Log in to your LastPass user account, then from your account dropdown select "Account Settings";

To add a FIDO2 key as an authentication method we need to select the option "Multifactor Options";

.

Programmable tokens act as a direct replacement for the google authenticator app, so we need to enable the app (using the pencil icon indicated below);

A new window will now open title "Google Authenticator", click on the link "View your barcode";

You will be asked to re-enter you LastPass master password, after entering the password click ;

A QR code will now be displayed (see example below);

You can use the QR code to program our programmable tokens using the instructions found in the following procedure;

• • Click here to expand...

    To program a SafeID/Diamond or SafeID/Pro token with a QR code, launch the SafeID/Diamond programming tool.  

    

    
    

    Click the Scan QR Code button 

    Click here for instructions on Scanning QR Codes ...

    Before you scan the QR code please ensure that the clock on your computer is displaying the correct date and time.

    You can scan the screen for a QR code, or load from a file.

    

    If you are scanning the barcode on the screen please ensure that the QR code is not obscured by other windows, and if you have more than one monitor please ensure that both the app and the QR code are displayed on the main display (display 1).

    If you still have difficulty in scanning the QR code double check you only have the one instance of the app running, and that it is the latest version of the app.  In most cases when there are issues with scanning of the QR code the most likely cause is the QR code contains the wrong data and may need to be regenerated.  To test the QR code you could check that the code works correctly with the authenticator app it is intended for (e.g microsoft authenticator), and if this fails then you know that the QR code will need to be regenerated.

    

    
    

    Select Scan Screen.

    If succeeded, the Seed box should be filled with the token's seed data.

    

    
    

    Now, select your smart card reader from the Reader drop-down list, e.g. "HID OMNIKEY 5427 CK"

    

    
    

    Press the Connect button

    

    
    

    Now, switch on a SafeID token and place it on the reader. 

    The tool will read out the token's serial number and time, and display them:

    

    
    

    If you want to correct the clock on the token, then leave the "Sync Token Clock" checked, but first ensure the time on your pc is set correctly.

    Press the Burn button

    

    
    

    The token is successfully programmed.

    Switch off the token and switch it on again to generate a new code (the token may only use the new seed after being reset)

    

    Related Articles

    • Programmable Tokens and keys
    • Hardware Tokens
    • NFC Card Reader
    • Checking and resolving time drift on a windows computer
    • How to generate QR codes for authenticator apps or programmable tokens
    • How to extract seed data from a QR code using a PC

Verifying your token

Once you have programmed your token you will need to verify it with LastPass.

Remove the QR code (by clicking ), 

You are now ready to enable and verify the token.  using the drop-down (indicated below), change the enabled state to "Yes";, then click

You will be asked to re-enter you LastPass master password, after entering the password click ;

Next you are asked for the verification code, obtain a 6 digit code from your programmable token, enter it in the box, then click ;

You will be shown confirmation that your verification code has been accepted, click ;

Upon returning to the MFA configuration page, you will now see confirmation that the authentication method has been enabled;

You are now able to use your programmable hardware token as a source of OTP codes when logging in to LastPass.

Related Articles

• OTP Tokens
• Programmable Tokens and keys
• NFC Smart Card Reader
• How to use SafeKey as a FIDO2 passkey with LastPass