Yubico Forum ...visit our web-store at 2013-12-08T08:09:37+01:00 https://forum.yubico.com/feed.php?f=23&t=1251 2013-12-08T08:09:37+01:00 2013-12-08T08:09:37+01:00 https://forum.yubico.com/viewtopic.php?t=1251&p=4708#p4708 <![CDATA[Re: [QUESTION] Procedure to access Win 8 when Yubikey is los]]> Tom wrote:

Password can easily be stolen, cracked or snooped from a remote attacker around the world, while the Yubikey it is with you and can potentially only be "stolen" by the very few people around you.

Moreover, the Yubikey secrets cannot remotely stolen.


So there are 2 types of attacks that need to be considered, local and remote.

Tom wrote:

A 100 characters password will not give you anything more then a 20 characters password (practically not theoretically). They are both to long to be guessed (but steal be be stolen/lost/cracked)


In terms of Windows logon I imagine one would need to have RDP enabled for a remote attack to happen against one's Windows account. As far as getting the password, although a long password would protect against a stolen SAM file with the hashed passwords, it would not protect against a keystroke logger which is what you imply when you wrote that it could be stolen regardless of length, right?

Tom wrote:

You can always enable the "safe mode" in the logon tool. This will allow you to reboot your machine in safe mode and login without the Yubikey.

So enabling 'safe mode' in the logon tool, (which is the default), would not protect against local attacks, but would still protect against remote attacks since a remote attacker would not be able to physically reboot the machine in safe mode, right?

Statistics: Posted by yomo768 — Sun Dec 08, 2013 8:09 am

]]> 2013-12-07T12:55:26+01:00 2013-12-07T12:55:26+01:00 https://forum.yubico.com/viewtopic.php?t=1251&p=4701#p4701 <![CDATA[Re: [QUESTION] Procedure to access Win 8 when Yubikey is los]]>
The strength resides in the fact that you have something you "know" the password and something you have "the Yubikey"

Password can easily be stolen, cracked or snooped from a remote attacker around the world, while the Yubikey it is with you and can potentially only be "stolen" by the very few people around you.

Moreover, the Yubikey secrets cannot remotely stolen.

A 100 characters password will not give you anything more then a 20 characters password (practically not theoretically). They are both to long to be guessed (but steal be be stolen/lost/cracked)

You can always enable the "safe mode" in the logon tool. This will allow you to reboot your machine in safe mode and login without the Yubikey.

Statistics: Posted by Tom — Sat Dec 07, 2013 12:55 pm

]]> 2013-12-06T17:57:16+01:00 2013-12-06T17:57:16+01:00 https://forum.yubico.com/viewtopic.php?t=1251&p=4698#p4698 <![CDATA[Re: [QUESTION] Procedure to access Win 8 when Yubikey is los]]> Tom wrote:

You can create a backup of your Yubikey on a second Yubikey.

I only have 1 Yubikey so that's not possible.

Tom wrote:

If you have 2 "admin" account one with Two Factor Authentication and one without, you are basically voiding any benefit.

However, my day-to-day account contains a shorter password, which, combined with the Yubikey makes it more secure. My recovery admin account password would contain for example, 100 characters so that should be a good compromise, right?

Statistics: Posted by yomo768 — Fri Dec 06, 2013 5:57 pm

]]> 2013-12-06T08:34:02+01:00 2013-12-06T08:34:02+01:00 https://forum.yubico.com/viewtopic.php?t=1251&p=4697#p4697 <![CDATA[Re: [QUESTION] Procedure to access Win 8 when Yubikey is los]]>
If you have 2 "admin" account one with Two Factor Authentication and one without, you are basically voiding any benefit.

Statistics: Posted by Tom — Fri Dec 06, 2013 8:34 am

]]> 2013-12-06T06:13:55+01:00 2013-12-06T06:13:55+01:00 https://forum.yubico.com/viewtopic.php?t=1251&p=4696#p4696 <![CDATA[[QUESTION] Procedure to access Win 8 when Yubikey is lost]]> Statistics: Posted by yomo768 — Fri Dec 06, 2013 6:13 am

]]>