As a follow on to our earlier post on using LastPass for secure, access anywhere, password storage, if you’re nervous about all your passwords hiding behind just one password, LastPass makes it easy to set up a second login step, called “multi-factor authentication”. The two we’ve tried to date include:
- Google Authenticator – this works just like a bank security dongle, but on your phone. You install the Google Authenticator app and open it each time you need to login to LastPass. It displays a unique code which is good for about 20 seconds and which you need to enter as well as your normal password. Google Authenticator is free and also works with other services like Gmail, DropBox and Amazon.
- YubiKey – this is a physical (USB) key that you slot into your computer when logging into LastPass. It’s a bit quicker than copying the Google code, but you’ll need to have that key with you when logging in. Yubikeys cost about $30.
Both were easy to set up and LastPass has a process to get you un-stuck if for some reason you can’t access your key or phone when you need to login.
With most businesses increasing their use of cloud software, and many adopting cloud accounting packages like Xero and its many add-ons, people are finding it difficult to keep track of passwords (or just using the same one everywhere). We wrote a while back about the tool LastPass which is great at generating and storing strong passwords, and then automatically and securely populating login screens and forms as you work. It’s a great tool that we highly recommend, especially when we continually read stories like this about our passwords being compromised.
