Today sees a new LastPass update being pushed out to iOS that enables users to log in to their LastPass Premium, Families, Teams and Enterprise accounts on their iPhone using the same Yubico YubiKey NEO hardware authentication key that they use on their desktop, laptop, or Android device.
Rather than having to remember a passphrase, users can simply tap they YubiKey NEO on the iPhone to authenticate.
“It’s absolutely critical to have a hardware-based root of trust, like the YubiKey, to establish an approved relationship between a mobile phone and the apps we use,” said Stina Ehrensvard, CEO and Founder, Yubico. “Mobile authentication methods, like SMS or push apps, cannot be considered as trusted second factors to authenticate in a mobile app setting. They can be spoofed by porting a number to a different mobile device or can be very unreliable at the mercy of the phone networks.”
“Integrating the Yubico SDK into the LastPass iOS app was a quick and painless process, mostly because the NFC API matched almost 1:1 with the Yubico SDK API,” said Akos Putz, Principal Product Manager for LastPass at LogMeIn. “We’re excited to offer this new authentication method for our iOS users right out of the gate, giving them another option for adding an extra layer of security to their LastPass vault.”
This is likely to be the first of many, as Yubico makes available an SDK to developers to enables rapid integration of YubiKey OTP authentication over NFC in any iOS mobile app.
For more information on YubiKey keys and how they can be used, see here. The YubiKey NEO costs $50.