Awesome video and info! Great tip with locking down the email account!

Great Quality Video! You deserve more subs. I can tell you put effort into your videos!

Thanks for the video. I use LastPass and want to add Yubikey 5 but when I try to add the key to Yubikey #1 and push the button, nothing is generated and inserted into the space. Any ideas why?

Nice video! 👍🏻

Thank you great video

can the same YubiKey be used for two different LastPass account-ids e.g. one for myself, one for my child?

@aaron6841

2 жыл бұрын

Absolutely can the key can be used on all your accounts

The needs to be a way of resetting I had a software OTP on a usb drive one day the drive stopped working and the are 3 accounts that need me to send in a copy of my passport before they will reset it my email is locked down with hardware keys so the needs to be a way for any accounts to KNOW you have a secure email so they can sent a reset code and if your email is NOT locked down then you have to send send in a copy of your passport / drivers license or birth certificate.

Which password manager are U using now?

@tristanbolton

3 жыл бұрын

I switched to Bitwarden for the additional security and love it. You can see how it works here: kzread.info/dash/bejne/hpesvNufhLLfido.html

Two-factor authentication uses backup codes in case you lose your phone or it's damaged or wiped. Does LastPass have backup codes for two-factor authentication?

@GG-kc6ie

2 жыл бұрын

Yes, it has one time passwords that you can generate and store/save somewhere secure so if you lose access to your 2fa you can use the one time password

Just a reminder to some people you can call most of your cellphone providers and they will let you put a code/pin on your account that wont let you transfer your phone number unless you provide that said code to the associate your on the phone with.

wait how can you get in without security key?

Bitwarden?

Nice job on the video. As I already have a Yubikey, this all makes sense. Yes, my Google account is secured using U2F. Still, it doesn't seem very smart of Lastpass to allow MFA to be bypassed using email. I would opt out of that it I could. Just make sure you have a backup of your QR code or a second key with it on. At least you have physical possession of those things. I don't actually use Lastpass. The solution I use allows me to keep only local copies of my database. There is no copy in the cloud. Keeping the database in the cloud is another practice that scares me a bit. I would keep your passwords there, but not mine. I will go along with you that Lastpass is better than a pen and paper....properly done, that is.

@tristanbolton

4 жыл бұрын

Yea, I agree that it seems like a bad design on Lastpass' part. If you're interested in a good password manager that you can host yourself, or use their cloud, I would suggest Bitwarden (I have a video on it). It is a really great system if you want to stay secure but not be tied to a local database

Curious which password manager he just switched to...

@tristanbolton

3 жыл бұрын

Hey - I ended up switching to Bitwarden. I have some videos in my channel if you're curious

@CaesarCapone

3 жыл бұрын

@@tristanbolton I will definitely subscribe and check them out. Thanks for the reply! Best wishes!

9:12 kek

Microsoft Authenticator is much better than Goolge's... because, Google Auth does not have the option to restore your accounts in the even that you get a new phone.. Even if you restore your Google apps, it will only restore the app itself, but not the data... Microsoft Auth has the ability to restore ALL the data when you install the app on another phone... I learned this the hard way and I will NEVER use Google Auth again.

@tristanbolton

3 жыл бұрын

Yes, having the restore is nice - Just know if a hacker gets access to your iCloud (for iOS) or Google account (for Andriod), they too can restore your codes to a cloned phone and use that to gain access. I've seen victims of this. Consider using a hardware key, like YubiKey

What if I don't have a smartphone?

@tristanbolton

3 жыл бұрын

Yubikey works on a computer or tablet as well, if that helps.

@manny7886

3 жыл бұрын

I have a smartphone but I don't use it to access my LastPass account. I prefer accessing my LastPass account using a computer like Chromebook.

@PongoXBongo

2 жыл бұрын

@@manny7886 Curious as to why you wouldn't want Lastpass access on your phone as well (you can do both with the same account). The LP Authenticator app can generate one-time passwords and push notifications (for some websites). Plus, you can still access your vault even if your primary computer is down or you're on the go, secured with your fingerprint (if your smartphone has that feature).

@manny7886

2 жыл бұрын

@@PongoXBongo - I just didn't like entering my long LastPass password in my smartphone. My old phone didn't support fingerprint. My new phone supports fingerprint and face ID but I already moved on and now using BitWarden. I am now using BitWarden on all my devices including my iPhone with Yubikey as my 2FA.

@PongoXBongo

2 жыл бұрын

@@manny7886 Ah, nice. The password thing makes sense. Glad to see you've now got a secure setup that you're happy with.

Keeper

You can't seem to take off sms lastpass backup so this video is useless?

@tristanbolton

3 жыл бұрын

It's been a little while since I was in Lastpass, so I'll have to try this out. Have you tried contacting lastpass support to see if they will remove it? You can also enter your UN/PW into lastpass and when it prompts you for the SMS code, click "lost device" or something like that. It will email you, click the link in the email and it will disable SMS. Be sure to setup the second factor with Yubikey as you won't have two factor after this. Good luck!

@mryan4452

3 жыл бұрын

@@tristanbolton thanks. I left lastpass. Now with bitwarden.

dashlane

@tristanbolton

3 жыл бұрын

Added to my list

Please change your thumbnail. Nothing is really hack proof this is just misleading.

@tristanbolton

3 жыл бұрын

Certianly nothing is 100% but these tips will give you the best chance someone trying to get access to your account