[jagermo]

I'm using LastPass with a 2FA Yubikey token.

In addition, I try use different E-Mail adresses whenever I sign up, a catchall makes sure they end up in the same inbox. This might not stop a sophisticated targeted attack, but it should throw off a lot of automated runs since the email they got is seemingly not used at another service. A litte obscurity to strengthen the rest of my security ;)

[jonlucc]

How does the Yubikey work? Do you have to plug it in every time you want to sign into a site?

[jagermo]

No, only once to decrypt the lastpass database. You can even set to only ask every 30 days, however I feel that this defeats the security features a little

[lukasm]

Do I need premium account to use Yubikey? What happens if you lost the Yubikey?