As we’re using the internet for more personalised online activity like email, online banking, supermarket or catalogue shopping, and social networking, we are beginning to increase the number of websites requiring us to use username and password combinations for logins. By the time you’ve used a dozen websites with various usernames and passwords, the tendency to use the same or similar password for each one, or store the hopefully unique passwords in a notepad file or written in a notebook.
The tendency to use simpler passwords, duplicate the use of complex passwords across muliple sites, or write the passwords in some plain text form reduces their security value. So how best to acheive a situation whereby each password is complex, used only once and kept away from prying eyes?
LastPass is a password manager that provides the secure storage of encrypted passwords allowing them to be complex, even checks that they are all unique, and the premium version can be accessed on the widest spread of devices and platforms, including smartphones. LastPass can also be combined with a third party authentication service like Google Authentication or Yubico‘s YubiKey, to provide a powerful two-factor authenication solution.
Like other password managers, LastPass stores Login IDs and passwords for websites so that you don’t have to remember them, make an insecure plain text note of them, and so allows for them to be unique and complex. All you need to do is ensure you remember one complex password – the Master Password for your login to LastPass, which can then be used to Login to any of your stored websites via the toolbar, or by retrieving from the vault via your LastPass login. It’s also a free service under you go for the Premium version for mobile device support – and then ony $1 per month.
To make the LastPass service super secure, extend it from the LastPass Vault’s settings screen with two-factor authentication with a YubiKey device from Yubico. For just £25 a YubiKey registered for use on your LastPass account would then need to be inserted in the USB slot on the PC or laptop you’re connecting to the internet with, and actioned by pressing the key. This sends a unique key string to LastPass confirming your identity with a second login credential. You would be well advised to have a couple of YubiKeys registered on your account and the second one stored safely offsite as to avoid having to disable the YubiKey second stage of authentication. Ensuring secure access to your email is crucial to prevent your LastPass access being compromised by disabling the YubiKey authentication.