For years now I’ve been using a combination of file synchronization software Dropbox and Keepass to store and share login credentials across multiple devices – my desktop, laptop, Android phone, etc. When Lastpass launched 4 years ago, I was intrigued but skeptical – Keepass has always allowed me to use a method of multi-factor authentication (what I know – password, and what I have – key file), which was a good method of securing my data, but at the time Lastpass did not offer such an option (it does now using a USB thumbdrive).
Geek Tangent: Enter the Yubikey
Flash forward a few years, and Yubikey comes on the scene. If you’re not familiar with Yubikey, it dubs itself as “the key to the cloud”. It’s a tiny, near indestructible USB device that fits on your key chain and generates encrypted one time passwords (OTP).
When you plug your Yubikey into your device, it’s recognized as a USB keyboard device, you place your finger on a small disc, and it generates a 36 character string of random letters; this string is then instantly verified for secure login. Since Yubikey is recognized as a keyboard, it works on just about any device, and even better, since your unique password string is accessible via one tap of the disc, your password is immune to key logging software that could capture your keystrokes. The great folks at Yubico are also big on developers including Yubikey integration in their software, so more and more applications will be using it (WordPress and Truecrypt already do!).
What This Yubikey Stuff Means
What this all means is that you can combine what you know (your password) with what you have (your Yubikey) to create a secure, two-factor method of authentication. Without either piece of the puzzle – password or Yubikey – attackers won’t be able to access your data.This is important, because as any security expert will tell you, it’s not a question of if your data will be compromised, but when. Adding that extra layer of two-factor authentication insulates you for the inevitable.
Putting It All Together: Yubikey and Lastpass
Much to their credit, Lastpass includes incredibly easy Yubikey integration. Even better, Yubikey offers a bundle to get a Yubikey plus one year of Lastpass Premium for $30, so you’re saving $7 off the price of Yubikey and Lastpass purchased separately. Now after I login to Lastpass, I’m prompted to insert my Yubikey and provide the secure one time password before I can have access. Sure it’s an extra step, but it’s worth it for piece of mind.
I love Lastpass’ browser integration and mobile features. It makes logging in a snap, and my logins are shared anywhere I go, which is a must. More and more I’m finding myself leaving the ol’ Dropbox+Keypass method in favour of Lastpass.
