On LastPass After I lost the 2-factor Grid

So, since the first of the year, I've been a happy LastPass user, using the browser integrations in Chrome and Firefox.  It's great:
  • I never need to type a password --> Especially handy if you're projecting on screen.
  • I never reuse a password across sites --> Even salted, hashed password files can get compromised.
  • The 'Generate Password' feature lets me generate an arbitrary length password of arbitrary complexity--> Not vulnerable to dictionary attacks.
  • You can use a neat 2-factor authentication system.
I've also enabled 2-factor auth wherever I can (Google Profile, Twitter, etc.).

However, the thing with a two-factor authentication system is, you must have both factors to log-in.  In my case, factor 1 is my master lastpass password, which I have to enter whenever I launch a new browser.  This is something I know.  Factor 2 is an alphanumeric grid that lastpass generated for me and that I have with me in my wallet.  This is something I possess.

It's all well and good, right up until I opened my wallet this morning and saw I didn't have my grid with me.  Looking online, the way LastPass sends you a cancellation link for two-factor is via your email address.  My email is....stored behind my Google Profile on Gmail, itself protected by 2-factor auth, one of which is a 20-character LastPass password.  Stuck.

My recovery for my personal gmail is my work Gmail, protected behind....you get the idea.

I was stuck.

The only thing that saved me was my work login is resettable internally via a hotline, so i reset that (they left the uber-secure reset password on my voice mail, protected behind a PIN).  From there I began the cascade:
  1. I reset my gmail.
  2. I reset my lastpass to remove the 2-factor
  3. I re-engaged 2-factor with a new grid
  4. I regenerated my Google profile password
  5. I regenerated my work passsword
Through it all, LastPass worked as advertised.  But I'd just about 'secured' my way out of any possibility of logging-in to work this morning.

Fun times.  Gotta love security!

Comments

Post a Comment

Popular posts from this blog

Review: The Southeast Christian Church Easter Pageant

Easter Pageant?! What is this, amateur hour? Who cares about some piddly church passion play? What's next, "Best Little Christmas Pageant Ever"? How's this for Piddly: Two professional composers, a 9000 seat auditorium, 75,000 tickets over a month-long run, a 300 person chorous, two IMAX-size video screens. Traditionally, Southeast's Easter Pageant has been the biggest theatrical production in Louisville. They took a year off to retool and rework it, comissioning a rework from the ground up. Whereas the previous iteration had been a "cast of thousands" broadway-style production, they wanted something...different. Hoo-boy, it was different. Let's talk about "theatre" that is 1/2 movie, 1/2 live action. Apparently, they shot it at a quarry during last year's drought, and it looks pretty good. Still, I didn't like it...distracting and interrupts the flow. Likes It's not the same program they've put on for...
Read more

Rant On getting smacked down...

Image
So, you live in an organization for 10 years, and you acquire a certain rep. A reputation as a maverick, a guy who's not too wrapped-up in procedure, kowtow'ing, and career. You've said some things in meetings that were career-limiting, but damn it, they were the RIGHT THINGS. Sure, you broke into someones computer once to get their hard drive so you could deliver the code she REFUSED TO CHECK IN before going on vacation. Sure, you telnet'd in to a running test server to see if your hack worked and could save everyone working the weekend (it didn't, you hosed the test run, and you worked round the clock that weekend). Sure, you've slapped your head at stupidity (both in others and your own), and welcome anyone who'll do the same. However, 10 years, several promotions, two kids, a mortgage, and a car payment tend to make you forget who you are. For one sparkling moment this morning, you remembered. You asked an innocent email question last night to a te...
Read more

"Spiderman 3"...WHY?!

Spiderman 3 is a boring mess. The story is a mishmash of plotlines, centering around the three (yes, THREE) villains -- Goblin Jr., Sandman, and Venom. Overlong, the film languishes in its many plots, opening with Spidey wounding his friend Harry Osborne, now the reborn Green Goblin, then sauntering to the Sandman, and the Venom super-spidey suit. There's no discernible momentum until Mary Jane calls it quits with Peter, who's been quite an ass, though she herself has been a needy baggage for 4 reels. In any case, this sets off a battle between Harry and Peter, and FINALLY some action. Had the movie begun here and run for a tight 85 minutes, cutting out the Sandman character altogether, it would've been awesome. As it stands, this bloated ($300 million) mess has probably killed its franchise. * * * Also, I need to remind myself that I get sick if I eat too much popcorn.
Read more