Last Pass with Vanguard and USAA

Questions on how we spend our money and our time - consumer goods and services, home and vehicle, leisure and recreational activities
Post Reply
Topic Author
renegade06
Posts: 39
Joined: Sat Jan 12, 2019 3:00 pm

Last Pass with Vanguard and USAA

Post by renegade06 » Tue May 14, 2019 4:35 pm

I'm thinking about getting Last Pass to increase my security online - especially with my banking and investment accounts. Just curious if fellow Bogleheads are using Last Pass - how do you like it? Do you have any issues using it with your financial institutions? I mostly use Vanguard and USAA. Thanks!

User avatar
southerndoc
Posts: 894
Joined: Wed Apr 22, 2009 7:07 pm
Location: Atlanta

Re: Last Pass with Vanguard and USAA

Post by southerndoc » Tue May 14, 2019 4:46 pm

Love it. I have a Yubikey that is required to access my stored passwords. Any time I open Chrome, it automatically opens a popup requiring my Yubikey. Without it, the passwords are not usable.

I have Vanguard set to autologin. When I click the bookmark, it will automatically log me in and Vanguard will then ask for my Yubikey.

I have my iPhone set to use LastPass for passwords. Very much like it and highly recommend it!

chrisdds98
Posts: 90
Joined: Tue May 19, 2015 9:55 pm
Location: Austin, TX

Re: Last Pass with Vanguard and USAA

Post by chrisdds98 » Tue May 14, 2019 4:51 pm

yes, its been working great for me. I use the free version but will be switching to the paid version because the cost is so reasonable and I want to support the company

rgzeta
Posts: 2
Joined: Thu May 17, 2018 6:47 pm

Re: Last Pass with Vanguard and USAA

Post by rgzeta » Tue May 14, 2019 4:53 pm

Lastpass is a reasonable, commonly-used cloud-based password manager. That implies some things:
  1. As a password manager, it allows you to avoid the behavioral concern of reusing passwords across different sites -- you can have individual passwords for each site that LastPass remembers, and you only remember your one Master Password.
  2. Since it is cloud-based, you have access to your password vault essentially anywhere you have internet access (e.g. via app on your phone, extension on a desktop computer, or directly through a browser). The vault is encrypted using your Master Password, so in principle this convenience doesn't come at a security cost. However, this also means that you must A) trust LastPass to not screw up the encryption process somehow, and B) trust that your Master Password is truly secure (that is, not reused anywhere else; not guessable; not shared unknowingly, etc.).
  3. If you forget your Master Password to Lastpass, there are very limited (potentially no) ways of recovering your other passwords. Some of these recovery methods may require prior configuration. You should research and assess the relative likelihood and risk of forgetting your Master Password vs. a hostile attacker successfully completing the reset process.
  4. Lastpass has some nice sharing features where multiple people, each with LastPass accounts, can share credentials (e.g. a shared Netflix password), and the credentials auto-update across people if they're changed.
In your specific case, I'm not entirely sure this will accomplish what you want -- with only two main banks (Vanguard and USAA), you should be memorizing 2 strong, unique passwords anyway, so switching to Lastpass only allows you to "forget" 1. But I do enthusiastically recommend Lastpass -- in my experience, you'll likely find it far more useful for any sort of random thing (store, forum, etc.) that asks you to make an account, and it'll allow you to stop reusing the same (or very similar) passwords for those.

softwaregeek
Posts: 58
Joined: Wed May 08, 2019 8:59 pm

Re: Last Pass with Vanguard and USAA

Post by softwaregeek » Tue May 14, 2019 4:59 pm

I worked in the security software industry.

I strongly recommend a password manager and Yubikey is top-notch.

Yubikey is used at FANG companies for engineers to access their crown jewels.

I personally use Lastpass.


You need to ensure that every password is difficult and many digits. You need a password manager because of this.

If you use a password for a site, and it gets hacked, the next thing that happens is that they will run a script to try thousands of different websites with your name and password.And variations. So Password1 will mean Password2 gets checked as well.

So make sure you use the functionality in a password manager. You can do this for free with LastPass free edition and Google Authenticator (also free to download)

Broken Man 1999
Posts: 2316
Joined: Wed Apr 08, 2015 11:31 am

Re: Last Pass with Vanguard and USAA

Post by Broken Man 1999 » Tue May 14, 2019 5:00 pm

I have used LastPass (free edition) for years. Only had to rebuild the data base once. :oops:

Works great, can't beat the price. I used Roboform prior to LastPass, but dropped them when they wanted me to pay for it.

I am trying to get my wife to use LastPass, but she is slow to adopt certain technical things. Once she does, I'll go to the subscription model, family plan.

Broken Man 1999
“If I cannot drink Bourbon and smoke cigars in Heaven than I shall not go. " -Mark Twain

softwaregeek
Posts: 58
Joined: Wed May 08, 2019 8:59 pm

Re: Last Pass with Vanguard and USAA

Post by softwaregeek » Tue May 14, 2019 6:00 pm

Let me just elaborate for a bit - Lastpass has a free edition and is a password manager service . Yubikey is a commercial grade encryption device that you plug in or hold next to your machine or phone and serves as a physical device that secures the password within. Together they are definitely enterprise grade.

User avatar
midareff
Posts: 6211
Joined: Mon Nov 29, 2010 10:43 am
Location: Biscayne Bay, South Florida

Re: Last Pass with Vanguard and USAA

Post by midareff » Tue May 14, 2019 6:22 pm

I use LastPass and have for several years now. I have it restricted to USA access only and have no recognized machines other than my home computer. I don't do anything financial on cells or others computers. I probably have 100+ sites and the latest LastPass just takes a few letters to bring up your desired site from the library. I'd be lost without it.

skeptical
Posts: 74
Joined: Fri Jul 18, 2014 12:24 pm

Re: Last Pass with Vanguard and USAA

Post by skeptical » Tue May 14, 2019 6:33 pm

I am going through the same thing right now and I am using LastPass for my less important sites as a trial run for a couple of months. I am a week into this, and it works pretty well, however, there are some gotchas, and I would advise using it for some time to make sure you feel comfortable with it before going all in.

- Not all web based system seem to integrate well. Web based "apps" that come from the enterprise world that use a lot of fancy javascript to create login sequences have problems. Some examples:
* My credit card portal has a fancy and delayed (seems to be on purpose) popup for signing in. LastPass does recognize it as a username and password form (it has its icons), but it is not asking me to save these credentials (I am using my old username/password), as it did for other basic web sites I use. I now need to figure out how to enter this manually into LastPass, or to try to reset my password and see it that works.
* Some people and companies I deal with have portals based on some well known document management systems. Does not seem to work well with this, and while I admit the portal is the worst (best ?) example of enterprise engineering, that still does not help me. Seems to be a similar problem to my credit card portal
* There are other example, but all seem to be similar in nature.

- I switch between my laptop and my phone a lot, which means that it has to work with phone apps very well. I would make sure you feel comfortable with how lastpass works on your phone if this is important to you. For example, it seems to work best (or at all ?) when you launch the app from LastPass, but this does not always work if there is a complicated login sequence. I also ran into an interesting problem in that I left the icloud chain on (it gets turned on automatically when you turn on password fill on the iphone), and inadvertently used that to create a password for a new app. Now, LastPass does not recognize the app, and I have to figure out how to get the password out of icloud and into LastPass. Yes, my fault, but there are things that can go wrong, and I want to make sure I run into enough of them before going all in.

- I share some logins with my wife. So, to make the best use of LastPass, I will need to upgrade to the family edition. I don't mind paying the money, but I don't look forward to having another system to support and debug in the family.

- LastPass is pretty compelling, and does make a lot of things a lot easier. This is also dangerous, in that my threshold for what I am using it for is being driven lower. I am now putting my health care portal and other sites into that I was not planning to for a few weeks because it does make things easier. I am also considering putting credit cards and personal information and family documents, but I am taking a step back as going to far. I do not know right now what boundaries I want to set. I don't like being dependent on some company for all of this, but, as I said, it is pretty compelling.

And, finally the really big issue. for me, which is not the fault of LastPass: I am less worried worried about someone finding my password because my important sites use SMS two factor. However, there are known SMS exploits which can cause a lot more harm than having someone know your password. Yes, I put a PIN on any changes to the sim card, however, there are exploits that seem to easily bypass this.

I am also looking into Yubikey, or similar. I do not know if the SMS hack is taken care of by a hardware key, but I am also pretty concerned about losing the hardware key.

keyfort
Posts: 19
Joined: Thu Apr 04, 2019 12:46 pm

Re: Last Pass with Vanguard and USAA

Post by keyfort » Tue May 14, 2019 6:38 pm

rgzeta wrote:
Tue May 14, 2019 4:53 pm
Lastpass is a reasonable, commonly-used cloud-based password manager. That implies some things:
  1. As a password manager, it allows you to avoid the behavioral concern of reusing passwords across different sites -- you can have individual passwords for each site that LastPass remembers, and you only remember your one Master Password.
  2. Since it is cloud-based, you have access to your password vault essentially anywhere you have internet access (e.g. via app on your phone, extension on a desktop computer, or directly through a browser). The vault is encrypted using your Master Password, so in principle this convenience doesn't come at a security cost. However, this also means that you must A) trust LastPass to not screw up the encryption process somehow, and B) trust that your Master Password is truly secure (that is, not reused anywhere else; not guessable; not shared unknowingly, etc.).
  3. If you forget your Master Password to Lastpass, there are very limited (potentially no) ways of recovering your other passwords. Some of these recovery methods may require prior configuration. You should research and assess the relative likelihood and risk of forgetting your Master Password vs. a hostile attacker successfully completing the reset process.
  4. Lastpass has some nice sharing features where multiple people, each with LastPass accounts, can share credentials (e.g. a shared Netflix password), and the credentials auto-update across people if they're changed.
In your specific case, I'm not entirely sure this will accomplish what you want -- with only two main banks (Vanguard and USAA), you should be memorizing 2 strong, unique passwords anyway, so switching to Lastpass only allows you to "forget" 1. But I do enthusiastically recommend Lastpass -- in my experience, you'll likely find it far more useful for any sort of random thing (store, forum, etc.) that asks you to make an account, and it'll allow you to stop reusing the same (or very similar) passwords for those.
I'm not sure I understand point 3 in your list.

If you have Lastpass remember your Gmail login, then if you forget your Lastpass Master Password, why can't you just go to gmail's site directly and click forgot password? And the same would go for even online banking or anything else.

blackholescion
Posts: 62
Joined: Fri Mar 22, 2019 6:41 pm

Re: Last Pass with Vanguard and USAA

Post by blackholescion » Tue May 14, 2019 7:09 pm

skeptical wrote:
Tue May 14, 2019 6:33 pm
And, finally the really big issue. for me, which is not the fault of LastPass: I am less worried worried about someone finding my password because my important sites use SMS two factor. However, there are known SMS exploits which can cause a lot more harm than having someone know your password. Yes, I put a PIN on any changes to the sim card, however, there are exploits that seem to easily bypass this.

I am also looking into Yubikey, or similar. I do not know if the SMS hack is taken care of by a hardware key, but I am also pretty concerned about losing the hardware key.
The site would have to support the Yubikey in order to use it instead of SMS. It’s more likely that they would support an Authenticator app like Authy or Google Authenticator than Yubikey since the Yubikey is still kind of a niche thing that 99% of people don’t know about/use.

User avatar
southerndoc
Posts: 894
Joined: Wed Apr 22, 2009 7:07 pm
Location: Atlanta

Re: Last Pass with Vanguard and USAA

Post by southerndoc » Tue May 14, 2019 8:57 pm

You can configure LastPass to require a Yubikey in order to work.

If you have an iOS device, you can use Yubikeys with NFC to authorize it. You can also use FaceID.

Regarding using passwords on iOS, the important thing to remember is after installing the app, you need to go into Settings -> Passwords & Accounts -> Autofill Passwords and make sure LastPass is selected instead of iCloud Keychain. This will use your password in LastPass app to enter passwords into Safari, apps, etc. Usually it checks my FaceID to authorize it. Sometimes the app doesn't show up and I have to search for it (it will automatically open the LastPass app).

I feel like it's more secure than iCloud Keychain.

umfan11244
Posts: 54
Joined: Sat Feb 09, 2019 11:06 am
Location: Georgia

Re: Last Pass with Vanguard and USAA

Post by umfan11244 » Tue May 14, 2019 9:13 pm

southerndoc wrote:
Tue May 14, 2019 4:46 pm
Love it. I have a Yubikey that is required to access my stored passwords. Any time I open Chrome, it automatically opens a popup requiring my Yubikey. Without it, the passwords are not usable.

I have Vanguard set to autologin. When I click the bookmark, it will automatically log me in and Vanguard will then ask for my Yubikey.

I have my iPhone set to use LastPass for passwords. Very much like it and highly recommend it!
Thanks a ton for bringing this up. I’ve been reading about Yubikey since you posted this and will be ordering next week! I had already started transitioning to lastpass so this should work well. Much appreciated.

blueman457
Posts: 446
Joined: Sun Jul 26, 2015 12:19 pm

Re: Last Pass with Vanguard and USAA

Post by blueman457 » Tue May 14, 2019 9:18 pm

umfan11244 wrote:
Tue May 14, 2019 9:13 pm
southerndoc wrote:
Tue May 14, 2019 4:46 pm
Love it. I have a Yubikey that is required to access my stored passwords. Any time I open Chrome, it automatically opens a popup requiring my Yubikey. Without it, the passwords are not usable.

I have Vanguard set to autologin. When I click the bookmark, it will automatically log me in and Vanguard will then ask for my Yubikey.

I have my iPhone set to use LastPass for passwords. Very much like it and highly recommend it!
Thanks a ton for bringing this up. I’ve been reading about Yubikey since you posted this and will be ordering next week! I had already started transitioning to lastpass so this should work well. Much appreciated.
I left Lastpass for a problem with Yubikey; if I lost my Yubikey I could not use another 2fFA such as Authy. Bitwarden allows me to change my 2FA method if needed. I do recognize that it puts me a slightly higher risk by having multiple 2FA modalities, but it is very realistic that I can lose a Yubikey.

I like Yubikey, it does work well.

Blue Man

nesdog
Posts: 108
Joined: Thu Dec 07, 2017 8:20 pm

Re: Last Pass with Vanguard and USAA

Post by nesdog » Tue May 14, 2019 9:45 pm

FWIW, as a Dir of Tech for an organization, I'd like to pass along this caveat; when possible, don't leave LastPass logged in on your computer. I always make sure it's off when I leave.

We've had intrusions (ie; hacks) where outsiders penetrated our network. In one case, bad guy took control of a machine and was able to leverage logged in Amazon account in the browser as well as bank information. Also, if you leave your computer unlocked when you leave for the day, anyone can come to your workstation and see what is in LP.
Insert clever comment here...

User avatar
southerndoc
Posts: 894
Joined: Wed Apr 22, 2009 7:07 pm
Location: Atlanta

Re: Last Pass with Vanguard and USAA

Post by southerndoc » Tue May 14, 2019 9:47 pm

I have several Yubikeys at my house. I think LastPass allows you to register 10 of them. So you shouldn't be in a situation where you become locked out.

There are account recovery options. For one, if you have the iOS app, you can use it to recover your account with FaceID.

blueman457
Posts: 446
Joined: Sun Jul 26, 2015 12:19 pm

Re: Last Pass with Vanguard and USAA

Post by blueman457 » Wed May 15, 2019 6:21 am

southerndoc wrote:
Tue May 14, 2019 9:47 pm
I have several Yubikeys at my house. I think LastPass allows you to register 10 of them. So you shouldn't be in a situation where you become locked out.

There are account recovery options. For one, if you have the iOS app, you can use it to recover your account with FaceID.
Does it let you now change from a Yubikey to One time passwords when logging in? With regards to account recovery, it was that process that I wasn’t thrilled with. If someone stole my laptop, then they’d have access to my email and could easily get into LastPass by disabling 2FA and resetting the master password.

Blue Man

MikeG62
Posts: 1677
Joined: Tue Nov 15, 2016 3:20 pm
Location: New Jersey

Re: Last Pass with Vanguard and USAA

Post by MikeG62 » Wed May 15, 2019 6:28 am

I have used LastPass for several years now. All my online accounts use password generated by LastPass and my login details are all stored in LastPass. For the second factor authentication when logging into LastPass, I use Duo Mobile. So I need my phone with me in order to log into LastPass.

Also, I use a second factor authentication when logging into my Fidelity accounts. For that I use Norton's VIP Access. It generates a code in the app on my phone that needs to be entered after my username and password have been input.
Real Knowledge Comes Only From Experience

User avatar
oldcomputerguy
Moderator
Posts: 4391
Joined: Sun Nov 22, 2015 6:50 am
Location: In the middle of five acres of woods in East Tennessee

Re: Last Pass with Vanguard and USAA

Post by oldcomputerguy » Wed May 15, 2019 6:33 am

Not Last Pass specifically, but I do use a password manager at home (in my own case, KeePass2), and highly recommend using one to manage your passwords. Given human nature, it's all too easy to use some simple-to-remember password for sites, and to re-use it across multiple sites. A password manager helps address both of these behavioral issues.
It’s taken me a lot of years, but I’ve come around to this: If you’re dumb, surround yourself with smart people. And if you’re smart, surround yourself with smart people who disagree with you.

3-20Characters
Posts: 379
Joined: Tue Jun 19, 2018 2:20 pm

Re: Last Pass with Vanguard and USAA

Post by 3-20Characters » Wed May 15, 2019 6:41 am

There are quite a few password managers. For some reason or another lastpass is the favorite here, it seems. I use 1Password but have tried lastpass and a few others. Lastpass is ok but not on top of my list. For one thing, there have been security breaches which do not inspire confidence. For another, I was not crazy about the interface and had trouble importing passwords last time a tried it.

If I were to switch out from 1Password, my choice would be Bitwarden. But no plan to change yet.

Edit: even with reported security breaches, I’d still go with a password manager over no password manager.

User avatar
TheGreyingDuke
Posts: 1586
Joined: Fri Sep 02, 2011 10:34 am

Re: Last Pass with Vanguard and USAA

Post by TheGreyingDuke » Wed May 15, 2019 6:57 am

nesdog wrote:
Tue May 14, 2019 9:45 pm
FWIW, as a Dir of Tech for an organization, I'd like to pass along this caveat; when possible, don't leave LastPass logged in on your computer. I always make sure it's off when I leave.

We've had intrusions (ie; hacks) where outsiders penetrated our network. In one case, bad guy took control of a machine and was able to leverage logged in Amazon account in the browser as well as bank information. Also, if you leave your computer unlocked when you leave for the day, anyone can come to your workstation and see what is in LP.
I have LastPass set so that after 10 minutes of inactivity it logs itself out
"Every time I see an adult on a bicycle, I no longer despair for the future of the human race." H.G. Wells

stan1
Posts: 6816
Joined: Mon Oct 08, 2007 4:35 pm

Re: Last Pass with Vanguard and USAA

Post by stan1 » Wed May 15, 2019 7:17 am

3-20Characters wrote:
Wed May 15, 2019 6:41 am
There are quite a few password managers. For some reason or another lastpass is the favorite here, it seems. I use 1Password but have tried lastpass and a few others. Lastpass is ok but not on top of my list. For one thing, there have been security breaches which do not inspire confidence. For another, I was not crazy about the interface and had trouble importing passwords last time a tried it.

If I were to switch out from 1Password, my choice would be Bitwarden. But no plan to change yet.

Edit: even with reported security breaches, I’d still go with a password manager over no password manager.
Best to assume every vendor in this space has been or will be hacked in some fashion. They are big targets. Much easier for bad guys to get in than for a company to keep them out. You have to trust the encryption the same way you trust the door lock on your house. Would you rather go with the company that tells you about an event and executes detect and recover quickly? Or the one who doesn't tell you about it? Lastpass is under new ownership so we don't know what they would do in the future.

Agree better to use a password manager than the alternatives. There isn't a risk free alternative. Some might say having no online access is risk free but it is not: without online access you have much less ability to monitor account balances for fraudulent activity. If you can memorize multiple 20 digit random strings of letters, numbers and symbols more power to you. That's not me (or most people).

3-20Characters
Posts: 379
Joined: Tue Jun 19, 2018 2:20 pm

Re: Last Pass with Vanguard and USAA

Post by 3-20Characters » Wed May 15, 2019 8:30 am

stan1 wrote:
Wed May 15, 2019 7:17 am
Would you rather go with the company that tells you about an event and executes detect and recover quickly? Or the one who doesn't tell you about it?
It’s not a matter of the company informing anyone. These things get out one way other. Agree about encryption but IIRC, the lastpass breaches were not related to encryption. They hacked autofill and gaining access to users passwords.
...he found out a serious bug allowing him to extract passwords stored in the autofill feature
In another case, Tavis Ormandy, a Google Security Team researcher exposed a message-hijacking bug that affected the LastPass Firefox addon. To take advantage of this bug the attack had to lure a LastPass user to visit another site and then execute the LastPass actions in the background without the user’s knowledge...
https://www.hackread.com/lastpass-hacke ... -for-good/

I’m not ragging on lastpass. I’m sure it’s a perfectly good password manager but there’s plenty of competition out there is all I’m saying.

User avatar
southerndoc
Posts: 894
Joined: Wed Apr 22, 2009 7:07 pm
Location: Atlanta

Re: Last Pass with Vanguard and USAA

Post by southerndoc » Wed May 15, 2019 10:28 am

blueman457 wrote:
Wed May 15, 2019 6:21 am
southerndoc wrote:
Tue May 14, 2019 9:47 pm
I have several Yubikeys at my house. I think LastPass allows you to register 10 of them. So you shouldn't be in a situation where you become locked out.

There are account recovery options. For one, if you have the iOS app, you can use it to recover your account with FaceID.
Does it let you now change from a Yubikey to One time passwords when logging in? With regards to account recovery, it was that process that I wasn’t thrilled with. If someone stole my laptop, then they’d have access to my email and could easily get into LastPass by disabling 2FA and resetting the master password.

Blue Man
No, you can't get in without the Yubikey. You can choose whether to store your master password. If you really wanted to be secure, you could not store your password and use a Yubikey. I store my password so that all I need is the Yubikey.

You can trust a browser for 30 days. I've suggested that they allow users to select a time frame. I would like to trust a browser for 3 hours or so. Anything more than that requires a relogin if the browser window had been closed.

User avatar
southerndoc
Posts: 894
Joined: Wed Apr 22, 2009 7:07 pm
Location: Atlanta

Re: Last Pass with Vanguard and USAA

Post by southerndoc » Wed May 15, 2019 10:29 am

MikeG62 wrote:
Wed May 15, 2019 6:28 am
I have used LastPass for several years now. All my online accounts use password generated by LastPass and my login details are all stored in LastPass. For the second factor authentication when logging into LastPass, I use Duo Mobile. So I need my phone with me in order to log into LastPass.

Also, I use a second factor authentication when logging into my Fidelity accounts. For that I use Norton's VIP Access. It generates a code in the app on my phone that needs to be entered after my username and password have been input.
I was going to activate VIP Access for Fidelity, but I'm waiting until I get a new iPhone. Didn't want to go through the process again to reactivate a new installation of VIP Access. Already painful enough to do this at work (we use VIP Access for external access to our EMR).

User avatar
southerndoc
Posts: 894
Joined: Wed Apr 22, 2009 7:07 pm
Location: Atlanta

Re: Last Pass with Vanguard and USAA

Post by southerndoc » Wed May 15, 2019 10:32 am

3-20Characters wrote:
Wed May 15, 2019 6:41 am
There are quite a few password managers. For some reason or another lastpass is the favorite here, it seems. I use 1Password but have tried lastpass and a few others. Lastpass is ok but not on top of my list. For one thing, there have been security breaches which do not inspire confidence. For another, I was not crazy about the interface and had trouble importing passwords last time a tried it.

If I were to switch out from 1Password, my choice would be Bitwarden. But no plan to change yet.

Edit: even with reported security breaches, I’d still go with a password manager over no password manager.
https://www.lastpass.com/security/what- ... ets-hacked

No password vaults were accessed and it's almost impossible to do so (keyword: almost).

dcabler
Posts: 914
Joined: Wed Feb 19, 2014 11:30 am

Re: Last Pass with Vanguard and USAA

Post by dcabler » Wed May 15, 2019 10:40 am

renegade06 wrote:
Tue May 14, 2019 4:35 pm
I'm thinking about getting Last Pass to increase my security online - especially with my banking and investment accounts. Just curious if fellow Bogleheads are using Last Pass - how do you like it? Do you have any issues using it with your financial institutions? I mostly use Vanguard and USAA. Thanks!
I use lastpass. With Vanguard, it's lastpass + 2FA. I use lastpass to start the log in process at Vanguard. I then get a text from Vanguard with a one time code. I manually enter the code on Vanguard's website and am then fully logged in. Pretty easy.

umfan11244
Posts: 54
Joined: Sat Feb 09, 2019 11:06 am
Location: Georgia

Re: Last Pass with Vanguard and USAA

Post by umfan11244 » Wed May 15, 2019 7:56 pm

southerndoc wrote:
Tue May 14, 2019 9:47 pm
I have several Yubikeys at my house. I think LastPass allows you to register 10 of them. So you shouldn't be in a situation where you become locked out.

There are account recovery options. For one, if you have the iOS app, you can use it to recover your account with FaceID.
I'm close to ordering Yubikey, but I'm having one holdup - and that is the need to have the yubikey with me at all times to access lastpass on my cell phone (the computer is no issue). Is this the case or is there a workaround? I work in a strictly "No USB" office environment for security reasons, so it's not quite as easy as just putting it on my key chain. Someone mentioned that FaceID satisfies the 2FA for lastpass on iOS but I haven't seen that verified. Thanks in advance.

User avatar
LadyGeek
Site Admin
Posts: 53525
Joined: Sat Dec 20, 2008 5:34 pm
Location: Philadelphia
Contact:

Re: Last Pass with Vanguard and USAA

Post by LadyGeek » Wed May 15, 2019 8:34 pm

This thread is now in the Personal Consumer Issues forum (computer security).
Wiki To some, the glass is half full. To others, the glass is half empty. To an engineer, it's twice the size it needs to be.

Jeff Albertson
Posts: 672
Joined: Sat Apr 06, 2013 7:11 pm
Location: Springfield

Re: Last Pass with Vanguard and USAA

Post by Jeff Albertson » Wed May 15, 2019 8:48 pm

keyfort wrote:
Tue May 14, 2019 6:38 pm
rgzeta wrote:
Tue May 14, 2019 4:53 pm
Lastpass is a reasonable, commonly-used cloud-based password manager. That implies some things:
  1. If you forget your Master Password to Lastpass, there are very limited (potentially no) ways of recovering your other passwords. Some of these recovery methods may require prior configuration. You should research and assess the relative likelihood and risk of forgetting your Master Password vs. a hostile attacker successfully completing the reset process.
I'm not sure I understand point 3 in your list.

If you have Lastpass remember your Gmail login, then if you forget your Lastpass Master Password, why can't you just go to gmail's site directly and click forgot password? And the same would go for even online banking or anything else.
Lastpass has recently added a way to recover your account if you forget your password.
https://blog.lastpass.com/2019/05/never ... bile.html/
Users who have downloaded and logged into the LastPass mobile app on Android or iOS can recover their accounts very easily using fingerprint or Face ID authentication. We encourage users to download the app because it’s very helpful to have all your passwords on the go – but it also acts as a safety net should you get locked out of your account.

User avatar
southerndoc
Posts: 894
Joined: Wed Apr 22, 2009 7:07 pm
Location: Atlanta

Re: Last Pass with Vanguard and USAA

Post by southerndoc » Wed May 15, 2019 10:03 pm

umfan11244 wrote:
Wed May 15, 2019 7:56 pm
southerndoc wrote:
Tue May 14, 2019 9:47 pm
I have several Yubikeys at my house. I think LastPass allows you to register 10 of them. So you shouldn't be in a situation where you become locked out.

There are account recovery options. For one, if you have the iOS app, you can use it to recover your account with FaceID.
I'm close to ordering Yubikey, but I'm having one holdup - and that is the need to have the yubikey with me at all times to access lastpass on my cell phone (the computer is no issue). Is this the case or is there a workaround? I work in a strictly "No USB" office environment for security reasons, so it's not quite as easy as just putting it on my key chain. Someone mentioned that FaceID satisfies the 2FA for lastpass on iOS but I haven't seen that verified. Thanks in advance.
I've been using LastPass almost for a month. Other than the one-time activation, I've never had to use my Yubikey on my phone again. I'm not sure if it times out and requires you to use it periodically, but so far it hasn't required it for me.

Make sure you get a Yubikey that supports NFC to support your phone. I got the Yubikey 5 NFC and 5C for my keychain (I use both a MacBook [USB-C] and Dell laptop [standard USB]). The 5 NFC will allow you to use the NFC function of your phone to authorize the login. Again, once you do this, I've never been asked to do it again. It always uses FaceID to authorize it.

I also purchased a 5C Nano and a USB-C to USB-A adapter to keep it permanently plugged into a USC hub on my desk that's connected to my iMac. That way I don't have to search for a key while I'm at home.

umfan11244
Posts: 54
Joined: Sat Feb 09, 2019 11:06 am
Location: Georgia

Re: Last Pass with Vanguard and USAA

Post by umfan11244 » Thu May 16, 2019 6:28 am

southerndoc wrote:
Wed May 15, 2019 10:03 pm
umfan11244 wrote:
Wed May 15, 2019 7:56 pm
southerndoc wrote:
Tue May 14, 2019 9:47 pm
I have several Yubikeys at my house. I think LastPass allows you to register 10 of them. So you shouldn't be in a situation where you become locked out.

There are account recovery options. For one, if you have the iOS app, you can use it to recover your account with FaceID.
I'm close to ordering Yubikey, but I'm having one holdup - and that is the need to have the yubikey with me at all times to access lastpass on my cell phone (the computer is no issue). Is this the case or is there a workaround? I work in a strictly "No USB" office environment for security reasons, so it's not quite as easy as just putting it on my key chain. Someone mentioned that FaceID satisfies the 2FA for lastpass on iOS but I haven't seen that verified. Thanks in advance.
I've been using LastPass almost for a month. Other than the one-time activation, I've never had to use my Yubikey on my phone again. I'm not sure if it times out and requires you to use it periodically, but so far it hasn't required it for me.

Make sure you get a Yubikey that supports NFC to support your phone. I got the Yubikey 5 NFC and 5C for my keychain (I use both a MacBook [USB-C] and Dell laptop [standard USB]). The 5 NFC will allow you to use the NFC function of your phone to authorize the login. Again, once you do this, I've never been asked to do it again. It always uses FaceID to authorize it.

I also purchased a 5C Nano and a USB-C to USB-A adapter to keep it permanently plugged into a USC hub on my desk that's connected to my iMac. That way I don't have to search for a key while I'm at home.
Great, thanks. I think I’m all set.

keyfort
Posts: 19
Joined: Thu Apr 04, 2019 12:46 pm

Re: Last Pass with Vanguard and USAA

Post by keyfort » Fri May 17, 2019 11:41 am

Jeff Albertson wrote:
Wed May 15, 2019 8:48 pm
keyfort wrote:
Tue May 14, 2019 6:38 pm
rgzeta wrote:
Tue May 14, 2019 4:53 pm
Lastpass is a reasonable, commonly-used cloud-based password manager. That implies some things:
  1. If you forget your Master Password to Lastpass, there are very limited (potentially no) ways of recovering your other passwords. Some of these recovery methods may require prior configuration. You should research and assess the relative likelihood and risk of forgetting your Master Password vs. a hostile attacker successfully completing the reset process.
I'm not sure I understand point 3 in your list.

If you have Lastpass remember your Gmail login, then if you forget your Lastpass Master Password, why can't you just go to gmail's site directly and click forgot password? And the same would go for even online banking or anything else.
Lastpass has recently added a way to recover your account if you forget your password.
https://blog.lastpass.com/2019/05/never ... bile.html/
Users who have downloaded and logged into the LastPass mobile app on Android or iOS can recover their accounts very easily using fingerprint or Face ID authentication. We encourage users to download the app because it’s very helpful to have all your passwords on the go – but it also acts as a safety net should you get locked out of your account.
I still don't understand the reasoning behind the other post though about if you forget your Lastpass Master Password you'll be locked out of everything without being able to reset them even individually. Maybe I didn't understand it very well!

User avatar
Toons
Posts: 13254
Joined: Fri Nov 21, 2008 10:20 am
Location: Hills of Tennessee

Re: Last Pass with Vanguard and USAA

Post by Toons » Fri May 17, 2019 11:46 am

renegade06 wrote:
Tue May 14, 2019 4:35 pm
I'm thinking about getting Last Pass to increase my security online - especially with my banking and investment accounts. Just curious if fellow Bogleheads are using Last Pass - how do you like it? Do you have any issues using it with your financial institutions? I mostly use Vanguard and USAA. Thanks!
I have used LastPass for years for all accounts,including financial(banking,transactions,etc)
I would be lost without it.
Never had an issue,,using 2 factor authentication
:happy
"One does not accumulate but eliminate. It is not daily increase but daily decrease. The height of cultivation always runs to simplicity" –Bruce Lee

thomwd
Posts: 2
Joined: Sat Oct 27, 2018 7:55 am

Re: Last Pass with Vanguard and USAA

Post by thomwd » Fri May 17, 2019 12:23 pm

Have used LastPass Premium for 4-5 years and would not do without it. Easily logs into my Vanguard accounts and all financial accounts. Not all sites work perfectly, and require some retyping of user names, but it is well worth the minor inconvenience.

Topic Author
renegade06
Posts: 39
Joined: Sat Jan 12, 2019 3:00 pm

Re: Last Pass with Vanguard and USAA

Post by renegade06 » Fri May 17, 2019 12:58 pm

Thanks, all! I am going to go with Last pass!

cmeretire
Posts: 23
Joined: Thu Nov 24, 2016 11:45 am

Re: Last Pass with Vanguard and USAA

Post by cmeretire » Fri May 17, 2019 1:10 pm

also, it's been mentioned that if you forget you master password you can't get in. LastPass has changed this, at least if you're using an android phone. You can not use your fingerprint or facial recognition to recover your master password if you forget it. You do have to set it up but it is possible now to recover your master password,

User avatar
southerndoc
Posts: 894
Joined: Wed Apr 22, 2009 7:07 pm
Location: Atlanta

Re: Last Pass with Vanguard and USAA

Post by southerndoc » Fri May 17, 2019 1:37 pm

@keyfort You can reset each site's password individually if you forget your LastPass master password. You just won't be able to access your LastPass vault and all your stored passwords will be erased.

Jeff Albertson
Posts: 672
Joined: Sat Apr 06, 2013 7:11 pm
Location: Springfield

Re: Last Pass with Vanguard and USAA

Post by Jeff Albertson » Sun May 19, 2019 7:46 am

southerndoc wrote:
Fri May 17, 2019 1:37 pm
@keyfort You can reset each site's password individually if you forget your LastPass master password. You just won't be able to access your LastPass vault and all your stored passwords will be erased.
There are ways to recover your account. Read the lastpass blog:
"Never Lose Access to LastPass with Account Recovery on Mobile"
https://blog.lastpass.com/2019/05/never ... bile.html/

Post Reply