Introducing LastPass Mobile Support for the YubiKey NEO

If you’ve been looking to use your YubiKey with your Android smartphone, your wait is over!

At the recent RSA conference in San Francisco, CA, LastPass announced support for Yubico’s latest two-factor authentication technology. The NFC-enabled YubiKey NEO is Yubico’s first step to expanding their technology across smartphones and tablets.

To explain the terminology a bit, “NFC” is short for “Near Field Communication”. It’s a short-range wireless technology that allows devices to talk to each other and perform other actions, like transferring data and doing transactions. There is usually a chip in the smartphone that can communicate with software on the device while receiving signals from an external device (in this case, the YubiKey NEO).

Like the basic YubiKey, the YubiKey NEO is a small token that fits naturally on a keychain. The device combines the NFC swipe technology with the regular USB interface, so you can use the YubiKey NEO to authenticate your LastPass account on both your computer and your smartphone.

How it works

You can first associate a YubiKey with your LastPass account in your LastPass account settings (accessed from your LastPass Vault by launching the “account settings” link and clicking the “YubiKey” tab). After inserting your YubiKey into a USB port on your computer, you can focus in one of the YubiKey fields and swipe the device to enter the data. Once you have updated your settings, you can grab your Android and launch the LastPass app to login.

When the YubiKey NEO is introduced to an NFC-enabled smartphone, the YubiKey emits a securely encrypted one time password (OTP), which the phone reads.

Yubico’s video shows the device in action with LastPass:

How to get one

For early adopters who want the technology now, pre-production samples of the YubiKey NEO are available at Yubico’s web store for $50 per unit. Pre-production samples are only available in single units, with volume orders and full production planned for summer 2012. We may offer a bundle with LastPass Premium and the YubiKey NEO in the future, since YubiKey support is a LastPass Premium feature. For those who may be considering LastPass Premium, the upgrade is $12 per year for unlimited access to all LastPass Premium features.

We’re continuing to explore opportunities for enhancing mobile security and the mobile experience as a whole, stay tuned for future updates.

The LastPass Team


  • Anonymous says:

    I would like to know if the Yubikey Neo would be able to communicate and function properly when a tablet has a thick leather case on it. I have a Nexus 7 with a thick leather case for protection. Will the Yubikey be able to transmit the NFC signal through the case?

  • sjuerges says:

    I have played around with the Yubikey Neo and lastpass mobile a bit, and wrote up my findings:

  • I would like to use my phone as the YubiKey NFC and when LastPass asks for two-factor authentication, I put my phone on an NFC reader which then provides the authentication code.

    These are all great improvements for security, thanks for helping make security accessible.

  • How does this work if you are currently using Google Authenticator? Should you turn off Authenticator? Does the NEO work as a USB YubiKey on my computer too?

    • Amber says:

      Currently only one multifactor authentication device can be used at a time with your LastPass account, so you would have to turn off Google Auth first, then enable the YubiKey. The NEO works with both your computer (plugs in to a USB port) and with the mobile app (currently Android only).

    • Anonymous says:

      Just to correct, This is not true regarding Lastpass and one multifactor device. It’s very evident, especially from first hand experience, that Google Auth and Yubikey are both available options to be dual implemented, etc. Feel free to look to the changes that may have been implemented since this post either on the lastpass site manual or in the settings for lastpass. Of course this post is long after this was originally wrote, so I’m just writing to correct as it has been changed since.

  • When these come out in volume, will there be one that combines NFC, standard Yubico functionality, and VIP capabilities? I would like to carry one Yubico rather than two if possible, and I use both the main Yubico one-time codes (LastPass) as well as VIP (login to VIP sites), in addition to the NFC functionality.

    I ordered a Neo already, but just would like to consolidate Yubikeys.

  • Anonymous says:

    Will there be a way to use/swipe the NFC on the NEO as a substitute for entering the master password, on both the phone and/or PC? That would be more beneficial to me

    • Joe Siegrist says:

      @Anonymous — you can select to ‘remember password’ and then utilize the Yubikey as a ‘single’ factor instead of part of multi-factor. We don’t recommend this due to loss of security but it is possible.

    • Ted says:

      There’s a real problem here; it’s really important to choose a strong password, or else it would be trivial for an attacker to intercept the password stash over the network when it sent from the Lastpass servers to the phone, and then decrypt the passwords. But a strong password is by definition going to be a massive pain in the tuckus to type into a mobile screen keyboard.

      What we really need is a smart-card type solution where the master password is encrypted in a key stored on an NFC-capable device, which is kept separately from phone. That way, hopefully if the phone gets lost, the user’s key fob doesn’t get lost at the same time.