[lug] OTP

John Hernandez jph at jph.net
Tue Jun 11 10:57:10 MDT 2013 

Yubikey can actually be programmed with two credentials - short button
press, and long button press.  I agree, it's a nice user-friendly
product.

On Tue, Jun 11, 2013 at 8:43 AM, Davide Del Vento
<davide.del.vento at gmail.com> wrote:
> I'm switching subject since we're switching topic.
>
>>> Still, I like https://www.yubico.com/products/yubikey-hardware/yubikey/
>>> better
>>
>> You need a separate one for each account you want to authenticate, don't
>> you?
>
> Yes and no. If the account providers agree, they can let me use the
> same one for more than one account. If they don't (which I expect
> being the case most of the times), yes, I do need one yk for each
> account. However, most of my accounts are "useless" and have the same
> stupid password which I could post here and not care for the accounts
> being compromised (e.g. I used them once to comment to some stupid
> blog post), so I will not be buying yk for them. The only accounts I
> care are gmail, my bank, maybe github, maybe openID (which would have
> solved all my issues, if sites used it). Some people might care for
> ebay/amazon (I've been pissed off by them and deleted my accounts with
> both). I already have 10 metal keys (home, office, car, bike lock,
> etc) on my keyring, 3 or 4 additional plastic ones would not make any
> difference.
>
>> I like smart cards.
>
> Yes, but then you need a reader, and how do you know the reader is not
> compromised if you use a shared one? What if the computer you want to
> use oversee at an internet cafe does not have the smart card reader?
> And if you need many smart cards (do you? I dunno, maybe you can
> program one with all your accounts) your wallet become very thick
> (mine is already too thick). More details?
>
> Yubikeys are just USB keyboards to the computer, and NFC-enabled
> "paste" (as in cut-and-paste) for non-USB-enabled devices (iPhone and
> iPad which by the way I don't care about). The yubikey firmware and
> encryption key is written to a write only memory and (they claim)
> cannot be overwritten or read out, maybe because of the way the hw is
> implemented, so you can safely use it in an hostile, shared machine.
>
> Cheers,
> Davide
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety

More information about the LUG mailing list