We all know we shouldn’t be using the same password on multiple sites. In fact, we should be using a different high-security password for every site, but passwords like G2khm^CRa0 are very hard to remember, that’s where password managers come in. In this update to my 2013 blog post, let's see how LastPass and YubiKey can secure your digital life going into 2017.
This year and even this decade has been full of data breaches where millions of usernames, passwords and personal information have been stolen from companies around the world. This is a massive problem if you use the same or low-security passwords on every site, even worse if you use the same usernames as well. As the more of your accounts they can get into the more damage they can do to your online life, especially if they get into a site like PayPal or your bank. Here’s a quick list of some of the data breaches we have learned about recently:
There has been many more data breathers over the years. Check out this article on Techworld of The UK’s 15 most infamous data breaches. These breaches will continue to plague companies, governments and individuals around the world for years to come, make sure you're as secure as you can be by using long secure passwords and two-factor authentication.
LastPass Vault (Source: LastPass)
What is LastPass?
LastPass is an online password manager and form filler that makes web browsing easier and more secure. You can store all the usernames, passwords, security notes (such as a passport or driving license details) for all the websites you visit and LastPass will remember them for you. LastPass have browser plug-ins for all major browsers, operating systems and Apps for all major mobile devices. Use of the companies mobile apps are now included in their FREE version. They have also redesigned their password manager and mobile Apps to make them easier to use with LastPass 4.0.
Can I trust LastPass?
When you're trusting your whole online life to a single company, you have to be sure you can trust them. Here's a video from the TWIT show Security Now with Steve Gibson (the man who coined the term spyware and created the first anti-spyware software) explaining how LastPass security works back in 2010 and the 2015 network breach.
YubiKey 4 (Source: Yubico)
A YubiKey (made by Yubico) is a strong, two-factor authentication device that creates one-time passwords every time you press it. The device is so small and robust you can keep it on your keys, I like this as everywhere I go I have a key to my house, a key to my car and a key to my online life. They have recently released the YubiKey 4 which supports FIDO U2F, which means you can use it as two-factor authentication along with your username and password on sites such as Google, Dropbox, GitHub, Salesforce and more, with support for more sites and operating systems in the works.
Dropbox two-factor (Source: Yubico)
Logging into LastPass:
Along with your LastPass username and master password, a YubiKey provides two-factor authentication to keep your LastPass account safe and secure. Please Note: YubiKey two-factor authentication requires LastPass Premium).
Logging into Windows:
With Windows 10, Microsoft supports both key-based and certificate-based authentication. Organizations that don’t use PKI, or want to minimize reliance on certificates, are prime converts for key-based Windows 10 authentication credentials. The YubiKey is a versatile authentication device that is perfect for this environment.
Logging into MacOS:
Have you ever wanted to use your YubiKey to protect your Mac? Upgrade to MacOS Sierra and your PIV-enabled YubiKeys can be used to log into your Mac and your keychain without complex configurations or software.
I have been using LastPass and a YubiKey for about more than three years now and I feel it's made my online life 1000% more secure without making it too cumbersome to access my accounts, even on my mobile devices.