One way to improve online account security is to use so called 2-step verification systems when they are offered by companies and services. Companies like Google, PayPal or Yahoo are already offering multifactor authentication systems to their users. These systems are optional for now and improve security by combining standard log ins with a second verification step. A mobile device is usually used for that second step, but other solutions (like PayPal’s ID Protection device) are available as well.
The password manager LastPass had been my password manager of choice before I switched to the Open Source password manager KeePass. LastPass supports multifactor authentication systems for some time now, for instance with the help of Yubikeys. But those usually came with a cost.
LastPass back in November introduced support for Google’s Authenticator app to add another multifactor authentication option to the service.
Google Authenticator is a mobile application for Android, iOS, Blackberry and Symbian devices that generates a temporary verification code that users need to enter when they log into LastPass from untrusted devices.
Google Authenticator needs to be linked to LastPass before the new security feature can be used. Here is how this is done.
- Google Authenticator needs to be installed on a mobile device. Google offers installation instructions for Android, iOS and Blackberry devices. Please note that you need to enable 2-step verification using the phone number as Google Authenticator cannot be setup otherwise.
- Once Google Authenticator is up and running properly, LastPass users need to visit this link to link the authenticator with their LastPass account. This is done by either scanning the displayed barcode with the mobile device, or by entering the Google Authentication key displayed on the website manually.
LastPass will from now on display a Google Authenticator Authentication page for log ins to the service from untrusted devices.
LastPass users then need to open the Google Authenticator app to generate a one-time verification code that they need to enter on the LastPass website. Users who require offline access to their LastPass password database can configure this during configuration. It is also possible to trust devices to avoid having to generate and enter verification codes on every log in.
Additional information about the setup are available on the LastPass Support website.
The new multifactor authentication adds a second layer of protection to the LastPass login process that makes it a lot harder for attackers to access a user’s password database.
© Martin Brinkmann for gHacks Technology News | Latest Tech News, Software And Tutorials, 2011. | Permalink |
Add to del.icio.us, digg, facebook, reddit, twitter
Post tags: lastpass, password manager, passwords, Security
0 comments:
Post a Comment