YubiKey from Yubico is a clever additional means of providing the benefits of two factor authentication to your LastPass account. Your LastPass Password Manager can do the work of keeping all of your important online accounts secure through multifactor authentication, but the master account itself also needs its own special security.
For those who are unhappy with or wary of other 2FA methods for your LastPass account, like Duo Security, Transakt or Google Authenticator, a YubiKey might be just what you need.
How does YubiKey differ from other LastPass 2FA options?
Most other LastPass 2FA security methods involve using or installing some kind of software and pairing it with your LastPass app. YubiKey is different in that it also involves a hardware component. The primary advantage of this is that only the possessor of the physical YubiKey hardware will be able to complete the second part of your 2FA setup.
The YubiKey uses the Universal 2nd Factor (U2F) public-key encryption protocol to secure your LastPass master account by enabling near-field communication (NFC) between your hardware key and your mobile device, computer or other machine. It does this through the use of public-key cryptography and one-time passwords. Because a special one-time password is always the second authentication step, any would-be hacker who manages to steal a previously used password will not be able to get into your account.
Public-key cryptography, which is at the heart of how the YubiKey is able to pull off this feat, works in the following way: Important data — such as login information — are encrypted using a public key of some kind. Because it’s public, anyone can inspect it. However, decrypting the information requires a special private key (also called a secret key) that only you, the LastPass user, will have access to. This also applies to the one-time passwords used by the YubiKey token itself.
Thus, if you use a YubiKey device as your 2FA method, you will need both the master password to your account and your physical hardware token to access your LastPass master account.
In 2018, Yubico released the YubiKey 5 Series, which also adds FIDO2 encryption support. FIDO U2F makes the YubiKey 5 NFC an excellent security option.
How to Set Up YubiKey 2FA
To set up YubiKey 2FA, you will first need both a YubiKey and LastPass Enterprise, LastPass Premium, LastPass Teams or some kind of master account through LastPass. To purchase a YubiKey, got to Yubico.com and pay the required $25.
Once you’ve bought your security key and you have LastPass set up, open up your Authenticator app and go into your Account Settings. Then click on the “YubiKey” tab. This will enable you to add a new Yubikey to your account. To add the YubiKey, insert it into the USB port on your iPhone, computer or other device. Then enter your LastPass master password.
From here, you will be prompted to specify your LastPass Yubikey preferences. These include things like your authentication settings and the exact kind of second factor that you will use; whether or not to permit NFC access to your device if the device does not have USB ports; and whether to enable offline access.
Finally, make certain that you mark the “YubiKey Authentication” field as “Enabled” in your LastPass Vault. Hit “Update” to save all of your account preferences.
Up to five YubiKeys may be associated with the same account. Yubikey also works with every major web browser, including Google Chrome and Firefox. You’ll now have a secure password and strong authentication set up to protect your main app — and by extension, your Facebook, Windows Server and other crucial accounts as well.