Earlier this year…
I made a few suggestions about your password safety. One of the things I recommended, and still do, is LastPast, which you can find here, ghtech.site/lp-howto.
Here is a very quick review of LastPass. It allows you to save your login credentials, such as usernames and passwords to the app. You create one super-duper hard password to get into it. Then it will prefill your needed information as you tell it to fill it in at a site. That way it allows you to use much more difficult, not easy to remember passwords which it will fill in when needed. It yields much better security.
Now I also mentioned Two-Factor Authentication or 2FA. 2FA allows you to receive a six-digit code on your phone after you enter your credentials to verify a second time you are who you say you are. Even better security, especially on your major accounts.
There is possibly a higher version of security
from Yubico, Yubico.com. Their first “Yubikey” which is their main product hit the market in 2008. It is a physical key that plugs into a USB port on any of your computers. The one that I purchased, a YubiKey 5 NFC, is slightly smaller than a USB thumb drive.
If/when you get one they have excellent documentation on their site, listed above. To use one, you plug it into your computer’s USB port and go through a quick registration. Once done go to a website you want to add to the key and log in. The site will then have its instructions on how to set up 2FA for that specific site. This has nothing to do with Yubikey yet. But once done with 2FA on the site you may then step through the Yubikey process which recognizes most sites I have tried, and records the 2FA abilities of that site.
The next time you log in you need to have your Youbikey plugged into your computer. It does not have to be the same computer you set it up on. The reason is that 2FA is for the site and carries to any computer you use to log into your account.
Once the key is in the site will pop up a message saying something similar to touch the lit button on your Yubikey to login. If you have the key you are in, if you are someone trying to hack your site you cannot get in. Simple, safe, and secure!
Now, I have been using it
for a month or so and have had only one problem…a couple of times. Not with Yubikey but due to folly on my part. So I first got my Yubikey and I set it up at home one night on many of my sites that already require 2FA. I used it in combination with my LastPass account so that it would have to have 2FA for me to get to my list of passwords. I thought, “Great move!”
The next morning I get to work. I start getting things ready for the day, checking emails, and begin resolving a few issues that occurred overnight. Then I needed a password from LastPass to log into a site for work. I looked up and thought, “Cool! I get to use the key at work.” However, it was still plugged into my computer at home. No, go on LastPass.
I did recover and found
that you can uninstall an account from your Yubikey if needed. So I did the security things needed, received some emails, answered several security questions, etc. to prove who I was and in about five or so minutes I was back into LastPass and all was well.
By-the-way, my LastPass account and the Yubikey cost me money. Can you believe it, me, Ron Doyle spent money on something? Although, I think they are both worth it.