Re: [Question] Knowing whether it's the correct user or not.

2014-12-01T09:45:34+01:00

Hi!

The first 12 characters of a standard YubiKey One-Time Password is the ID of the key. For example, the OTP ccccccdtrielbtgbgkbrjvlteentubijtnjeengvrvuh is produced by a YubiKey with the ID ccccccdtriel.

You can read more about this at developers.yubico.com/OTP.

Statistics: Posted by henrik — Mon Dec 01, 2014 9:45 am

[Question] Knowing whether it's the correct user or not.

2014-11-28T15:16:45+01:00

I'm a developer and have owned a yubikey for quite some time now but have yet to understand how the OTP system can authorize a user.
From what I've seen on https://github.com/Yubico/php-yubico/ there's not really a way to know if it's the same user. Just if they user entered a correct OTP.
So if I were to setup a yubikey 2fa integration on one of my pages another user could use their yubikey to login. I hope this is wrong, please advice.

Thanks in advance,
Carlgo11

Statistics: Posted by carlgo11 — Fri Nov 28, 2014 3:16 pm

Yubico Forum

Re: [Question] Knowing whether it's the correct user or not.

[Question] Knowing whether it's the correct user or not.