Questions tagged [yubikey]

YubiKey is an USB authentication key developed by Yubico.

169 questions
65
votes
5 answers

What is a YubiKey and how does it work?

How do YubiKeys work? Are there any alternatives? Here is a picture of one:
41
votes
2 answers

How can it be easy to write but "impossible" to extract the private key from a crypto token?

A number of crypto-dongles make the claim that it is impossible to extract the stored private key once written. Yubico: The YubiKey AES Key information can never be extracted from a YubiKey device – only programmed to it. Nitrokey: Other than…
Praxeolitic
  • 603
  • 6
  • 11
31
votes
3 answers

Is a USB security key trackable among websites?

If I have a security key (U2F key) like yubikey and use it on websites A and B and the owner of these two websites is the same, can the website owner know that I am the same user?
cooker
  • 391
  • 3
  • 6
30
votes
4 answers

Security of LastPass together with YubiKey

I'm looking at password manager solutions and came across LastPass. I see that they also support two-factor authentication using YubiKeys. How secure is this combination for password management? What are the "weak links" in this scheme that could be…
jrdioko
  • 13,011
  • 7
  • 29
  • 38
24
votes
4 answers

What is the risk and mitigation of accidentally typing a YubiKey password in an open forum?

I have a YubiKey in my laptop (for testing) and accidentally broadcast my YubiKey password out to the Internet. Since this is only a test key, and has no access to anything of value, here are some sample OTP…
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
21
votes
6 answers

Is it reasonable to use KeePassXC with YubiKey?

At the moment, I am using KeePassXC with a relatively strong master password. To further improve security, I thought about buying a YubiKey to have 2-Factor-Authentication. KeePassXC supports the so called "HMAC-SHA1 Challenge Response mode". In the…
Aliquis
  • 769
  • 1
  • 7
  • 12
21
votes
4 answers

Create backup Yubikey with identical PGP keys

I've recently bought two Yubikeys Neo which I'd like to use primarily for encryption and authentification by using the smartcard feature with GnuPG. I've read a few how-to on the subject (most notably here and here) and I've managed to generate and…
Foaly
  • 371
  • 1
  • 2
  • 7
19
votes
1 answer

Is there a Yubikey equivalent to "stealing the hard drive"?

Maybe I'm essentially asking an electronics / storage question... This question is similar, though I think it was maybe asked more about physical security while the answer was more about malware. This question explains that YK "stores the key on its…
dcc310
  • 301
  • 2
  • 5
19
votes
3 answers

GPG encryption subkey on multiple smart cards issue

Is there a way to tell GPG, that if it needs to decrypt something, that it can find the private encryption key on one of two smart cards? My (simplified) setup is as follows: Generated a master key offline with an encryption subkey. Transferred the…
Scott
  • 293
  • 2
  • 6
18
votes
1 answer

FIDO, U2F Compatibility

I've been following the FIDO standard (a consumer-friendly public-key system similar to SSH key pairs) and it appears that it's close to being complete: both Google and PayPal have been testing it internally for some time, the just-announced Samsung…
Indolering
  • 852
  • 6
  • 21
18
votes
1 answer

Yubikey / GPG with OpenSSH signed key

I am currently looking into the possibility of using Yubikey (NEO)'s to store the private SSH keys of my users. By searching the internet I've found several places that explain how you can generate a GPG master key and subkey, import it on your…
SunMar
  • 181
  • 1
  • 5
17
votes
6 answers

How YubiKey Challenge-Response works "locally"?

I have got a YubiKey NEO recently (and a bit disappointed that you can only have two activated second factor authentication methods out of all the listed). In password managers those support YubiKey, Password Safe is open-source and works locally.…
Kousha
  • 271
  • 1
  • 2
  • 6
17
votes
2 answers

Two-factor authentication with ssh key authentication and yubikey?

OpenSSH won't invoke PAM at all if public key (RSA) authentication is configured and the client presents a valid key. So if you use key-based auth, you can't enforce 2FA easily. One workaround for this limitation involves writing a helper program…
user391
  • 171
  • 1
  • 3
15
votes
5 answers

Smart card + GnuPG: what is stored in my keyring/how to adopt smart card?

I recently bought a Yubikey Neo which can act as a OpenPGP smart card. I'd like to use this to store my private GnuPG key. I've gone through the initial setup and I am able to use the smart card to sign and encrypt files. After the setup the smart…
Askford
  • 155
  • 1
  • 1
  • 5
14
votes
1 answer

Yubikeys & SSH - which option is best for lockdown?

My company has a few dozen servers hosted on a cloud provider. All but one (OpenVPN host) is closed to the internet. We're using OpenVPN AS which uses certs + Google Authenticator for login. We are very interested in security and we want to minimize…
STRML
  • 241
  • 1
  • 4
1
2 3
11 12