After I login to the mobile app I am not being prompted with a 2FA request. I have tested on Android and iPad. Only prompted when logging into the web via browser. With LastPass android and iPad it prompts for 2FA.
Thanks.
After I login to the mobile app I am not being prompted with a 2FA request. I have tested on Android and iPad. Only prompted when logging into the web via browser. With LastPass android and iPad it prompts for 2FA.
Thanks.
Pretty sure on Android it asked me for 2FA on initial sign in after I reset my S8 for Oreo. Now it just uses my PIN.
If that is the case, seems I must uninstall from the mobile to prove. There is no option to clear, to then prompt for the 2FA upon next login.
So to better define this feature request, a possible solution is a “Remember 2FA authentication for n minutes/hours/days” in the settings.
If you selected “remember me” when doing 2FA you can clear that in the web vault by going to settings “deauthorize sessions”.
Thanks, “deauthorize sessions” does allow me to re-test this case easily. Now I that I have carefully tested, I have confirmed that the “remember me” option is not working on ipad or android in regards to 2FA. When I restart the app the second time, after not choosing “remember me” when prompted for 2FA previously, I enter my password (or pin if I have that option selected), and the vault is immediately opened without prompting me for a 2FA code.
The only way to have mobile prompt 2FA ever again is to clear with the “Deauthorize sessions”. This feature request is suggesting 2FA level authorization upon every use of the app, or a setting to reprompt 2FA after a selected period of time e.g. minutes/hours/days.
You are confusing login with unlock. They are not the same thing. 2FA only happens on login. See here for what you want: 2FA when 'unlocking'
Ok. I agree. Thanks for explaining. As you reference in that 2FA when 'unlocking", since there is no auto-logout feature (yet), the only way to ever re-prompt for 2FA is to always be sure to manually logout of the mobile app after every use. Though I disagree with the response that auto-logout is a similar feature request, because that will enforce having to use a long password for every app use.
So to clarify, this feature request, to expand on the previous request, is to add an “Unlock with 2FA” option in addition to the existing “Unlock with Touch ID”, and/or “Unlock with PIN code” security options. Ideally allowing a combination of security e.g. PIN + 2FA without enforcing use of a long password to unlock.
That is my experience with LastPass, though there was a 1-2 year period where they stopped prompting on unlock, it is prompting in the latest version.
Closing as a duplicate of 2FA when 'unlocking'