On LastPass After I lost the 2-factor Grid

So, since the first of the year, I've been a happy LastPass user, using the browser integrations in Chrome and Firefox.  It's great:
  • I never need to type a password --> Especially handy if you're projecting on screen.
  • I never reuse a password across sites --> Even salted, hashed password files can get compromised.
  • The 'Generate Password' feature lets me generate an arbitrary length password of arbitrary complexity--> Not vulnerable to dictionary attacks.
  • You can use a neat 2-factor authentication system.
I've also enabled 2-factor auth wherever I can (Google Profile, Twitter, etc.).

However, the thing with a two-factor authentication system is, you must have both factors to log-in.  In my case, factor 1 is my master lastpass password, which I have to enter whenever I launch a new browser.  This is something I know.  Factor 2 is an alphanumeric grid that lastpass generated for me and that I have with me in my wallet.  This is something I possess.

It's all well and good, right up until I opened my wallet this morning and saw I didn't have my grid with me.  Looking online, the way LastPass sends you a cancellation link for two-factor is via your email address.  My email is....stored behind my Google Profile on Gmail, itself protected by 2-factor auth, one of which is a 20-character LastPass password.  Stuck.

My recovery for my personal gmail is my work Gmail, protected behind....you get the idea.

I was stuck.

The only thing that saved me was my work login is resettable internally via a hotline, so i reset that (they left the uber-secure reset password on my voice mail, protected behind a PIN).  From there I began the cascade:
  1. I reset my gmail.
  2. I reset my lastpass to remove the 2-factor
  3. I re-engaged 2-factor with a new grid
  4. I regenerated my Google profile password
  5. I regenerated my work passsword
Through it all, LastPass worked as advertised.  But I'd just about 'secured' my way out of any possibility of logging-in to work this morning.

Fun times.  Gotta love security!

Comments

Post a Comment

Popular posts from this blog

Review: The Southeast Christian Church Easter Pageant

Easter Pageant?! What is this, amateur hour? Who cares about some piddly church passion play? What's next, "Best Little Christmas Pageant Ever"? How's this for Piddly: Two professional composers, a 9000 seat auditorium, 75,000 tickets over a month-long run, a 300 person chorous, two IMAX-size video screens. Traditionally, Southeast's Easter Pageant has been the biggest theatrical production in Louisville. They took a year off to retool and rework it, comissioning a rework from the ground up. Whereas the previous iteration had been a "cast of thousands" broadway-style production, they wanted something...different. Hoo-boy, it was different. Let's talk about "theatre" that is 1/2 movie, 1/2 live action. Apparently, they shot it at a quarry during last year's drought, and it looks pretty good. Still, I didn't like it...distracting and interrupts the flow. Likes It's not the same program they've put on for
Read more

Driving for the Cure...? (Or, how I got blacklisted...)

Image
Let me summarize: I got asked to leave and not come back. I was asked to LEAVE A CHARITY EVENT and not return. This is not a proud story, but I'm learning to deal with it. Here goes: I got to Don Jacobs BMW around 1:15 and signed my waiver with my information (including my cell phone #). They had all sorts of BMW's to drive, from Z4 roadsters to 3-, 5-, 6-, and 7-series cars, all with different engines and Rear- and All-wheel-drive configurations. I was in heaven. The place was busy, but I was interested in driving only one car for my first drive, a BMW 335i coupe (E92 in BMW parlance). This was THE car, BMW's first turbo passenger car in 20+ years, twin-turbocharged and tractable. So, I put my name in and waited patiently, watching the crew of permatan 20-somethings shuffling people in and out of the 18 cars, wagons, and SUVs they brought. This was a much bigger event than the last one I attended on a lark back in 2001. After about an hour, Gal in the White Cap ca
Read more

No, I don't have Connective Tissue Disorder

subtitle: OWWWWWWWWW! So, Whitney and I were hanging out last night, practicing some of her Bradly exercises, specifically Tailor Sitting . As we sat there, we were discussing flexibility and she said I should lean forward from my 90-degree position as far as I could. I leaned at about a 45 degree angle and finally felt a little stretch in my behind, so I kept going. Turns out, I could bend all the way forward, still in the seated position and touch my nose to the carpet. She was suitably impressed... ...Then I got up this morning, and every piece of connective tissue from my lower back to my knees hurt. =-) Seems I'm not that flexible, after all.
Read more