support for plug-up fido-U2F Security Key

Tell us what features would make LastPass even better and vote for features that are most important to you

Moderators: admin, anatoly_LP, chantieLP, JoeSiegrist, robyn

Re: support for plug-up fido-U2F Security Key

Postby macky876 » Mon Sep 03, 2018 3:46 pm

This is so disappointing. Get it together Lastpass and add U2F support already!
macky876
 
Posts: 1
Joined: Mon Sep 03, 2018 3:44 pm

Re: support for plug-up fido-U2F Security Key

Postby cruser42577 » Sat Sep 08, 2018 1:50 pm

+1 Please support fido U2F.
cruser42577
 
Posts: 2
Joined: Fri Feb 03, 2017 11:58 am

Please implement U2F authentication!

Postby u2fPlz » Tue Sep 11, 2018 10:19 pm

I was on Reddit and I just found a post which reminded me about why 2fa is vulnerable to phishing attacks. https://www.reddit.com/r/ProgrammerHumo ... _phishing/ A phishing site allows an attacker to steal not only the username and password, but also the authentication code. The attacker can simply use all that information to access an account using 2fa. As far as I am aware, Yubikey is also affected by this, because the one time password is not dependent on a private key. (Looking at these two pages: https://lastpass.com/yubico/ https://www.yubico.com/products/service ... -response/, it seems Lastpass only supports basic OTP)

Universal 2nd Factor is resistant to phishing attacks because it is a challenge-response system, meaning that to authenticate a user, the server sends a random challenge to the user, who responds the correct answer, to make sure that the person at the end owns the hardware key, and not just a stolen code.

There are devices that support challenge-response authentication, such as Yubikey, but the availability is limited to just their products. U2F, on the other hand, is available on many hardware keys. Yubico and Duo products support U2F, as well as Trezor's and Ledger's.

Chrome, Firefox and Edge all support U2F now, and many websites are moving to make U2F a standard. Please implement U2F for LastPass, to remain at the top of the game!
u2fPlz
 
Posts: 1
Joined: Tue Sep 11, 2018 9:27 pm

Re: support for plug-up fido-U2F Security Key

Postby jfe » Tue Sep 18, 2018 6:27 pm

U2F is an obvious security upgrade and the tokens cost less than 1/2 as much. Is there any word as to when this will be available?
jfe
 
Posts: 1
Joined: Tue Sep 18, 2018 6:23 pm

Re: support for plug-up fido-U2F Security Key

Postby qwhash » Fri Sep 21, 2018 10:52 am

I completely agree. There is no excuse for not being proactive in supporting this kind of features for a service that makes security its business model. U2F support can not stay in the backlog for years while there have been demonstrated 2FA attacks tools such as evilginx. I will consider migrating to other services that take security more seriously.
qwhash
 
Posts: 1
Joined: Fri Sep 21, 2018 10:46 am

Re: support for plug-up fido-U2F Security Key

Postby vinceJacks » Sat Sep 29, 2018 1:52 pm

Have used LastPass for 6+ years. Just ordered Google's Titan Keys. After reading this thread, looks like I have some more research and consideration ahead. I want more security around my Gmail and my password vault account but not two different vendor 2FA keys. I purchased Titan Key as part of my trust for Google and their internal use of this approach. As I have not researched password providers for years, looks like that is my next step. Dashlane, 1Password, Google's Smart Lock for Passwords? Maybe I can cross my fingers and hope that LastPass will support Google's Titan Key quickly. But as old as this thread is???
vinceJacks
 
Posts: 1
Joined: Sat Sep 29, 2018 1:36 pm

Re: support for plug-up fido-U2F Security Key

Postby TechNashville » Tue Oct 02, 2018 4:45 pm

Just another person hoping the LastPass team will finally enable support for plug-up U2F Security Keys. I recently purchased an ePass FIDO U2F NFC and would like to be able to utilize it with LastPass. I've been a Premium subscriber for several years. There are other password manager sites that allow use of U2F, but I'm still partial to LastPass. Please keep me as a customer! Do the right thing!
TechNashville
 
Posts: 1
Joined: Tue Oct 02, 2018 4:39 pm

Re: support for plug-up fido-U2F Security Key

Postby cr4llian » Tue Oct 09, 2018 8:59 am

+1
My Yubikey 5 NFC is on its way, and I hope to use U2F mode with Lastpass soon!
cr4llian
 
Posts: 1
Joined: Tue Oct 09, 2018 8:46 am

Re: support for plug-up fido-U2F Security Key

Postby DemTechnologist » Tue Oct 09, 2018 4:58 pm

Just want add another vote for this. While YubiKeys are great, I would love to be able to support u2f compliant bluetooth keys with my users on non NFC iOS devices like iPads for example. It will also be more economical for my organization. Please please please add U2F support!
DemTechnologist
 
Posts: 1
Joined: Tue Oct 09, 2018 4:56 pm

U2F

Postby casualpie » Sat Oct 20, 2018 2:59 pm

It's rather surprising this isn't supported yet.
casualpie
 
Posts: 1
Joined: Sat Oct 20, 2018 2:57 pm

PreviousNext

Return to Feature Requests

Who is online

Users browsing this forum: No registered users and 17 guests