I'm curious - what does your backend infrastructure look like? We're all talking about the Yubikey and how cool it is, there's a bizzilion applications coming online relying on Yubico to provide us authentication, but how safe is it? Where is the data center located, are the servers in full redundancy, how's their capacity like, are they stable, what happens if your primary internet link is down - do you have a backup link? What about physical security? Is the servers locked up in a secure data center?
Of course if physical access to the Yubico servers are compromised, they can be hacked to allow any type of authentication through. What can be done to absolutely ensure that all authentication goes and comes from Yubico? Should we use SSL for authentication?
ThanksStatistics: Posted by Massyn — Tue Feb 24, 2009 3:35 am
]]>