Thursday, April 24, 2014

Travel Gear: One-Time Password Generator

My smartphone and tablet make it easy to access my Internet accounts, maybe too easy: what happens if my devices fall into the wrong hands, or if a username and password are somehow intercepted?

On my most recent trip, I used a YubiKey Neo one-time password (OTP) generator.

My usernames and passwords are generated and managed by a password manager, LastPass. The passwords cannot be decrypted without my LastPass password, known only to me, and a one-time password that cannot be reused.

Here's how I access my Internet accounts:
  1. Hold the YubiKey against the back of the device. (I can also use the YubiKey on a regular computer by inserting it into a USB port.)
  2. Touch the circle in the middle of the key. This wirelessly communicates a single-use password via NFC (near-field communication).
  3. Enter LastPass password into the window that pops up.
LastPass then automatically supplies usernames and passwords when I want to log into an app or a Web site.

It's really that easy: fewer taps than hand-entering a username and password.

Usernames and passwords are stored encrypted on my devices and on LastPass servers. LastPass only stores a one-way hash of the LastPass password, not the actual password. If LastPass servers are compromised, my usernames and passwords cannot be decrypted. (OK, maybe by the NSA!)

1 comment:

  1. Super-Duper site! I am Loving it!! Will come back again, Im taking your feed also, Thanks. travel journal