Password managers like KeePass, LastPass and 1Password are essential tools for storing the gazillion unique and long passwords we have to generate for each site. With only one master password standing between your database and a hacker, however, if you really want to secure your logins, a second layer of authentication will help. The Yubikey is an affordable and easy-to-use option.
You plug the USB device into your computer. When you touch the button, it can either generate a unique, one-time password or enter a static password you store on the second slot. You can authenticate the YubiKey with password managers KeePass and, as we noted before, LastPass, as well as a few others.
Colby Aley came up with a clever solution using 1Password and a Yubikey -- so he doesn't even know the extremely long master password for 1Password, but even if the Yubikey and his computer are stolen, a thief couldn't get into the database:
I generated a fairly complex static password and programmed that to the second slot on my Yubikey.
Next, I set my 1Password master to a combination of two passwords. The first part is a moderately simple password that I can remember. The second part is the static password programmed into my Yubikey, which I couldn't remember if I tried.
With this setup, I don't technically know any of my passwords. I know part of my 1Password master, but not enough to authenticate without the Yubikey. On the other hand, if someone were to steal my Yubikey, they would also need my memorized portion to gain access.
In case the Yubikey gets stolen or lost, Colby has a printout of the password, stored in a secure location.
It's an easy way to further lock down your passwords without too much hassle, and something you can replicate for your password manager of choice.
I know none of my passwords [Colby Aley]