Yubikey with Lastpass

I’m not sure I understood what I read on Last Pass. It seemed like in order to make it simple for a non- techie, you’d have to have a paid L P account, not a free one. I gave up on the idea because Last Pass’s description was far to technical for me to understand exactly how to set it up and use it. Is there a better description of the process?

I use StickyPass and also the upgrade which allows me to sync the database to multiple devices. You can compare the free with the upgrade. If you are concerned, you can just keep a local copy only. Sticky Password uses the following symmetric encryption algorithm: AES. A block-cipher symmetric algorithm with a key length of 256 bits. This algorithm guarantees a high level of security and is one of the most commonly used.

As an alternative, if you have a Samsung phone you may have the SECURE FOLDER. Secure Folder creates a private, encrypted space on your Samsung Galaxy smartphone by leveraging the defense-grade Samsung Knox security platform.

Decades ago I was working for Hewlett Packard and would need to access protected computers from home via either ‘dialup’ or Internet. I was issued a securecard which wa a metal credit card size device. It had a clear window and some buttons. When prompted by the remote computer I would press the button and the display would show a sequence of numbers I would enter to be granted access. It was an encrypted device that used the (I assume) current time and my card serial number to generate the code. The code displayed was good for a certain number of seconds before it changed to the next code. It worked quite similar to the online version of cellphone apps I use like VIP ACCESS, Google Authenticator, Microsoft Authenticator, Authy and so on.

Yubikeys are great. I use one myself. But, I would never be cavalier about my user name and password on the assumption that the 2FA is perfect. If it was perfect, why bother with logon IDs and passwords at all? 2FA is another layer of protection. But, it can be worked around if for example, an insider accidentally or intentionally negates it. Nothing is perfect.

True, but more security levels the better. My Yubikey never leaves the house, but one video on the Yubikey site baffles me. It shows how you can use the Yubikey to lock / unlock your smart phone.

But but but, then you would have to carry your phone AND the Yubikey…!!

Sounds like having your passwords printed on a post-it note on the computer.

The next generation of authentication security is Passkeys. I am waiting to see how widely they get adopted before moving that direction.

I tried to understand them but gave up.
I’ll wait until, “Passkeys for Dummies.”