For many months I’ve been using a Yubikey as a staple of my cyber security plan. It makes me exponentially more secure and at the same time makes it easier for me to stay secure. The only part of it that isn’t drop-dead simple is the configuration, though even that isn’t very difficult. I’m going to show you step by step how to configure your Yubikey to get the most out of it and set yourself up for success.
LastPass, my password manager of choice, has added support for Google Authenticator as a method of two-factor authentication. For those unfamiliar, Google added two factor authentication support earlier this year, a component of which is a mobile app that generates a random 6 digit string that refreshes every 30 seconds. The app is free, and you simply scan a QR code to configure it.
While I use Google Authenticator with my Google accounts, I haven’t yet tried it with LastPass since I use a Yubikey.
Lastpass, my favorite password management solution, noticed a “network traffic anomaly” on their servers yesterday which they couldn’t account for. They immediately notified users that they were investigating if any data was breached, and said this:
Because we can’t account for this anomaly either, we’re going to be paranoid and assume the worst: that the data we stored in the database was somehow accessed. We know roughly the amount of data transferred and that it’s big enough to have transferred people’s email addresses, the server salt and their salted password hashes from the database.
As anyone who knows me well will tell you, I’m kind of a security geek. I’m fascinated by encryption, data protection, strong passwords, and generally locking things down just because I can. For a long time there was a challenge with some of my friends to see if any of them could get into my computer, or at the very least figure out one of the 4 passwords required to boot it up to a desktop.
About two months ago I started using a service called LastPass, based in large part on the review and recommendation of Steve Gibson on Security Now. He explained in-depth why LastPass is safe, effective and a much better solution than maintaining passwords yourself. Intrigued by this product that Steve seemed so enthusiastic about (and given that I trust Mr. Gibson’s opinions when it comes to computer security) I created an account & tried it out.