as a .csv file. Well, I have Notes that have attachments. In my initially testing, those attachments are not exported. Are we saying I'd have to manually check all my Notes, and copy those attachments over...?

I feel so tired just thinking about it...
 

VineRider

macrumors 65816
May 24, 2018
1,419
1,251
Have you ever exported from LastPass to 1Password, and did your LastPass items have attachments, too?
It seems to export from LastPass to 1Password, this is done as a .csv file. Well, I have Notes that have attachments. In my initially testing, those attachments are not exported. Are we saying I'd have to manually check all my Notes, and copy those attachments over...?

I feel so tired just thinking about it...
I’ve never done that.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.