Logging In With Duo Push and LastPass

In order to use Duo Push with LastPass, you must have first signed up for a Duo account and configured your LastPass vault to use Duo authentication. See our LastPass documentation for step-by-step instructions.

LastPass Web Page and Browser Extension

The LastPass Duo multifactor window appears after username and password is entered, and at the same time a push authentication request appears on your mobile device if it is activated for Duo Mobile.

If you click the "This computer is trusted..." option then you won't be prompted for two-factor authentication again from the same browser on that device.

LastPass Browser Duo Authentication

If you (or your administrator) enabled the Duo WebSDK experience when configuring Duo in LastPass, you'll see the Duo Prompt. Choose an authentication option and approve to access your vault.

LastPass Browser Duo Prompt

LastPass Mobile App

The LastPass Duo multifactor window is displayed after username and password is entered, and at the same time a push authentication request appears on your mobile device if it is activated for Duo Mobile. You may approve the Duo Push request from the same device where you are logging into the LastPass mobile app.

If you click the "Trust this device?" option then you won't be prompted for two-factor authentication again by the LastPass app on that device.

LastPass for Applications

The LastPass for Applications program is available for Microsoft Windows only. The LastPass Duo multifactor window is displayed after username and password is entered in the LastPass for Applications login window, and at the same time a push authentication request appears on your mobile device if it is activated for Duo Mobile.

If you click the "This computer is trusted..." option then you won't be prompted for two-factor authentication again when logging in to LastPass for Applications.

Instead of approving the automatic push request, you can also enter a different factor name or passcode into the empty field and click the Authenticate button. Here's how:

Type... To...
A passcode Log in using a passcode, either generated with Duo Mobile, sent via SMS, generated by your hardware token, or provided by an administrator.
Examples: "123456" or "1456789"
push Push a login request to your phone (if you have Duo Mobile installed and activated on your iOS, Android, Windows Phone, or Windows Phone device). Just review the request and tap "Approve" to log in.
phone Authenticate via phone callback.
sms Get a new batch of SMS passcodes.
Your login attempt will fail — log in again with one of your new passcodes.

Note: LastPass only works with your primary device. If you have multiple phones or devices attached to your Duo account you can only use passcodes or approve the LastPass push request from the first one.


Examples

To send a Duo Push request to your primary phone, type:

push

To use the passcode "123456", type:

123456

To send new SMS passcodes to your phone, type:

sms

If you don't want to set up LastPass with Duo's one-tap push authentication, you can still protect your password vault by adding LastPass to Duo Mobile as a third-party account. Follow the instructions for setting up LastPass with Google Authenticator, simply substituting the Duo Mobile app for Google Authenticator. Once you do that, you can use a passcode generated by Duo Mobile to log in to LastPass.