However last week it seems that a developer revealed that he was able to bypass the security on the Android version of LastPass Authenticator, which thankfully the company has since managed to fix. According to LastPass, “When a researcher discovered a workaround for the extra the PIN/fingerprint prompt, our engineering team fixed the issue that allowed the workaround and the update is available now. Now when the fingerprint/PIN feature is enabled, users must provide their fingerprint or PIN code in order to view the one-time code.”
The company also adds, “Using the reported workaround to access someone’s temporary codes would have been difficult since it requires access to the device, and the one-time codes are useless without the username and password for the services they are used. At no time did the identified workaround allow access to the TOTP secrets used to generate the one-time codes.”
Like we said, the update is now available that should address the issue so if you are running Android, then head on over to the Google Play Store and download the latest version of the Authenticator app.