Knowledge Base
Community

Securing your digital life with LastPass + YubiKey

guide

Hi Everyone,

 

We all know we shouldn’t be using the same password on multiple sites. In fact, we should be using a different high-security password for every site, but passwords like G2khm^CRa0 are very hard to remember, that’s where password managers come in. In this update to my 2013 blog post, let's see how LastPass and YubiKey can secure your digital life going into 2017.

 

Data breaches

 

This year and even this decade has been full of data breaches where millions of usernames, passwords and personal information have been stolen from companies around the world. This is a massive problem if you use the same or low-security passwords on every site, even worse if you use the same usernames as well. As the more of your accounts they can get into the more damage they can do to your online life, especially if they get into a site like PayPal or your bank. Here’s a quick list of some of the data breaches we have learned about recently:

 

Screen Shot 2016-12-11 at 15.28.47.png

There has been many more data breathers over the years. Check out this article on Techworld of The UK’s 15 most infamous data breaches. These breaches will continue to plague companies, governments and individuals around the world for years to come, make sure you're as secure as you can be by using long secure passwords and two-factor authentication.

 

LastPass

 

Grid_Expanded.pngLastPass Vault (Source: LastPass)

What is LastPass?

 

LastPass is an online password manager and form filler that makes web browsing easier and more secure. You can store all the usernames, passwords, security notes (such as a passport or driving license details) for all the websites you visit and LastPass will remember them for you. LastPass have browser plug-ins for all major browsers, operating systems and Apps for all major mobile devices. Use of the companies mobile apps are now included in their FREE version. They have also redesigned their password manager and mobile Apps to make them easier to use with LastPass 4.0.

 

 

Can I trust LastPass?

 

When you're trusting your whole online life to a single company, you have to be sure you can trust them. Here's a video from the TWIT show Security Now with Steve Gibson (the man who coined the term spyware and created the first anti-spyware software) explaining how LastPass security works back in 2010 and the 2015 network breach.

 

 

YubiKey

 

YubiKey-4-insert-1030x687.pngYubiKey 4 (Source: Yubico)

A YubiKey (made by Yubico) is a strong, two-factor authentication device that creates one-time passwords every time you press it. The device is so small and robust you can keep it on your keys, I like this as everywhere I go I have a key to my house, a key to my car and a key to my online life. They have recently released the YubiKey 4 which supports FIDO U2F, which means you can use it as two-factor authentication along with your username and password on sites such as Google, Dropbox, GitHub, Salesforce and more, with support for more sites and operating systems in the works.

 

Dropbox-Supports-U2F-YubiKeys2.pngDropbox two-factor (Source: Yubico)

Logging into LastPass:

 

Along with your LastPass username and master password, a YubiKey provides two-factor authentication to keep your LastPass account safe and secure. Please Note: YubiKey two-factor authentication requires LastPass Premium).

 

 

Logging into Windows:

 

With Windows 10, Microsoft supports both key-based and certificate-based authentication. Organizations that don’t use PKI, or want to minimize reliance on certificates, are prime converts for key-based Windows 10 authentication credentials. The YubiKey is a versatile authentication device that is perfect for this environment.

 

 

Logging into MacOS:

 

Have you ever wanted to use your YubiKey to protect your Mac? Upgrade to MacOS Sierra and your PIV-enabled YubiKeys can be used to log into your Mac and your keychain without complex configurations or software.

 

 

Conclusion

 

I have been using LastPass and a YubiKey for about more than three years now and I feel it's made my online life 1000% more secure without making it too cumbersome to access my accounts, even on my mobile devices.

 

If you are interested in getting LastPass, who have a FREE and a paid version of their password manager, please visit https://lastpass.com/ and If you’re interested in getting a YubiKey for two-factor authentication you can visit Amazon or  https://www.yubico.com/store/.

 

Thanks for reading,

Carl

 

120x120.jpg

Carl produces websites, apps and videos. View his latest work at carlrydings.com


What are you waiting for?
Order your FREE SIM with £5 FREE credit         See our SIM-only deals

 

Sources:

 

11 Comments
chaperon

Excellent bit of information for this day and age! 

I should give them a go in a few days time... 

Keep them coming @carlryds

instructor

 Thanks for sharing this information. 

 

I rely on Apple's Keychain and 1Password (on iOS with Touch ID fingerprint authentication). If a site offers two-step auth., I activative it and then use Authy on my iPhone (also on Apple Watch) to get all keys from one single app. Authy is great because it even works without internet connection (usefull when I am in roaming overseas).

 

I feel like I have done a good job so far, but how does it compare with the YubiKey + someone storing my data on a server somewhere?

 

Thanks again

guide

@manocas Authy is great software alternative to a YubiKey. I used it for a while at one time. Now I use LastPass Authenticator when I need to enter codes for sites that either don't support U2F/YubiKey or I'm on my iPhone (as it doesn't support the NFC YubiKey). LastPass Authenticator is basically the same thing as Google Authenticator/Authy... I just worry a little that Authy, LastPass Authenticator and Google Authenticator could get hacked easier because it's software and not hardware as a YubiKey is something you have on your person.

 

Something you know - Your usernames and password

Something you have - Your YubiKey

guide

Great blog. About time I did something like this. I will look into over the Christmas holiday and sort something out. Thanks.

virtuoso

I'm a big fan of LastPass i've been using it for past 4 or 5 years

rookie

This is a good way to keep online data safe and old people can be very forgetful

supporter

Great blog idea! Very informative but there will continue to be more and more hacks of major websites / companies.

guide

Glad to see you're all liking the blog. I like covering these in-depth and important topics Smiley Happy

Useful blog. I'll check these out. Last thing I want is to get hacked.

novice

Yahoo got hacked because they used old school encryption which was proven to have plenty of holes for hackers to exploit