top | item 32885495

(no title)

loulouxiv | 3 years ago

That is the hid mode parent is mentionning. With ykman you can configure the Yubikey to simulate being a USB keyboard (Human Interface Device) and then "type" a static password. The default setting is to type a Yubico specific OTP that can be checked by calling an API. The issue with the static password is that anybody getting near the yubikey with a device having a USB port can steal the password in seconds.

discuss

sig-io|3 years ago

And any accidental button-press while in a chat-app or website will leak your password. I've seen many yubikey otp's accidentally pasted into irc, if you set it to password, you just posted that. I'd never recommend using that mode.

nick__m|3 years ago

Never happened to me since I use the slot 2 and it requires a long press.

taubek|3 years ago

Thank you for explanation! I wasn't aware of this feature.