Feb 3, 2012

Resolutions with LastPass: #8 Generate OTPs to Use on Untrusted Computers

Logging in from a hotel computer while on vacation? Checking your email from an Internet cafe? Need to briefly use LastPass on a library or university computer? Then you should generate some One Time Passwords and carry them with you!

If you need to access your LastPass data while away from a trusted device, but are hesitant to do so because of potential keyloggers, LastPass provides One Time Passwords (OTPs) as one option for securely logging in to your account.

One Time Passwords are temporary passwords that grant one-time access to your LastPass vault. Once an OTP is used, it can never be used again. The OTP also prevents your master password from being stolen by keylogging software because you don't need to enter it when logging in with an OTP.

While you still have access to a trusted computer, go to the OTP management page: https://lastpass.com/otp.php to generate and print your OTPs. You must also be logged into the LastPass browser addon to manage your OTPs. From this page, you will see links to Add a New One Time Password, Clear All OTPs, or Print your OTPs:

To add OTPs to your list, click the "Add" link. Once you've generated a few OTPs, you can click the "Print" link to carry your OTPs in your wallet, or a copy of them can be carried with you on a portable USB thumb drive.

When you're ready to login to LastPass from an insecure computer, you can revisit the OTP management page to login with one of the OTPs on your list:

Even if the OTP is captured by malware, the password will not allow access to your account in subsequent attempts because it expires after you login with it once.

If you know you'll need to login to LastPass on an insecure computer, be prepared by generating and printing some OTPs!

The LastPass Team

Have a LastPass tip of your own? Or a feature or question you'd like us to cover? We'd love to hear your thoughts at press@lastpass.com.