Lastpass & Yubikey Neo
Ever since I started using Lastpass Premium, I have been using Two-Factor Authentication (TFA). First with printed OTPs, then Google Authenticator on my Android.
The only reason why I thusfar not considered using Yubikey as my TFA was the missing ability to use it on my android phone. But especially on the PHONE I want TFA, because it is in much higher danger of being stolen. But the traditional Yubikeys dont work on phones.
But the guys @ Yubico came up with the Yubikey Neo (http://yubico.com/yubikey-neo)
The Yubikey Neo is NFC-enabled and works perfectly in tandem with my Samsung Galaxy Nexus. I can now safely use Lastpass on my Android with TFA, and I don’t have to worry about the security of my passwords when my phone gets stolen.
Here is how to do it:
- Get a Lastpass Premium Account
- Get a Yubikey Neo
- Register the Yubikey with your Lastpass account
- “Disallow” mobile access in the Lastpass account settings.
- Download the Personalization Tool
- Select the “Write an NDEF configuration (YubiKey NEO only)” option
- Then select URI record type, identifier=https:// and URI string lastpass.com/mobile/?otp=
- press NEXT twice to get to the programming page and press the RUN button to write the NDEF2 string to your YubiKey NEO.
- Enjoy (make sure you have the Lastpass App installed on your Phone)
The Yubikey Neo can be used on any Computer like a normal Yubikey and on any NFC enabled phone. Fantastic, isn’t it ?
Update 1, 13.03.2012: Thanks to a comment from Evelina @ Yubico, I changed the above howto to include the need to change your lastpass account settings to “disallow” mobile access. This setting will enforce the YubiKey TFA on mobile devices.