Yubico Forum ...visit our web-store at 2008-10-31T17:35:34+01:00 https://forum.yubico.com/feed.php?f=3&t=202 2008-10-31T17:35:34+01:00 2008-10-31T17:35:34+01:00 https://forum.yubico.com/viewtopic.php?t=202&p=780#p780 <![CDATA[Re: OTP verification on the yubico.com + PIN code]]> Rohos wrote:

We are implementing OTP online validation on your server by using API http://www.yubico.com/developers/api/
but there is no notice about PIN code support.

Does this verification includes PIN code validation or not?


Hi, Alex,

Good question. Yubico validation server intends to validate OTP only, usually it is the service provider that stores the PIN as the 2nd factor on their side. See MashedLife.com or ClavID.com as examples.

If you think that's not enough... since Yubico validation server is open-source, some do tweak it to serve their own purposes.

Cheers

Statistics: Posted by paul — Fri Oct 31, 2008 5:35 pm

]]> 2008-10-31T14:52:34+01:00 2008-10-31T14:52:34+01:00 https://forum.yubico.com/viewtopic.php?t=202&p=779#p779 <![CDATA[Re: OTP verification on the yubico.com + PIN code]]> ferrix wrote:

Alex,
We already have solved this problem , by the way, see http://AuthLite.com if interested.


What exactly do you fixed?
My question was How to verify PIN via your Web API? (if user choosed to use PIN on your site)

I saw authlite web, but looks like there is no download. I wrote them an email to get a trial. but no responce.

Statistics: Posted by Rohos — Fri Oct 31, 2008 2:52 pm

]]> 2008-10-29T20:56:55+01:00 2008-10-29T20:56:55+01:00 https://forum.yubico.com/viewtopic.php?t=202&p=773#p773 <![CDATA[Re: OTP verification on the yubico.com + PIN code]]> hasterguf wrote:

What about storing the Secret AES key and the counters locally? Then you could always do an offline authentication without being dependant of yubico's servers...

Best regards,
Alex


Alex,
We already have solved this problem , by the way, see http://AuthLite.com if interested.

Statistics: Posted by ferrix — Wed Oct 29, 2008 8:56 pm

]]> 2008-10-29T10:19:17+01:00 2008-10-29T10:19:17+01:00 https://forum.yubico.com/viewtopic.php?t=202&p=772#p772 <![CDATA[Re: OTP verification on the yubico.com + PIN code]]> hasterguf wrote:

It's nice that you are implementing the windows-logon with the yubikey - when it's working you would immidiately have a new customer. But I see a problem in the fact that you are relying on yubico's servers. What if they are down or the computer is missing internet-connection? Then it's not possible to authenticate?
What about storing the Secret AES key and the counters locally? Then you could always do an offline authentication without being dependant of yubico's servers...

Best regards,
Alex


We are going to implement verification on the Yubico web + local verification (by using changed AES key).
So we will make both.

Statistics: Posted by Rohos — Wed Oct 29, 2008 10:19 am

]]> 2008-10-28T20:00:35+01:00 2008-10-28T20:00:35+01:00 https://forum.yubico.com/viewtopic.php?t=202&p=771#p771 <![CDATA[Re: OTP verification on the yubico.com + PIN code]]>
It's nice that you are implementing the windows-logon with the yubikey - when it's working you would immidiately have a new customer. But I see a problem in the fact that you are relying on yubico's servers. What if they are down or the computer is missing internet-connection? Then it's not possible to authenticate?
What about storing the Secret AES key and the counters locally? Then you could always do an offline authentication without being dependant of yubico's servers...

Best regards,
Alex

Statistics: Posted by hasterguf — Tue Oct 28, 2008 8:00 pm

]]> 2008-10-28T15:44:38+01:00 2008-10-28T15:44:38+01:00 https://forum.yubico.com/viewtopic.php?t=202&p=770#p770 <![CDATA[OTP verification on the yubico.com + PIN code]]> http://www.yubico.com/developers/api/
but there is no notice about PIN code support.

Does this verification includes PIN code validation or not?

Statistics: Posted by Rohos — Tue Oct 28, 2008 3:44 pm

]]>