How do I create a time-based one-time passcode (TOTP) for site entries as a LastPass business account user?
If you have a LastPass Teams or LastPass Business account, you can create a time-based one-time passcode (TOTP) from your vault and use it for authentication when logging in to a third-party app or website.
- Time-based one-time passcode/TOTP/Two-Factor Code
- These terms all refer to the same value – a code that is generated for you and created as a means of verification or authentication.
- Two-Factor Authentication/Two-Step Verification
- A security feature that asks you for more than just your username and password when you log into a website. It requires something you know (your password) and something you have (your phone).
About TOTP codes for LastPass
- At this time, TOTP codes generated from your vault can only be used when accessing LastPass from a desktop web browser (i.e., not supported when using the LastPass mobile apps)
- TOTP codes generated from your vault can only be used for the specific third-party site paired with your site password entry in your vault (via the secret key)
- TOTP codes will be generated automatically in the site's one-time passcode TOTP code field if the site is stored in your vault and has a secret key associated
- TOTP codes generated from the LastPass Authenticator app mobile app are completely different from TOTP codes generated from your LastPass vault, and cannot be used interchangeably for authentication
- LastPass generates 6-digit one-time passcodes using SHA-1 algorithm, and these codes are regenerated every 30 seconds
- TOTP codes are only supported for site entries in your vault (i.e., not support for secure notes or items)
- If your computer's clock is not synced with universal Internet time, it could cause the TOTP code to be invalid and you may encounter an error when entering it
About policy restrictions
The ability to perform these actions may be prohibited if the "Don't show TOTP in vault" policy is enabled by your LastPass admin for your LastPass Business account.
Create a TOTP code in your vault
Generate a secret key from your third-party site.
- Log in to your account on the site for which you want to share access with others.
- Follow the site's instructions to set up Two-Factor Authentication within the site's security settings (outside of LastPass) and enable the site to use an authentication app (e.g., LastPass Authenticator).
- Most sites will provide a QR code to scan for setting up authentication. Instead, locate the option for manual setup, then copy the secret key (intended to be used for third-party services) and paste into a text editor. Remember: You will be using this value in later steps.
Enter the secret key into LastPass.
- Log in to LastPass and access your vault by doing either of the following:
- In your web browser toolbar, click the LastPass icon and select Vault or Open My Vault.
- Go to https://lastpass.com/?ac=1 and log in with your email address and master password.
- To activate a new secret key, you must add a new site password or editing an existing password entry:
Action in LastPass Instructions Add a new site password
- Click .
- Select Password.
- Enter all of the information you want to store.
Edit an existing site password
- Locate your desired site password entry.
- Click the Edit icon .
- Select Enter your secret key.
- Paste the secret key you copied in Step #3 above (copied from your third-party site's authentication settings) then click Activate. Attention: Only use the characters A-Z, 2-7, = when entering the secret key, and do not include any spaces.
Result: LastPass generates a 6-digit one-time passcode (using the SHA-1 algorithm and changing every 30 seconds).
- In the One-time passcode field, click to view the TOTP code, then copy the code. Note: The TOTP code automatically populates in the site's "one-time passcode" field if the site is stored in your vault and has a secret key associated. If the generated code expires before it has been submitted on the site (expires every 30 seconds), then the new TOTP code is automatically generated and filled into site's "one-time passcode" field.Tip: When you need a new TOTP code, click to hide the current code, then click again to show the new one (new codes generate every 30 seconds).
- Return to your desired site's settings and paste the code for verification, then save and proceed.
Use a TOTP code from your vault
Once you have paired your site with LastPass via the secret key, you can copy a TOTP code from your vault and use it to log in to your site when you're prompted for Two-Factor Authentication.
Copy a TOTP code from your LastPass vault.
- Within your vault, locate your desired site password entry then select to edit it.
- Copy the TOTP code in the One-time passcode field.
Use the TOTP code to log in to your site.
- Navigate to your site and proceed to log in.
- When prompted for authentication, enter the TOTP code you copied from the One-time passcode field. Note: The TOTP code automatically populates in the site's "one-time passcode" field if the site is stored in your vault and has a secret key associated. If the generated code expires before it has been submitted on the site (expires every 30 seconds), then the new TOTP code is automatically generated and filled into site's "one-time passcode" field.Troubleshooting: If the code you entered is invalid, return to your vault entry and click to hide the current code, then click again to show the new one (new codes generate every 30 seconds).