I failed to find the documents on their website that provide more detailed information relevent to security analysis. My research of YubiKey for my original answer was shallow. No system will be invulnerable but you may find the advantages of using Lastpass + Yubikey outweighs the risks for you. If you or the service discovers the compromise this gives you time at a minimum.ĭo a quick threat model, understand your risk appetite. The whole point of two-factor is that even if one factor is compromised they still require the other. Using Yubikey and a strong master password greatly improves the security of whatever you store in Lastpass. Using a password manager is better than not using one and is a simple, cheap solution to improve the security of virtually any application/service you need a password for. The question is: are the risks acceptable to you? Refer to a sample attack tree for defeating two-factor: After all, if RSA got hacked and the attackers were able to use this to get into military contractors then no two-factor mechanism is invulnerable. Yubikey, as states, could also be vulnerable. So yes all software can have vulnerabilities.
Lastpass has had a XSS vulnerability and a suspected intrusion recently. Who are you concerned would want your passwords? Opportunistic attackers or targeted governments / organized crime?.Are you storing the whole password in there or a unique value to which you add a passphrase?.
What passwords are you protecting in Lastpass?.The complex answer: it depends on your threat model and risk appetite.
0 kommentar(er)
