AUTHENTICATION

What is a YubiKey?

LastPass understands that the evolving cybersecurity landscape needs security solutions that outsmart hackers. The YubiKey is a phishing-resistant step between bad actors and your vault.

No credit card required for trial. After the trial, LastPass Business is $7 per user/month.

illustration_left-hero_yubikey-yubico-svg

The benefits of using a YubiKey with LastPass

icon-s-light_illustrative_autofill-svg

Phishing-resistant multifactor authentication

Using a YubiKey with LastPass adds an extra layer of security through hardware-based two-factor authentication. This significantly reduces the risk of phishing attacks and unauthorized access, ensuring your sensitive data remains safe.

icon-s-light_illustrative_shadow-it-umbrella-svg

Friction-free and convenient authentication

A YubiKey simplifies securing your password vault, all while making it easier to log in. Your YubiKey travels with you, wherever you go, allowing you access your vault through a passwordless login.

icon-s-light_illustrative_share-password-secure-svg

Enhanced compliance for Enterprises

A YubiKey helps businesses meet regulatory compliance requirements, such as GDPR, HIPAA, and PCI-DSS, by providing strong, multifactor authentication. This ensures your organization adheres to industry standards and safeguards sensitive data.

icon-s-light_illustrative_dark-web-monitoring-radar-svg

Centralized management for IT teams

By integrating a YubiKey with LastPass, IT can centrally manage authentication credentials. This streamlined approach simplifies user management, enhances security, and reduces admin’s overhead, making it an ideal solution for enterprises.

How a YubiKey works

The YubiKey is a FIDO2- and WebAuthn-compliant multifactor authentication (MFA) hardware security key. Like advanced authentication methods like biometric MFA, a YubiKey protects you by giving you a physical key you must insert into your device’s USB port to authenticate yourself. Users with NFC-enabled phones can even use a YubiKey for their smartphone: just tap the YubiKey against the phone to complete authentication.

Where can you use a YubiKey  

The YubiKey 5 series, the latest, strongest version of YubiKey, comes in various formats, including . The most preferred of the series is the YubiKey 5 NFC (near field communication), which is available for connection with USB-A, USB-C, Lightning, and NFC-supported hardware. The YubiKey 5 FIPS (Federal Information Processing Standards) is also available for government and regulated organizations that must meet strict security protocols.   

Best of all, a YubiKey can be used in tandem with other cybersecurity solutions, including a LastPass password manager.

illustration_8col_white-yubikey-mfa-mobile-login-svg

 

The Yubikey as multifactor authenticator

LastPass users can enable the YubiKey as a two-factor authentication device to access their vaults, by plugging the key into a device’s USB outlet or using its NFC capabilities. 

A YubiKey works seamlessly with LastPass Premium, Families, Teams, and Business plans. It is also available on all major browsers and across multiple platforms (iOS and Android) with the LastPass mobile app.

How to set up YubiKey multifactor authentication


illustration_8col_yubikey-passwordless-login-chrome-web-vault-svg

 

Passwordless desktop vault access with a YubiKey

Users can enable passwordless login to their password vault by using a YubiKey 5 series hardware key, all thanks to its FIDO2-certified software.  

The process is simple, too. All you need to do is enable passwordless login – for each trusted device – within your account settings. From there, the next time you need to access your vault, you’ll be prompted to insert your registered YubiKey into your device to log in to your vault. With a YubiKey 5 NFC hardware key, you’ll be able to log in to your vault, free from passwords, whether on an Android smartphone, Windows desktop, or Apple device.  

How to set up USB security key for passwordless login in LastPass


YubiKey as passkeys vault

YubiKey devices will continue to play a role in LastPass’ journey towards a passwordless future. Yubikey’s FIDO2 and WebAuthn standards support and enable secure authentication using passkeys. At this time, YubiKeys can store up to 25 passkeys.

Explore other LastPass features

Workstation MFA

Extend LastPass MFA to your workstation for streamlined logins and enhanced security.


Multifactor authentication (MFA)

Enhance security by requiring extra verification methods after your login credentials.

Passwordless vault login

Seamlessly access your password vault without typing out your master password.

Frequently asked questions

What is YubiKey?

A YubiKey is a key to your digital life. A small, physical device you plug into your computer or connect to your phone via NFC, Yubikey provides an additional layer of security to your online accounts and services by requiring a hardware key for login – a process called two-factor authentication (2FA) or multifactor authentication (MFA).

This hardware-based approach mitigates the risk of unauthorized access, making it an indispensable tool for safeguarding sensitive information in an increasingly digital world. Its security capabilities and simplicity make YubiKey a preferred choice for users prioritizing digital safety.

Millions of people worldwide trust Lastpass and Yubico to protect their online accounts. Together, they provide a solution which eliminates password fatigue and provides an easy, secure way to access passwords at home.

Learn more about the setup, compatible YubiKeys at Yubico website

Which LastPass plans support YubiKey?

  • For passwordless login: users with any LastPass plan, including Free, can use YubiKey for passwordless vault access.
  • For multifactor authentication: only users with a LastPass Premium, Families, Teams, or Business account can use YubiKey for MFA (including trial period).

Can YubiKey replace a password manager?

No. While you can store some passwords on a YubiKey device, not all websites support YubiKey authentication. Additionally, you cannot store personal information like banking information, secure notes, or personal documents and securely share them as in LastPass.

As a FIDO2-certified key, YubiKey can become your additional layer of protection to your LastPass vault through multifactor authentication (MFA). And now, it is also an option for passwordless login to access your LastPass vault.

Are there limitations to YubiKey?

While LastPass supports up to five (5) YubiKeys for use with your LastPass account, only the YubiKey in Slot 1 will be used for authentication when logging in to your vault when in offline mode.

Also, YubiKey does not support passwordless login to the vault on mobile; rather, on mobile it only supports enablement of multifactor authentication.

What is phishing-resistant MFA?

Phishing-resistant MFA is an authentication process which protects your accounts against attackers as well as stopping you from revealing login information to unverified sources and websites. Phishing-resistant MFA requires a few qualities:

  • It needs to rely on a user’s identity for authentication.
  • Authentication can only ever be performed by a private key, which is usually hardware.
  • Authentication cannot be completed by someone impersonating a user or their hardware key.
  • Authentication is only approved by the user, who must initiate and authorize the login.

YubiKey is phishing-resistant because it is a FIDO2-certified hardware key which is physically used by a user to authenticate their and identity and authorize access.

Learn more about phishing-resistant MFA

How long will a YubiKey last

A YubiKey can technically last (almost) forever. YubiKeys do not require batteries; instead, they run on power output by USB ports, so you never have to worry about replacing a power unit. The current security algorithms allow YubiKeys to be usable for over 30 years, so they should last you longer than a single device.

And while accidents do happen – a spilled cup of coffee, slipping on a patch of ice on your way to the office, a teething puppy – YubiKeys are designed with durability in mind: YubiKey hardware keys have an IP68 water resistant rating and are dustproof and crush resistant.  

However, if you happen to lose or damage your YubiKey, you can simply contact Yubico and ask for a replacement.

Can a YubiKey be used on multiple devices?

Yes. A YubiKey device can be used on as many devices as can support it. YubiKey 5 NFC devices come in two variants, as a USB-C and USB-A security key. If you own devices from different makers, such as Apple and Microsoft, chances are your devices have different types of USB slots.

What are other functionalities of the YubiKey?

The functionality of a YubiKey as a two-factor authentication and passwordless login device have been mentioned at length, but it has even more use cases. A YubiKey can be used for multifactor authentication protocols like one-time passwords (OTP) and smart cards. 

With OTP enabled, the YubiKey interacts with your device – no matter the operating system, whether MacOS, Windows, or Linux – to implement OTP authentication for heightened security. Additionally, the YubiKey can act as a smart card reader via different authentication protocols, including PIV, OPENPGP, and OATH. YubiKey’s OTP and smart card capabilities can be used together to protect sensitive systems against unauthorized access. 

Moreover, the YubiKey Bio series is available, which allows users to combine both OTP with fingerprint scan technology for heightened security. 

Don't see your questions here? Visit Support Center.

Get started with LastPass Business

No credit card required for the trial. After the free 14-day trial, Business is $7 per user/month.