Highest Voted 'yubikey' Questions - IT Security Stack Exchange

65

votes

5 answers

What is a YubiKey and how does it work?

How do YubiKeys work? Are there any alternatives? Here is a picture of one:

asked Jul 31 '12 at 15:11

Gabriel Fair

1,495
2
13
23

41

votes

2 answers

How can it be easy to write but "impossible" to extract the private key from a crypto token?

A number of crypto-dongles make the claim that it is impossible to extract the stored private key once written. Yubico: The YubiKey AES Key information can never be extracted from a YubiKey device – only programmed to it. Nitrokey: Other than…

cryptography hardware yubikey tamper-resistance

asked Jul 08 '15 at 10:09

Praxeolitic

603
6
11

31

votes

3 answers

Is a USB security key trackable among websites?

If I have a security key (U2F key) like yubikey and use it on websites A and B and the owner of these two websites is the same, can the website owner know that I am the same user?

yubikey u2f

asked Nov 25 '21 at 17:10

cooker

391
3
6

30

votes

4 answers

Security of LastPass together with YubiKey

I'm looking at password manager solutions and came across LastPass. I see that they also support two-factor authentication using YubiKeys. How secure is this combination for password management? What are the "weak links" in this scheme that could be…

passwords password-management yubikey lastpass

asked Jul 19 '11 at 23:42

jrdioko

13,011
7
29
38

24

votes

4 answers

What is the risk and mitigation of accidentally typing a YubiKey password in an open forum?

I have a YubiKey in my laptop (for testing) and accidentally broadcast my YubiKey password out to the Internet. Since this is only a test key, and has no access to anything of value, here are some sample OTP…

passwords authentication multi-factor one-time-password yubikey

asked Feb 14 '13 at 01:34

makerofthings7

50,090
54
250
536

21

votes

6 answers

Is it reasonable to use KeePassXC with YubiKey?

At the moment, I am using KeePassXC with a relatively strong master password. To further improve security, I thought about buying a YubiKey to have 2-Factor-Authentication. KeePassXC supports the so called "HMAC-SHA1 Challenge Response mode". In the…

passwords yubikey

asked Jan 12 '19 at 14:29

Aliquis

769
1
7
12

21

votes

4 answers

Create backup Yubikey with identical PGP keys

I've recently bought two Yubikeys Neo which I'd like to use primarily for encryption and authentification by using the smartcard feature with GnuPG. I've read a few how-to on the subject (most notably here and here) and I've managed to generate and…

pgp gnupg yubikey

asked Mar 14 '18 at 16:43

Foaly

371
1
2
7

19

votes

1 answer

Is there a Yubikey equivalent to "stealing the hard drive"?

Maybe I'm essentially asking an electronics / storage question... This question is similar, though I think it was maybe asked more about physical security while the answer was more about malware. This question explains that YK "stores the key on its…

storage yubikey

asked Mar 07 '21 at 03:53

dcc310

301
2
5

19

votes

3 answers

GPG encryption subkey on multiple smart cards issue

Is there a way to tell GPG, that if it needs to decrypt something, that it can find the private encryption key on one of two smart cards? My (simplified) setup is as follows: Generated a master key offline with an encryption subkey. Transferred the…

encryption gnupg smartcard yubikey

asked Mar 23 '17 at 14:31

Scott

293
2
6

18

votes

1 answer

FIDO, U2F Compatibility

I've been following the FIDO standard (a consumer-friendly public-key system similar to SSH key pairs) and it appears that it's close to being complete: both Google and PayPal have been testing it internally for some time, the just-announced Samsung…

hmac one-time-password yubikey fido

asked Apr 01 '14 at 18:31

Indolering

852
6
21

18

votes

1 answer

Yubikey / GPG with OpenSSH signed key

I am currently looking into the possibility of using Yubikey (NEO)'s to store the private SSH keys of my users. By searching the internet I've found several places that explain how you can generate a GPG master key and subkey, import it on your…

ssh certificate-authority key-management gnupg yubikey

asked Nov 05 '15 at 10:24

SunMar

181
1
5

17

votes

6 answers

How YubiKey Challenge-Response works "locally"?

I have got a YubiKey NEO recently (and a bit disappointed that you can only have two activated second factor authentication methods out of all the listed). In password managers those support YubiKey, Password Safe is open-source and works locally.…

authentication password-management yubikey

asked Jun 11 '15 at 23:28

Kousha

271
1
2
6

17

votes

2 answers

Two-factor authentication with ssh key authentication and yubikey?

OpenSSH won't invoke PAM at all if public key (RSA) authentication is configured and the client presents a valid key. So if you use key-based auth, you can't enforce 2FA easily. One workaround for this limitation involves writing a helper program…

ssh yubikey

asked Apr 12 '13 at 16:32

user391

171
1
3

15

votes

5 answers

Smart card + GnuPG: what is stored in my keyring/how to adopt smart card?

I recently bought a Yubikey Neo which can act as a OpenPGP smart card. I'd like to use this to store my private GnuPG key. I've gone through the initial setup and I am able to use the smart card to sign and encrypt files. After the setup the smart…

key-management gnupg smartcard yubikey

asked Nov 07 '13 at 15:12

Askford

155
1
1
5

14

votes

1 answer

Yubikeys & SSH - which option is best for lockdown?

My company has a few dozen servers hosted on a cloud provider. All but one (OpenVPN host) is closed to the internet. We're using OpenVPN AS which uses certs + Google Authenticator for login. We are very interested in security and we want to minimize…

ssh multi-factor yubikey

asked Sep 28 '14 at 20:35

STRML

241
1
4

Questions tagged [yubikey]