Securing your online logins with Lastpass Part 2

See Part 1 here

Well I’m back with more ways to lockdown your logins with Lastpass utilizing multifactor authentication. The main thing I will cover today is using Yubikey usb tokens as extra security.

About Yubikey as stated on Yubikey website Yubico.

“Superior security

The YubiKey is a unique USB-key providing strong two-factor authentication, combining something you know (a PIN or password) with a physical device generating encrypted one time passwords. It protects your online identity from malware and hackers at a security level that can be compared with a smart card, and is manufactured in Sweden and California with best practice security processes.”

We will be using the Yubikey to add additional strength to our Lastpass account.

To setup a Yubikey on your Lastpass account you can open account settings and then the Yubikey tab. Then enable Yubikey authentication by changing to yes. Then go down and click the first Yubikey input spot and then insert Yubikey and push it for 3 secs till it emits the OTP in box then click save. Now whenever you login you will be asked for email and password then asked to insert Yubikey and authenticate with its OTP(One time Pass) slot one. For more info see there more detailed guide here.

There’s a lot you can do with Yubikeys. You can also use with Truecrypt/Veracrypt/LUKS preboot(full disk) encryption by programming a long static random password in slot 2.

I use all full disk encryption on every device I own that supports it such as every external internal hdd phone. There’s a guide on yubico on how to do that here. The tip I have is when setting up Truecrypt/Veracrypt with the second Yubikey slot use 8-12 character pass before the static key is used. For example when setting up the Truecrypt/Veracrypt volume disk encryption type in a password then right after it utilize the static pass from slot 2 so its yourpass+yubikeystaticpass=totalpassword that way in event you lose or asked to decrypt the drive and they know you have a Yubikey they would have to discover your precursor pass which will be a bitch especially if they don’t know the length and your key is worthless without being in your possession.


For extra fun for the super paranoid you can have a precursorpass+yubikeystaticpass+saltpass=totalpassword where you enter a second password string after the yubikeystatic so its a combined total of 3 passwords… two that are in your brain and one long one in the yubikey.



Using Lastpass with Yubikey

Ensure you register your Lastpass yubikeys with the revocation service Yubico provides in event you lose yours you can deactivate its use on your last pass account.

Always buy 2 yubikeys if not more and program the slot 2 to be same on both and save one in safety deposit box or pelican case buried somewhere safe. In event you lose one you’ll have backup so you’re not locked out of your encrypted drives or Lastpass. Lastpass allows up to 4 Yubikeys registered per account.