YubiKey Authentication
A YubiKey is a key-sized device that you can plug into your computer's USB slot to provide another layer of security when accessing your LastPass Account. YubiKeys are a secure, easy to use, two-factor authentication device that are immune from replay-attacks, man-in-the-middle attacks, and a host of other threat vectors.
YubiKey support is a Premium feature, and the device must be purchased through Yubico.com for $25.
Up to 5 YuibKeys can be associated with one LastPass account.
Adding Your YubiKey
Once you have purchased and received your YubiKey, you can enable the device and manage your preferences by launching your Account Settings and clicking on the 'YubiKeys' tab:
To add a new YubiKey to your LastPass account, enter the device in your USB port, click in the first empty YubiKey field, and lightly press your YubiKey on the grooved circle. You will need to enter your LastPass Master Password to save any updates you have made to your YubiKey settings.
After the field is filled, you can specify your YubiKey preferences:
YubiKey Authentication: Enable or disable your YubiKey multifactor authentication. When enabled, you will be prompted to enter the YubiKey data the next time you login to LastPass.
Permit Mobile Device Access: Controls whether mobile devices that do not possess USB ports, such as a smartphone, will be allowed to bypass YubiKey multifactor authentication when enabled.
Permit Offline Access: Controls whether access to your vault will be allowed when you are not connected to the Internet. Allowing offline access to your vault is slightly less secure since YubiKey OTPs can not be validated, and only the static portion of the key is validated.
To begin using your YubiKey, be sure that the 'YubiKey Authentication' field is marked as 'Enabled'.
To save changes to your YubiKey preferences, click 'Update' before exiting the Account Settings dialog.
To disassociate a YubiKey device with your LastPass account, simply clear the entire input field of all characters and click 'Update'.
Logging In with YubiKey
Now that you have enabled your YubiKey device, the next time you login to your LastPass account, you will be prompted to enter your YubiKey code. Simply click your LastPass Icon to login as normal, enter your email and Master Password, then submit. However, you will now be asked by LastPass to press your YubiKey device to enter the code:
If you would like to leave YubiKey authentication enabled but do not want to enter it every time you login to a particular device, simply check the trusted computer option before swiping your YubiKey.
Using a VIP YubiKey with LastPass
The VIP enabled YubiKey (http://yubico.com/vip) has two configuration slots. When the VIP enabled YubiKey is shipped, it's first configuration slot is factory programmed for Symantec VIP credentials and the second configuration slot is left blank i.e. not programmed. The two configuration slots of the YubiKey work independently and each can be independently reconfigured into OTP or static password mode.
If you touch and hold the YubiKey button between 1-3 seconds before releasing, the first configuration slot will emit the password (based on slot 1 configuration). And if you touch and hold the YubiKey button about 4-5 seconds before releasing, the second configuration slot will emit the password (based on slot 2 configuration). In case if you happen to touch and hold it longer for more than 5 seconds, the touch button indicator will flash rapidly without emitting any password.
As the second configuration slot of the YubiKey is left blank, you can program it to the YubiKey OTP mode, upload the AES Key to the online validation server and configure it to work with LastPass.
To program the second slot to work with online Yubico OTP validation server, please follow the steps below:
1) Download the install the latest Windows YubiKey Configuration Utility from the link below:
http://www.yubico.com/personalization-tool
2) Start the YubiKey Configuration Utility from Start > All Programs and click on Next
3) Insert your YubiKey to the USB port
4) From the "Quick links" menu select the "Configure a YubiKey for upload to the Yubico server" and click on next
5) Select the appropriate options and "Store in the second configuration (YubiKey 2 only)" and click on Next. This will reprogram your YubiKey as per the requirements of the AES Key upload functionality using random values for all the parameters. This will also open your default web browser and you will automatically redirected to the AES Key upload page
6) You need to provide the following information to the AES Key upload page:
a) "Your e-mail address:" :- Enter your Email address
b) "Serial number:" :- Enter the serial number of the YubiKey, printed on the sleeve of the YubiKey. If you don't know or don't
have access to the serial number, enter 0 (numeric zero) here
c) "YubiKey prefix:" :- Copy the Identity (prefix) from the YubiKey Configuration Utility and past it here
d) "Internal identity:" :- Copy the Internal identity from the YubiKey Configuration Utility and past it here
e) "AES Key:" :- Copy the AES Key from the YubiKey Configuration Utility and past it here
f) "OTP from the YubiKey:" :- Enter OTP from YubiKey
7) Provide the Captcha and press on the "Upload AES Key" button.
This will upload the AES Key to the Yubico OTP validation server. Please note that, the AES Key upload functionality takes some time to update all the corresponding databases so wait for 10-15 minutes before you try to validate the OTPs with the online Yubico OTP validation server.
This way you can use the same YubiKey with eBay/PayPal and LastPass.
Yubico also has a video that describes the steps required for uploading the AES Key. For more information, please visit the link below:
http://www.yubico.com/aes-key-upload
Using a YubiKey NEO with LastPass
You can now use your YubiKey NEO to authenticate LastPass on your Android based phones and mobile devices! You need to take a few steps to set this up properly. Once you have your YubiKey NEO:
1) You will need to program the NDEF2 URI into the YubiKey NEO. This is done with the "Original Windows personalization tool" found at http://www.yubico.com/personalization-tool . The URL you will need to use is: https://lastpass.com/mobile/?email=YOUREMAIL%40YOURDOMAIN&otp= .
2) Select the "Write an NDEF configuration (YubiKey NEO only)" option
3) Then select URI record type, identifier='https://' and URI string 'lastpass.com/mobile/?email=klas%40yubico.com&otp='
4) Press NEXT twice to get to the programming page and press the RUN button to write the NDEF2 string to your YubiKey NEO.
After that you will be ready to use LastPass with YubiKey NEO!
Video Tutorial for Using LastPass with YubiKey
Watch How Yubikey Makes LastPass Safer
Watch How to use LastPass with YubiKey NEO
TABLE OF CONTENTS
- Introduction
- Getting Started
- Password Manager Basics
- LastPass in Safari 5.1+
- Your LastPass Icon
- Your LastPass Vault
- Adding a Site
- Offline Access to your LastPass Vault
- Grouping Sites
- Generating a Password
- Password History
- Field Highlighting
- Secure Notes
- Multiple Logins
- Favorites
- Identities
- Sharing
- Linked Sites
- Toolbar Modes
- Right-Click Context Menu
- Changing Your Account Email
- Fill Form Basics
- Tools Menu
- Extension Preferences
- Account Settings
- Security Options
- Login Problems
- Account Recovery
- Bookmarklets
- LastPass Pocket
- LastPass Portable
- LastPass for iPad
- LastPass Wallet
- Upgrading to Premium
- Uninstalling & Deleting
- Installing the binary component for Safari or Opera
Full User Manual