SMS as backup seems... not right

Customer forum for LastPass Enterprise

Moderators: admin, azitnay, anatoly_LP, chantieLP, JoeSiegrist, robyn

SMS as backup seems... not right

Postby diggingrelic » Fri Jul 26, 2019 9:44 pm

I just setup a trial of Enterprise Identity and enabled MFA for my account. I used LastPass authenticator as my method. It won't let me activate MFA without setting up SMS as a backup method for the account. This seems wrong. Can't an attacker just request to use the backup method and then have an easier attack vector via SMS? I thought the whole point of the authenticator applications was that they do not allow or use SMS codes as an option.

What am I missing?
diggingrelic
 
Posts: 2
Joined: Fri Jul 26, 2019 9:41 pm

Re: SMS as backup seems... not right

Postby jpenny84 » Sat Jul 27, 2019 12:49 am

You have over a half dozen multifactor options to choose from if you don't want to use LastPass Authenticator due to SMS backup.

https://support.logmeininc.com/lastpass ... n-lp010002
jpenny84
 
Posts: 8616
Joined: Tue Mar 06, 2012 9:10 pm

Re: SMS as backup seems... not right

Postby diggingrelic » Sat Jul 27, 2019 1:01 am

That is not the point. I am talking about enabling MFA on lastpass's website for logging into lastpass.

During the setup, they require that you setup SMS as a backup option.

I am not talking about the authentication application.
diggingrelic
 
Posts: 2
Joined: Fri Jul 26, 2019 9:41 pm

Re: SMS as backup seems... not right

Postby FlyingHawk » Sat Jul 27, 2019 2:07 am

That is the point.
Only LP authenticator requires SMS backup. All other options do not use SMS at all.
FlyingHawk
 
Posts: 775
Joined: Wed Mar 18, 2015 12:04 pm


Return to LastPass Enterprise

Who is online

Users browsing this forum: No registered users and 4 guests