Categories

Developer

Aru S

Multipass - Multifactor Authentication Checker v0.5.3resigned1

  • rating
  • rating
  • rating
  • rating
  • rating
0 (0 reviews)
Determine which of the accounts stored in your LastPass vault support some form of multifactor authentication.

This is neither affiliated with, nor endorsed by, LastPass.

Determine which of the accounts stored in your LastPass vault support some form
of multifactor authentication!

**Getting Started**

  1. Log in to the LastPass website
    (not through the extension).
  2. Click the "Multipass" link in the left sidebar.
  3. Interact with MFA-compatible accounts:
    • Clicking on an entry will open a new window for the service (the URL
      field for the saved account).
    • Clicking the information button at the far right of an entry (if present)
      will take you to a help page for the service.
    • Hovering over a red asterisk on the line of supported MFA methods will
      present you with caveats for the site.

**A Note on Security**

You should always be cautious when granting access to sensitive data to third
party extensions (such as this one). Multipass was developed with that concern
in mind, and takes the following measures:

  • Passwords are never referenced or extracted - only the service URL, name, and
    usernames get accessed.
  • The extension never communicates with non-LastPass servers. It only has
    permission to run in the context of your LastPass tab.
  • The extension doesn't cache any data locally. This prevents leaking of data
    even if you're logged out of your vault.
  • The underlying code is constructed in a straightforward manner and served
    unobfuscated, improving transparency. Users should be able to unpack the
    extension and audit it themselves.
  • No untrusted third party dependencies. All third party code was reviewed and
    is vendorized.

If you have a security concern, please open an issue. If it's sensitive, please email me: aru at arusahni.net.

**FAQ**

Q: I know a service supports MFA, why isn't it recognized as such by Multipass.
A: First, check the URL of the saved site for correctness. Second, check
TwoFactorAuth.org to see if the service is listed.
If not, follow the instructions on the site and submit an issue to have the
site added. If the site is listed, please file an issue with Multipass. Odds
are that the database is out of date, and a new release needs to be cut.

Q: Can you support {password manager}?
A: I hope so! While Multipass
was originally developed with LastPass in mind, there's nothing preventing it
from working with other web-based password managers. Please file an issue for
your service of choice and I'll see what I can do. Pull requests are welcome,
too!