LastPass, our favorite password manager, has just introduced support for two-factor authentication through Google Authenticator. Two-factor authentication is a form of security that requires a user to present a second form of confirmation before being able to log in to an account. We previously wrote about how, for Google accounts, that second form of authentication can come via a one-time code generated by the Authenticator app for iOS, Android, and Blackberry. That same app can now be used with LastPass.
The beauty of two-factor authentication is that your password is useless to a hacker if he doesn’t also have the second form of authentication (in this case, your phone, which is needed to generate the code). Without two-factor authentication, your account would still be susceptible to key loggers or fishing attacks, no matter how complex you’ve made your password. I’ve been using the Yubikey as a second form of authentication for my LastPass account, but that requires the purchase of the Yubikey, and also requires you to carry it around with you. Assuming that you keep your phone with you at all times, there’s almost no reason aside from convenience not to use Authenticator as a second form of authentication if you weren’t already using another two-factor authentication method.
Will support for Authenticator spur you to use two-factor authentication?
Introducing Support for Google Authenticator [LastPass blog]