Switching to Nitrokey from Yubikey

First of all let me say that I’m not too experienced in the field, so my question might be too obvious.

I currently own a pair of Yubikeys 4 and use it with LastPass for authentification. I basically want to use Nitrokey instead of Yubikey for that purpose.

  • I’m I right to think that LP and YK use FIDO 2UF to authenticate?
  • If so, can I setup NK with Lastpass using setup guide for YK (as if I had YK)
  • If the above true, what models of NK can I use for that, only Fido U2F or other too?

Thank you

Hello @Nitinefutr,

as your questions mainly aim at the usage of LastPass, which I never used, please be aware that I answer your questions as best as I can based on the information online on https://lastpass.com

The NK Keys (Pro and Storage only) are officially tested and working only with KeePass as far as I know. KeePass is an Open Source password manager which allows the usage of OTP (One-time Password https://en.wikipedia.org/wiki/One-time_password), so that one can use the NK as a second factor to access the key database of KeePass. This is probably similar to your usage of the Yubikey to access LastPass, thus being offline.

Besides you can use the internal password safe of the NK Pro or NK storage and just carrying you passwords secured with you instead uploading them to LastPass at all.

But as I think that you tend to still use LastPass this won’t be useful for you, so let’'s look further.

I’m I right to think that LP and YK use FIDO 2UF to authenticate?

No, it uses one-time passwords (often referred to as OTP) https://helpdesk.lastpass.com/multifactor-authentication-options/yubikey-authentication/
LP makes clear that they does not intend to imlement U3F support until there is native U2F support in Firefox. https://lastpass.com/support.php?cmd=showfaq&id=8126

If so, can I setup NK with Lastpass using setup guide for YK (as if I had YK)

As NK Pro and Storage support one-time passwords that might work with this keys but I won’t be to sure. It does not seem as LastPass serves universal solutions on this login with different devices…

If the above true, what models of NK can I use for that, only Fido U2F or other too?

If you want to login with a Nitrokey to LastPass I am not sure if any of them works. Until now, the NK FIDO U2F surely won’t, as LP does not support U2F.

For authentication on other websites with help of LP you may can use every NK with Smartcard (Start, Pro, Storage) (though marked as experimental https://helpdesk.lastpass.com/multifactor-authentication-options/#h1). Or you may can use the NK FIDO U2F in the future.

You can definitely use the NK Pro, Storage (with OTP) and FIDO U2F as second factor for authentication. But in combination with LastPass it could be difficult.

I hope I could help you a bit. As LastPass is proprietary software everything more or less depends on what they are supporting. The options are available through NK.

Kind regards
Alex

EDIT: I did some furhter research and changed information about U2F support of LP accordingly. Until now it is not supported by LP at all.

1 Like