Jump to content

Yubikey support


Southpaw018

Recommended Posts

  • Administrators

Hello,

 

This could only work if it would be used as a two factor auth support along with the standard passphrase PC Monitor authentication system. It could be nice if you would be able to choose with two factor authentication system you want to use. I did look over their API and it seems that's fairly easy to work with it's just a web api to call and see if the OTP is valid, action which PC Monitor's server should take. Just one question, when you touch the button on your YubiKey how will you get the OTP? It will appear on some application you install or you need to have an application that need to talk with it, just like a dongle?

 

Let's see what others have to say.

Link to comment
Share on other sites

  • 2 months later...

Whoa. Sorry it's taken me so long to get back to you, Paul! Right, you'd use PC Monitor's passphrase/password and the Yubikey as the second factor.

When you touch the button on the Yubikey, it generates the one time password and then types it out to the computer as if it were a USB keyboard. It's actually pretty genius in that regard - it requires no special hardware.

Here, check it out. I'll attach my key and have it type an OTP, then censor the key data:

******######fttrtfdkrerhniclllvnlfiutgdngrrj

The asterisks are a 6 character public ID. The hashes are a 6 character key serial number. The rest is the OTP.

Link to comment
Share on other sites

  • 3 years later...
  • 1 month later...

I came here today to make a similar suggestion. I would strongly support this, but not if it required me to have my physical Yubikey device. I have one, but I also have a smartphone, and I'm not really interested in having to juggle a dozen devices just to log into things. I find it too onerous forcing everyone to acquire a Yubikey and deal with that.

The implementation chosen should be a form of TOTP that works in the same clients that can be used for Amazon, Microsoft, LastPass, and many more. Google Authenticator is one, and there are other clients that support the same standard (Authenticator Plus is the Android client I use).

The impetus for even thinking about this occurred to me this morning after trying to connect to my daughter's PC to diagnose an issue on it. I was prompted for the two-factor auth code before using Remote Desktop, but the email never arrived (still hasn't). I was going mad waiting for it because she has limited time. Emailed auth codes is a terrible implementation for this reason and I very nearly disabled the entire option.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...