December 05, 2017

LastPass Firefox Extension Repeatedly Asking for Two-Factor Authentication at Every Login

With the recent Firefox 57 release, I had experienced an annoying requirement with my LastPass add-on that required me to two-factor authenticate (2FA) each and every time I restarted Firefox.

At first, I saved a little effort by installing the Two-Factor Authenticator add-on so as to not require pulling my phone out constantly.
https://addons.mozilla.org/en-US/firefox/addon/two-factor-authenticator/

But really, i wanted this solved.

LastPass.com support suggested I purge my ~/.lastpass folder. I did so, but without resolve.

Other sources recommended purging two lastpass folders contained in the user profile:
~/.mozilla/firefox/YOURPROFILE/storage/permanent/indexeddb+++support-at-lastpass-dot-com/ , and
~/.mozilla/firefox/YOURPROFILE/jetpack/support@lastpass.com/
So i did; also without resolve.

More sources reported what I already suspected: The cookies that lastpass uses should not be deleted. So I made sure to whitelist lastpass.com and *.lastpass.com in my cookies cleaner.   In addition to Privacy > History > Keep Until they Expire.

This didn’t work immediately, so I dug into my FireFox preferences and found that un-checking “Offline WebSite Data” seemed to resolve my issue.  I had already unchecked "Cookies" and used "Cookies Auto delete" add-on to control cookies.
https://addons.mozilla.org/en-US/firefox/addon/cookie-autodelete/?src=userprofile

So in hindsight, I believe the combination of saving the lastpass.com cookies and Edit(Tools) > Preferences(Options) > Privacy > History > Settings >
 [UN-CHECK] Offline Website data
 [UN-CHECK] Cookies
is the final solution.

Note: Upon removal/re-installation or auto-update of the add-on, you will likely be required to 2FA again. But otherwise, the 30-day 2FA memory should be retained with the above solution.

Good Luck!
~~~
  

No comments:

Post a Comment

Comments, Suggestions or "Thank you's" Invited! If you have used this info in any way, please comment below and link/link-back to your project (if applicable). Please Share.
I accept Bitcoin tips of ANY amount to: 1GS3XWJCTWU7fnM4vfzerrVAxmnMFnhysL
I accept Litecoin tips of ANY amount to: LTBvVxRdv2Lz9T41UzqNrAVVNw4wz3kKYk