Last August I did a post on the password manager LastPass, you can read about it here. I recently purchased the Yubikey, which compliments this awesome password manager and other online websites.
What does multi-factor authentication mean?
Multifactor authentication (MFA) is a security system that requires more than one method of authentication from independent categories of credentials to verify the user’s identity for a login.
The fact is LastPass has a master password that protects everything. This could be seen as a major con if ones password was not strong enough. If this password was compromised it would be the end of the world for some people. Not so for me, because my password is very strong and I’ve had 2FA (Two factor authentication) setup for the majority of my accounts including LastPass. It has meant whenever logging into an online account with a username and password, a 6-8 digit code was also needed to login successfully. This code got sent to a mobile device or email account.
YubiKey takes all this security one step further because it is a physical USB key. It supports LastPass & Google & 100+ websites.
How does it work?
For a secure login one has to plug the YubiKey into a free USB port on the computer and simply touch it (holding a finger over it for a few milliseconds) or tap it against a NFC-enabled Android phone. A 30+ random character password is generated (which can’t be seen), and LastPass or whatever online website / app accepts it automatically and logs in securely.
Benefits of Using YubiKey with LastPass
- Autofills the code, so no typing is required
- Works on all major browsers and operating systems, as well as NFC-enabled mobile devices
- No client software or drivers needed
- Compact, easy-to-carry size; 2 mm thin, 3 grams
- Practically indestructible; waterproof, crush safe, no battery
Of course every method of protection has its pros and cons and it is up to you to ensure the risks are understood.
I highly recommend YubiKey.