Yubico Forum

Re: How to guarantee secure login - New to NFC

2015-06-02T14:30:03+01:00

Tom2 wrote:

You application should be using OTP or FIDO U2F most probably (guessing here)

Thus have a look at this:

demo.yubico.com
demo.yubico.com/u2f

https://developers.yubico.com/OTP/
https://developers.yubico.com/U2F/

or https://developers.yubico.com/yubioath-android/

Thus send over NFC an OTP and validate it against YubiCloud https://developers.yubico.com/Software_ ... Libraries/

Just amazing, thank you!

Statistics: Posted by Marcuccio — Tue Jun 02, 2015 2:30 pm

Re: How to guarantee secure login - New to NFC

2015-06-02T13:03:01+01:00

Statistics: Posted by Tom2 — Tue Jun 02, 2015 1:03 pm

How to guarantee secure login - New to NFC

2015-06-02T10:21:58+01:00

Hello people,

I'm sorry if subject is not too clear, but I'm really new to NFC development and I started to use the YubiKey only yesterday.
I'm developing a mobile application and I'm using the YubiKey to secure login with the 2FA, but I'm a little bit confused on the way I should use my Key.

My question is : is there any way to make the NFC exchange to be "unique"? When I get the NDEF tag, the only thing that seems to be unique is the id, but I don't think it will really be secure to just check if this Id matches with the one registered into my database (even if it's specific to every user).

I'm a little bit confused on how to use the YubiKey, using NFC, to check if "it's really that person" and prevent this step to be easily hacked.
Right now (I just started to code the application) I'm just checking if the Id matches, but I tell myself that anyone could buy a NFC device, change the Id and hack everything.

I'm sorry if the question has already been asked (I didn't find anything similar) or if I misunderstood all the YubiKey authentication principle, but I would like if anyone could help me out

Thank you!!

Statistics: Posted by Marcuccio — Tue Jun 02, 2015 10:21 am