Once you complete the LastPass Authenticator setup, open a new browser/private window, and login into your Drupal site. You have successfully configured the LastPass Authenticator - 2FA method.
Scan the QR code in LastPass Authenticator app and enter the generated passcode under the Passcode textfield. Click on the Configure link of LastPass Authenticator card/section. 
( Path - /admin/config/people/miniorange_2fa/setup_twofactor)
Latest version of LastPass Authenticator installed on devices running iOS or Android. The module is activated on your Drupal site. Plug in the key, do your admin work, unplug it, your account can't be used as an intrusion vector.You can check our module reviews and ratings here. In an ideal world, you'd have your login that you use for administration be passwordless, and *only* work in the presence of the key. A Yubikey also acts like a bunch of other things (PIV smartcard, GPG smartcard that can be used for SSH, etc.) that you can use for remote administration tasks. In terms of remote-managing servers, you might also look into setting up whatever login you use for that to use Yubikey. You can set up two keys to be the same as far as Authenticator is concerned, I don't know how to do that off-hand but you can google it. With that setup, I don't actually use my Yubikey very often, unless I'm logging into a new/rebuilt/untrusted machine or getting into a service that supports physical 2FA. 1Password can act as a OTP host, and since it's locked behind a key I use that instead since it supports as many sites as I want.īasically I've changed all hundred-something passwords to be generated and stored in a password manager, turned on FIDO2 for everything that supports it (GitHub, Google), turned on OTP for the rest, then locked the password manager and OTP with Yubikeys. Yubi Authenticator has a limit to how many services you can tie it to, so be careful. Normally 1Password just requires you to enter a master password, but to enable it on a new machine you need the Yubikey. Teach my password manager (1Password) both keys. Locking everything down is a layered approach, there's not just one way to do it.
0 kommentar(er)
