How to secure your LASTPASS account like a pro | YubiKey Tutorial
HTML-код
- Опубликовано: 10 фев 2025
- What's the key to securing your password vault? This security tutorial will show you how to lock down your Lastpass account - one of your most important assets to protect - like a pro using a physical token like a YubiKey.
#HackProofLastPassAccount #YubiKey #Security #TristanBolton
LINKS* -
Buy YubiKey 5 NFC (US Amazon): amzn.to/2QKBG6z (affiliate)
Buy YubiKey 5 NFC (Canadian Amazon): amzn.to/3buvQ0X (affiliate)
Yubico Products: www.yubico.com...
Yubico Authenticator: www.yubico.com...
LastPass: www.lastpass.com/
Other Videos -
How to secure your GMAIL account like a pro: • How to secure your GMA...
How to secure your DROPBOX account like a pro: • How to secure your DRO...
How to secure your AWS account like a pro: • How to secure your AWS...
SUBSCRIBE for more videos in the series!
Leave a COMMENT below for what you'd like to see a tutorial on :)
----
Instagram - / tristan.bolton
Twitter - / tristanbolton
Facebook - / tristan-bolton-8700984...
Website - tristanbolton....
Thanks Guys! Have a great day! 😊
*Just a quick FYI - as an Amazon Associate I earn from qualifying purchases. Thanks!
Awesome video and info! Great tip with locking down the email account!
Thanks for the video. I use LastPass and want to add Yubikey 5 but when I try to add the key to Yubikey #1 and push the button, nothing is generated and inserted into the space. Any ideas why?
Which password manager are U using now?
I switched to Bitwarden for the additional security and love it. You can see how it works here: ruclips.net/video/TcxZyfTOyYw/видео.html
Just a reminder to some people you can call most of your cellphone providers and they will let you put a code/pin on your account that wont let you transfer your phone number unless you provide that said code to the associate your on the phone with.
can the same YubiKey be used for two different LastPass account-ids e.g. one for myself, one for my child?
Absolutely can the key can be used on all your accounts
The needs to be a way of resetting I had a software OTP on a usb drive one day the drive stopped working and the are 3 accounts that need me to send in a copy of my passport
before they will reset it my email is locked down with hardware keys so the needs to be a way for any accounts to KNOW you have a secure email so they can sent a reset code
and if your email is NOT locked down then you have to send send in a copy of your passport / drivers license or birth certificate.
Two-factor authentication uses backup codes in case you lose your phone or it's damaged or wiped. Does LastPass have backup codes for two-factor authentication?
Yes, it has one time passwords that you can generate and store/save somewhere secure so if you lose access to your 2fa you can use the one time password
Thank you great video
Nice job on the video. As I already have a Yubikey, this all makes sense. Yes, my Google account is secured using U2F. Still, it doesn't seem very smart of Lastpass to allow MFA to be bypassed using email. I would opt out of that it I could. Just make sure you have a backup of your QR code or a second key with it on. At least you have physical possession of those things. I don't actually use Lastpass. The solution I use allows me to keep only local copies of my database. There is no copy in the cloud. Keeping the database in the cloud is another practice that scares me a bit. I would keep your passwords there, but not mine. I will go along with you that Lastpass is better than a pen and paper....properly done, that is.
Yea, I agree that it seems like a bad design on Lastpass' part.
If you're interested in a good password manager that you can host yourself, or use their cloud, I would suggest Bitwarden (I have a video on it). It is a really great system if you want to stay secure but not be tied to a local database
Nice video! 👍🏻
Curious which password manager he just switched to...
Hey - I ended up switching to Bitwarden. I have some videos in my channel if you're curious
@@tristanbolton I will definitely subscribe and check them out. Thanks for the reply! Best wishes!
Bitwarden?
wait how can you get in without security key?
dashlane
Added to my list
What if I don't have a smartphone?
Yubikey works on a computer or tablet as well, if that helps.
I have a smartphone but I don't use it to access my LastPass account. I prefer accessing my LastPass account using a computer like Chromebook.
@@manny7886 Curious as to why you wouldn't want Lastpass access on your phone as well (you can do both with the same account). The LP Authenticator app can generate one-time passwords and push notifications (for some websites). Plus, you can still access your vault even if your primary computer is down or you're on the go, secured with your fingerprint (if your smartphone has that feature).
@@PongoXBongo - I just didn't like entering my long LastPass password in my smartphone. My old phone didn't support fingerprint. My new phone supports fingerprint and face ID but I already moved on and now using BitWarden. I am now using BitWarden on all my devices including my iPhone with Yubikey as my 2FA.
@@manny7886 Ah, nice. The password thing makes sense. Glad to see you've now got a secure setup that you're happy with.
You can't seem to take off sms lastpass backup so this video is useless?
It's been a little while since I was in Lastpass, so I'll have to try this out.
Have you tried contacting lastpass support to see if they will remove it?
You can also enter your UN/PW into lastpass and when it prompts you for the SMS code, click "lost device" or something like that. It will email you, click the link in the email and it will disable SMS.
Be sure to setup the second factor with Yubikey as you won't have two factor after this.
Good luck!
@@tristanbolton thanks. I left lastpass. Now with bitwarden.
Microsoft Authenticator is much better than Goolge's... because, Google Auth does not have the option to restore your accounts in the even that you get a new phone.. Even if you restore your Google apps, it will only restore the app itself, but not the data... Microsoft Auth has the ability to restore ALL the data when you install the app on another phone... I learned this the hard way and I will NEVER use Google Auth again.
Yes, having the restore is nice - Just know if a hacker gets access to your iCloud (for iOS) or Google account (for Andriod), they too can restore your codes to a cloned phone and use that to gain access. I've seen victims of this.
Consider using a hardware key, like YubiKey
9:12 kek
Keeper
Please change your thumbnail. Nothing is really hack proof this is just misleading.
Certianly nothing is 100% but these tips will give you the best chance someone trying to get access to your account