Difference between revisions of "Yubikey Proposal"

From CDOT Wiki
Jump to: navigation, search
(Created page with 'Yubikey is a two factor authentication mechanism that uses USB dongles to provide an encrypted password that is then decrypted by the machine and checked against an database on a…')
 
 
Line 1: Line 1:
 
Yubikey is a two factor authentication mechanism that uses USB dongles to provide an encrypted password that is then decrypted by the machine and checked against an database on a server.  
 
Yubikey is a two factor authentication mechanism that uses USB dongles to provide an encrypted password that is then decrypted by the machine and checked against an database on a server.  
  
 +
==Pros/Cons==
 
* PROS
 
* PROS
 
** No drivers required
 
** No drivers required
Line 19: Line 20:
 
** Additional administration and tracking required to distribute dongles
 
** Additional administration and tracking required to distribute dongles
  
Considerations
+
==Considerations==
 
Best used in conjunction with other technology, eg: Full disk encryption, kerberos
 
Best used in conjunction with other technology, eg: Full disk encryption, kerberos
 
Can be programmed to use a one time password mechanism or a reusable password that is concatenated to the end of a typed in password
 
Can be programmed to use a one time password mechanism or a reusable password that is concatenated to the end of a typed in password
Line 25: Line 26:
 
Both require the yubikey to log in, the latter being easier to configure but the former being more secure
 
Both require the yubikey to log in, the latter being easier to configure but the former being more secure
  
Conclusions
+
==Conclusions==
 +
 
 +
Adding yubikey authentication to our existing infrastructure does increase authentication security, however it does little for physical security of machines.  It's cross-platform nature makes it simple to integrate in our existing Windows, Mac and Linux computers and servers.

Latest revision as of 15:07, 24 October 2012

Yubikey is a two factor authentication mechanism that uses USB dongles to provide an encrypted password that is then decrypted by the machine and checked against an database on a server.

Pros/Cons

  • PROS
    • No drivers required
    • Two factor authentication is more secure
    • Easy integration
    • Cross Platform
    • Flexible, can be tied into many existing systems
    • Open source server implementation
    • Cheap to implement
    • Multiple Authentication options
    • Resistance to keyloggers
  • Cons
    • Requires Additional Infrastructure
    • Authentication server can be imitated
    • Does not offer real data security in case of machine theft
    • Physical object (Can be stolen/lost)
    • Additional administration and tracking required to distribute dongles

Considerations

Best used in conjunction with other technology, eg: Full disk encryption, kerberos Can be programmed to use a one time password mechanism or a reusable password that is concatenated to the end of a typed in password

Both require the yubikey to log in, the latter being easier to configure but the former being more secure

Conclusions

Adding yubikey authentication to our existing infrastructure does increase authentication security, however it does little for physical security of machines. It's cross-platform nature makes it simple to integrate in our existing Windows, Mac and Linux computers and servers.