1
edit
Changes
Created page with 'Yubikey is a two factor authentication mechanism that uses USB dongles to provide an encrypted password that is then decrypted by the machine and checked against an database on a…'
Yubikey is a two factor authentication mechanism that uses USB dongles to provide an encrypted password that is then decrypted by the machine and checked against an database on a server.
* PROS
** No drivers required
** Two factor authentication is more secure
** Easy integration
** Cross Platform
** Flexible, can be tied into many existing systems
** Open source server implementation
** Cheap to implement
** Multiple Authentication options
** Resistance to keyloggers
* Cons
** Requires Additional Infrastructure
** Authentication server can be imitated
** Does not offer real data security in case of machine theft
** Physical object (Can be stolen/lost)
** Additional administration and tracking required to distribute dongles
Considerations
Best used in conjunction with other technology, eg: Full disk encryption, kerberos
Can be programmed to use a one time password mechanism or a reusable password that is concatenated to the end of a typed in password
Both require the yubikey to log in, the latter being easier to configure but the former being more secure
Conclusions
* PROS
** No drivers required
** Two factor authentication is more secure
** Easy integration
** Cross Platform
** Flexible, can be tied into many existing systems
** Open source server implementation
** Cheap to implement
** Multiple Authentication options
** Resistance to keyloggers
* Cons
** Requires Additional Infrastructure
** Authentication server can be imitated
** Does not offer real data security in case of machine theft
** Physical object (Can be stolen/lost)
** Additional administration and tracking required to distribute dongles
Considerations
Best used in conjunction with other technology, eg: Full disk encryption, kerberos
Can be programmed to use a one time password mechanism or a reusable password that is concatenated to the end of a typed in password
Both require the yubikey to log in, the latter being easier to configure but the former being more secure
Conclusions
