info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
looking for a clear yubikey how-to
4 views
Skip to first unread message
Eli the Bearded
Oct 10, 2023, 5:05:32 PM10/10/23
to
I have a Yubikey 5c. Quoth their website:
* Convenient and portable: The YubiKey 5C fits easily on your
keychain, making it convenient to carry and use wherever you go,
ensuring secure access to your accounts at all times. Simply plug in
via USB-C to authenticate.
* Versatile compatibility: Supported by Google and Microsoft accounts,
password managers and hundreds of other popular services. It works
with Windows, macOS, ChromeOS and Linux. "Works With YubiKey" lists
compatible services.
* Multi-protocol: YubiKey 5 Series is the most versatile security key
supporting multiple authentication protocols including
FIDO2/WebAuthn (hardware bound passkey), FIDO U2F, Yubico OTP,
OATH-TOTP, OATH-HOTP, Smart card (PIV) and OpenPGP.
* Durable and reliable: High quality design and resistant to
tampering, water, and crushing. No batteries or network connectivity
required, offering dependable authentication without any downtime.
Securely manufactured in USA & Sweden.
There are various and differing limitations on various protocols. I have
presently used one of two OTP slots and one of many Fido2 slots for
$WORK related uses. I have found through this that Firefox on Linux
works fine with the device (but not when there is a USB hub involved, I
suspect the device can detect the hub and shuts down as an
anti-eavesdropping measure).
I have several personal websites that are Perl scripts sitting behind
Apache and/or Nginx. These are generally not Perl scripts using standard
modules more sophisticated than "strict.pm", but I'm not against using
something I need. My use of Javascript is typically measured in the tens
of lines of code.
How can I use any of the Yubikey security protocols on my own stuff?
Where are the guides for setting this up? The guides I find are more
"here's where to go in the preferences for $FOODOTCOM to use your
hardware device" or "here's a whitepaper at fidoalliance.org for
implementing this for your enterprise".
Elijah
------
suspects Javascript is important for this, so no lynx support
* Convenient and portable: The YubiKey 5C fits easily on your
keychain, making it convenient to carry and use wherever you go,
ensuring secure access to your accounts at all times. Simply plug in
via USB-C to authenticate.
* Versatile compatibility: Supported by Google and Microsoft accounts,
password managers and hundreds of other popular services. It works
with Windows, macOS, ChromeOS and Linux. "Works With YubiKey" lists
compatible services.
* Multi-protocol: YubiKey 5 Series is the most versatile security key
supporting multiple authentication protocols including
FIDO2/WebAuthn (hardware bound passkey), FIDO U2F, Yubico OTP,
OATH-TOTP, OATH-HOTP, Smart card (PIV) and OpenPGP.
* Durable and reliable: High quality design and resistant to
tampering, water, and crushing. No batteries or network connectivity
required, offering dependable authentication without any downtime.
Securely manufactured in USA & Sweden.
There are various and differing limitations on various protocols. I have
presently used one of two OTP slots and one of many Fido2 slots for
$WORK related uses. I have found through this that Firefox on Linux
works fine with the device (but not when there is a USB hub involved, I
suspect the device can detect the hub and shuts down as an
anti-eavesdropping measure).
I have several personal websites that are Perl scripts sitting behind
Apache and/or Nginx. These are generally not Perl scripts using standard
modules more sophisticated than "strict.pm", but I'm not against using
something I need. My use of Javascript is typically measured in the tens
of lines of code.
How can I use any of the Yubikey security protocols on my own stuff?
Where are the guides for setting this up? The guides I find are more
"here's where to go in the preferences for $FOODOTCOM to use your
hardware device" or "here's a whitepaper at fidoalliance.org for
implementing this for your enterprise".
Elijah
------
suspects Javascript is important for this, so no lynx support
Benjamin Esham
Oct 23, 2023, 4:42:18 PM10/23/23
to
Eli the Bearded wrote:
> I have a Yubikey 5c. [snip]
username-and-password authentication), or as a replacement for your existing
authentication method? I don't have experience with either, unfortunately,
but clarifying your use case might get you better results.
(If you're trying to replace username-and-password auth entirely, [1] seems
like a decent guide, although it's hardly simple.)
Ben
[1] https://webauthn.guide/
> I have a Yubikey 5c. [snip]
>
> How can I use any of the Yubikey security protocols on my own stuff?
> Where are the guides for setting this up? The guides I find are more
> "here's where to go in the preferences for $FOODOTCOM to use your
> hardware device" or "here's a whitepaper at fidoalliance.org for
> implementing this for your enterprise".
Are you interested in using it as a second factor (e.g., in addition to
> How can I use any of the Yubikey security protocols on my own stuff?
> Where are the guides for setting this up? The guides I find are more
> "here's where to go in the preferences for $FOODOTCOM to use your
> hardware device" or "here's a whitepaper at fidoalliance.org for
> implementing this for your enterprise".
username-and-password authentication), or as a replacement for your existing
authentication method? I don't have experience with either, unfortunately,
but clarifying your use case might get you better results.
(If you're trying to replace username-and-password auth entirely, [1] seems
like a decent guide, although it's hardly simple.)
Ben
[1] https://webauthn.guide/
0 new messages