YubiKey – Making secure login easy

I'm quite curious, what's the contingency plan in case the Yubikey gets stolen? How do you deal with things like email encrypted to the key you've now lost?

Is it possible to sit down on someone else's computer and trivially use a Yubikey for SSH and git with SSH keys?

The GPG applet only does keys up to 2048 bits :(

Other than that, this is cool and I generally really like my YubiKey Neo

It's only supported in chrome, with other browser support at least 6 months away (guess). After getting a test webapp to work with u2f tokens on chrome I wouldn't say it's easy. YMMV.

You need to include this js: https://demo.yubico.com/js/u2f-api.js

... which isn't really mentioned anywhere. That js file loads an embedded chrome extension and handles all the heavy lifting.

The documentation (if there is any?) fails to mention that your appId has to be https; any http appIds will fail with an obscure error.

That depends on your configuration. LastPass supports per-device exceptions, so that you can allow login from devices without USB ports. I'd suggest checking for the device settings in your LastPass vault; mine are reasonably restrictive :).

You can configure particular devices to allow login without needing the YubiKey. Every device other than my iPhone requires my YubiKey for LastPass, and my iPhone requires my fingerprint. Reasonably secure, though I wish Apple would add NFC so the YubiKey Neo can work with it.

By default "mobile devices without USB ports" can bypass Yubikey authentication. It can be changed in the multifactor auth Yubikey settings.

I've been able to use a yubikey on an ipad2 with the camera connection kit USB adapter, but I don't think that it works on newer iPads.

I'm in the same boat; didn't work at all on OSX when I tried. In fact, even on windows the plugin somehow failed to install properly, and I never even managed to 'register' the key. The support helpfully told me to raise a ticket (thanks, I'm a /customer/ not your beta tester)

> Compared to Google Authenticator app, YubiKey (a) makes hardware-based OTPs as opposed to time-based OTPs (does that offer stronger security?)

If I understand the various OTP implementations correctly, they are essentially the same, trading a time-counter for use-counter.

The non-time OTP will give you ds1, ds2, ds3 -- where dsX ("derived secret X") is derived from shared-secret+X, while the time-based OTP will give you dsT1, dsT2 ... derived from shared-secret+TimestampX.

The former is a little more secure, as you need to allow for some drift. And having a proper 128 bit shared secret is probably more secure than something derived from a crackable password/pass phrase.

But AFAIK they're both vulnerable to the shared secret being compromised on the server-side and/or cracked (if it's possible to brute force).

I don't recall the exact details of the TOTP-spec, but in general I think the derived-secret/otp essentially boils down to: truncate(hmac(shared-secret,counter)) where counter is either a timestamp, or a sequence.

If the counter is actually a sequence of used passwords(1,2,3...N), the server can store just N passwords (usable for N logins), and cross them off after use -- so no need to store the shared secret on the server. For TOTP the server needs the shared-secret in order to generate a few +/- values to match against what the client supplied.

In both cases you could use a sniffed one-time password to try and guess the shared-secret, if you can know/guess the counter. The risk for a 128 bit random key is obviously somewhat less than if the shared secret is "hunter2" (modulus stretching etc).

The YubiKey's main strength is that users can configure it to meet their own needs; YubiKeys have 2 configurations slots which can be independently programmed for the Yubico OTP or OATH-event based modes, as well as Challenge-Response or a static password. Further, with a small app on the host machine, the YubiKey can provide OATH- time based codes, identical to Google Authenticator.

The newer YubiKey versions also support the new U2F Protocol used by Google.

The YubiKey is developed and owned by Yubico - Yubico worked with Google to develop the protocol which would become U2F for Google's internal use.

YubiKey does TOTP (time based OTP) by storing the shared secret on the key and having the connected system pass in the system time. It's more secure as the shared secret is write only, compared with having google authenticator on the phone storing the shared secret in your phone's storage.

See http://www.yubico.com/wp-content/uploads/2014/02/Yubico-TOTP...

Sounds like you got some nice material for a blog post about the subject?

If you have to get an OTP multiple times a day—say to ssh into a prod server—you quickly learn how laborious it is having to take your phone out of your pocket, unlock it, find the Google auth app, find which OTP you're looking for then finally transcribe it without any errors. Pressing a key combo/tapping the yubikey (depends on the model you have and its settings) is much faster.

To me, not having a yubikey would be like not being able to use cmd-C/V to copy/paste and having to use the system menu every time instead.

Because U2F is much safer than TOTP. TOTP is still sensitive to phishing: the MITM could just ask for the TOTP code and forward it. This is not possible with U2F, since only the original site has the key handle that is necessary to initiate the challenge-response.

https://developers.yubico.com/U2F/Protocol_details/Overview....

On the upside, Google Authenticator has access to an accurate RTC.

On the downside, your encryption secret is available "in the clear" in the form of a TOTP token that is loaded into the app. You are highly vulnerable during these moments. If an attacker gets a copy of the TOTP token, they can generate the six digit numbers as easily as you.

Maybe you have a rooted Android device and don't entirely trust the software running on it?

You can associate multiple U2F keys with a Google account. Since the Yubico's U2F key is really cheap (I think ours were ~15 Euro a pop), it doesn't hurt to associate another key and put it in a safe somewhere.

You generate backup one time password codes at activation time. Store those somewhere safely. Use them in the event of trouble.

Backup codes, or you do what I did: I bought two, and keep one in a safe place.

I am going to go out on a limb and guess you have a YubiKey Nano?

I have one vltjjenelhnhhkvrnft also.

The have a NFC version. I wish Apple would be on board...

the rumor is a bluetooth dongle will come out before year end...

I have a few of their basic model keys. They have implemented OATH-HOTP as well as their own OTP scheme and HMAC-SHA1 challenge-response. You can also embed a static password. The keys have two slots and both of them can be used for any of the supported schemes.

They have some fancier keys that support a 'universal 2 factor' standard which I think they may have had a hand in creating.

I've used mine in OATH-HOTP and HMAC-SHA1 along with KeePass to do two-factor on my password db. You do need a server-side or peer component to initially sync with to do OTP or challenge-response.

iirc they implement https://en.wikipedia.org/wiki/HMAC-based_One-time_Password_A... (or a variant of it)

Each side has a seed value which then allows the calculation of what the current value should be.

The client and the server have a shared secret that lets them generate a keystream based on the time.