Knowledge Base
Community

LastPass + YubiKey for online and computer security

guide

2016 - View the updated blog post here:
https://community.giffgaff.com/t5/Blog/Securing-your-digital-life-with-LastPass-YubiKey/ba-p/1969943...

 

 

LastPass Header

 

Hi Everyone,

 

Do you use one or two passwords across all your online accounts? Would you like to use a single secure password across all your online accounts, but think it will be hard to keep track off them all? Think again...

 

What is Lastpass?

 

LastPass is an online password manager and form filler that makes web browsing easier and more secure. You can store all the usernames and passwords for all the websites your visit and lastpass will remember them for you. LastPass have browser plug-ins for all major browsers, operating systems and Apps for all major mobile devices.

 

 

What is a YubiKey?

 

A YubiKey (made by Yubico) is a strong, two-factor authentication device that creates one-time passwords. The device is so small and robust you can keep it on your keys, I like this as everywhere i go i have a key to my house, a key to my car and a key to my online life.

 

YubiKey on Keys

 

This is how a YubiKey is made...

 

 

How do they work together?

 

The YubiKey can be used as a way to login to your LastPass account in-conjunction with your e-mail address and master password, making it impossible for anyone to access your online life without your physical YubiKey.

 

Set-up a YubiKey to login to LastPass:

 

 

Set-up a YubiKey to login to your computer:

 

 

Can i trust LastPass?

 

When your trusting your whole online life to a single company, you have to be sure your can trust them. Here's a video from the TWIT show Security Now with Steve Gibson - the man who coined the term spyware and created the first anti-spyware software - explaining how LastPass security works (Watch out! This gets geeky).

 

 

There is also an audio Security Now on YubiKey, you can find that here.

 

How to Buy:

 

Lastpass   -      Access on any computer with all features          = FREE

                            Access via Mobile Apps (iOS, Android, Etc)       = $12 (Approx £8) / Year

                            https://lastpass.com/

 

YubiKey      -      White or Black Yubikey ON IT OWN                                                  = $25 (Approx £15.60) + Shipping

                            White or Black Yubikey WITH 1 YEARS LASTPASS included      = $33 (Approx £20.60) + Shipping

                            https://store.yubico.com/

 

My conclusion:

 

I have been using LastPass with a YubiKey for about 6 months now and i feel it's made my online life 1000% more secure without making it too cumbersome to access my accounts, even on my mobile devices.

 

Thanks for reading,

Carl

 

24 Comments
beginner

I used to have the same or similar passwords over a range of sites & services... One day someone got into my GMail account and sent spam messages to all my contacts. I moved to LastPass and gave my GMail account a crazily hard password. LastPass has served me very well.

 

Have not tried the YubiKey approach, that's a bit hard core for me.

 

kung fu master

Very interesting information, thank you - will have to look at this in more detail.

That's a useful post considering how many people get hacked!

 

The only issue I can think of is not being able to log into anything because you don't have your physical YubiKey with you!

interesting will give it a try
heavy hitter

oh wow Carl, this blog is fantastic!

this is something i've never really heard of before reading, the way you structured it was really clear and ive definitely learnt a lot from this blog, thanks for making it, such a interesting subject area too Smiley Happy 

sensei
I've often wondered, what happens if the YubiKey gets damaged, how do you get a replacement? P.S. Thanks for the great blog. Smiley Happy
pupil

Good blog. Will take a look at them. Thanks.

guide

@jeff_elephant - But that's the point of it Smiley Tongue You have to decide which is more important to you, security or convience. Like I say in the post put it on your keys and you'll always have it.

 

@zoeawesome - Thanks Zoe Smiley Happy

 

@samwich - My recommendation is to get two YubiKeys, and set them both up in your LastPass settings. Keep one in a safe with your passport or somewhere safe and then you have a back-up, just in case.

enigma
Very useful and informative blog. Keep them coming. :-)
soothsayer

I have no idea what any of my passwords for anything are either, they're al 20 character strings of GHvCDdcVtyVytr563cTRV or something like that, I just use Google Authenticator on my phone for two factor but it's amazing how few services support two factor authentication Smiley Sad

 

One extra thing to mention is that for LastPass make sure that you have a strong master password, prefferably not a dictionary word. Aardvark is not a good master password even though it's a pretty odd word. That'd be cracked in about 5 seconds because it's the first word in the dictionary and a dictionary attack to crack a password does exactly as you'd expect Smiley Tongue