YUBICO – Simple Two Factor Authentication (TH4B)
Session Topic: Yubico
Convener: Stina Ehrensvärd
Tags for the session - technology discussed/ideas considered: two factor authentication
Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:
Notes source: http://digitalidcoach.com/2011/10/iiw-xiii-yubico/
Brief introductions. Yubico offers Yubikeys that help with authentication: low cost and simple! Acts as a keyboard, enters user password and 32 character passcode. Easier than smart cards (insert into USB port, push a button).
Lots of users: 1M users + 16k customers in 95 countries. Use cases: Google for internal staff, PayPal, Fedora, lastpass. Yubico is self-service: hardware sales on web store, free and open source server components and virtual appliance for remote access (enterprise-class VPN.
Versions of Yubikey: regular: one-time password, OATH (works with OTP – one-time passcode, not same as oAuth) standard, Static password, and Challenge response key. Secure life cycle: “trust no one.” Secure your servers.
Key is robust: sealed, simple. Accidentally went through a washing machine for several weeks and worked fine.
Future vision: one key for all Internet: YubiCloud validation service, 3rd party single sign-on and SAML. High security, Easy to use, Low cost. Plans to work with mobile phones via nearfield communications (NFC).
Demo (with keys) and questions. Here’s a video on how Yubico is working with Google Apps in Sweden: https://yubico.com/schoolvideo They’re working on supporting Google Apps here soon. Here’s a page where you can test your key: https://yubico.com/start