I mentioned this in another topic however it wasn't probably in the best place.
Does anyone else think it would be useful for yubico to maintain a log of authentication requests and times? (and maybe the ip address the authentication request was made from). I can see some situations where it may be useful to see if anyone has used your yubikey.
As I suggested in the thread the history kept could be short ( a week of authentication requests of the last 100 or something) so yubico doesnt have maintain lots of records.
Also i think it could be opt in i.e. By default it doesnt log. ( I can see some people not wanting it logged.). It could be an option when you upload an AES key Also optin would be a good idea so yubico isn't logging info for people who dont want it.
Finally I think the log shouldnt be deleteable. It will just auto delete after the retention peroid. Otherwise someone with your key would just delete the records. With a non deleteable authentication log you could check the within the retention peoid and find out if it had been used.
Ofcourse this could be implemented if you run your own validation and key storage server.. but if yubico offered this it would be fantastic.Statistics: Posted by votality — Tue Jan 26, 2010 3:29 pm
]]>