Simple, Secure Authentication with YubiKey

A YubiKey is a key to your digital life. A small, physical device you plug into your computer or connect to your phone via NFC, Yubikey provides an additional layer of security to your online accounts and services by requiring a hardware key for login – a process called two-factor authentication (2FA) or multifactor authentication (MFA).

This hardware-based approach mitigates the risk of unauthorized access, making it an indispensable tool for safeguarding sensitive information in an increasingly digital world. Its security capabilities and simplicity make YubiKey a preferred choice for users prioritizing digital safety.

Millions of people worldwide trust Lastpass and Yubico to protect their online accounts. Together, they provide a solution which eliminates password fatigue and provides an easy, secure way to access passwords at home.

Learn more about the setup, compatible YubiKeys at Yubico website

• For passwordless login: users with any LastPass plan, including Free, can use YubiKey for passwordless vault access.
• For multifactor authentication: only users with a LastPass Premium, Families, Teams, or Business account can use YubiKey for MFA (including trial period).

No. While you can store some passwords on a YubiKey device, not all websites support YubiKey authentication. Additionally, you cannot store personal information like banking information, secure notes, or personal documents and securely share them as in LastPass.

As a FIDO2-certified key, YubiKey can become your additional layer of protection to your LastPass vault through multifactor authentication (MFA). And now, it is also an option for passwordless login to access your LastPass vault.

• While LastPass supports up to five (5) YubiKeys for use with your LastPass account, only the YubiKey in Slot 1 will be used for authentication when logging in to your vault when in offline mode.
• Also, YubiKey does not support passwordless login to the vault on mobile; rather, on mobile it only supports enablement of multifactor authentication.

FIDO2 (Fast Identity Online 2) authentication is an open authentication standard developed by the FIDO Alliance that provides a more secure and convenient way to log in to online services, including the LastPass password manager vault. LastPass, as a FIDO Alliance board-level member, helps to develop specifications and raise awareness of this technology.

FIDO2 relies on public-key cryptography, which is much more secure than traditional password-based authentication. Instead of using a password that can be easily compromised or forgotten, FIDO2 uses a private key stored securely on the user's device and a public key registered with the online service. This ensures the user's credentials remain protected even if the service's database is breached. Like the LastPass zero-knowledge model, private keys never leave the user’s device and are never stored to the server.

Learn more about FIDO2

Phishing-resistant MFA is an authentication process which protects your accounts against attackers as well as stopping you from revealing login information to unverified sources and websites. Phishing-resistant MFA requires a few qualities:

• It needs to rely on a user’s identity for authentication.
• Authentication can only ever be performed by a private key, which is usually hardware.
• Authentication cannot be completed by someone impersonating a user or their hardware key.
• Authentication is only approved by the user, who must initiate and authorize the login.

YubiKey is phishing-resistant because it is a FIDO2-certified hardware key which is physically used by a user to authenticate their and identity and authorize access.

Learn more about phishing-resistant MFA