On LastPass After I lost the 2-factor Grid

So, since the first of the year, I've been a happy LastPass user, using the browser integrations in Chrome and Firefox.  It's great:
  • I never need to type a password --> Especially handy if you're projecting on screen.
  • I never reuse a password across sites --> Even salted, hashed password files can get compromised.
  • The 'Generate Password' feature lets me generate an arbitrary length password of arbitrary complexity--> Not vulnerable to dictionary attacks.
  • You can use a neat 2-factor authentication system.
I've also enabled 2-factor auth wherever I can (Google Profile, Twitter, etc.).

However, the thing with a two-factor authentication system is, you must have both factors to log-in.  In my case, factor 1 is my master lastpass password, which I have to enter whenever I launch a new browser.  This is something I know.  Factor 2 is an alphanumeric grid that lastpass generated for me and that I have with me in my wallet.  This is something I possess.

It's all well and good, right up until I opened my wallet this morning and saw I didn't have my grid with me.  Looking online, the way LastPass sends you a cancellation link for two-factor is via your email address.  My email is....stored behind my Google Profile on Gmail, itself protected by 2-factor auth, one of which is a 20-character LastPass password.  Stuck.

My recovery for my personal gmail is my work Gmail, protected behind....you get the idea.

I was stuck.

The only thing that saved me was my work login is resettable internally via a hotline, so i reset that (they left the uber-secure reset password on my voice mail, protected behind a PIN).  From there I began the cascade:
  1. I reset my gmail.
  2. I reset my lastpass to remove the 2-factor
  3. I re-engaged 2-factor with a new grid
  4. I regenerated my Google profile password
  5. I regenerated my work passsword
Through it all, LastPass worked as advertised.  But I'd just about 'secured' my way out of any possibility of logging-in to work this morning.

Fun times.  Gotta love security!


Popular posts from this blog

Weird Software Engineering Proverbs

Things I Really Wish I Knew about LOVE

"Past it"? On (Maybe) Losing a Step