![]() My research of YubiKey for my original answer was shallow. No system will be invulnerable but you may find the advantages of using Lastpass + Yubikey outweighs the risks for you. If you or the service discovers the compromise this gives you time at a minimum.ĭo a quick threat model, understand your risk appetite. The whole point of two-factor is that even if one factor is compromised they still require the other. Using Yubikey and a strong master password greatly improves the security of whatever you store in Lastpass. Using a password manager is better than not using one and is a simple, cheap solution to improve the security of virtually any application/service you need a password for. The question is: are the risks acceptable to you? Refer to a sample attack tree for defeating two-factor: After all, if RSA got hacked and the attackers were able to use this to get into military contractors then no two-factor mechanism is invulnerable. Yubikey, as states, could also be vulnerable. So yes all software can have vulnerabilities. Lastpass has had a XSS vulnerability and a suspected intrusion recently. Who are you concerned would want your passwords? Opportunistic attackers or targeted governments / organized crime?.Are you storing the whole password in there or a unique value to which you add a passphrase?.What passwords are you protecting in Lastpass?.The complex answer: it depends on your threat model and risk appetite.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |