Yubico Forum ...visit our web-store at 2008-11-20T16:10:28+01:00 https://forum.yubico.com/feed.php?f=12&t=80 2008-11-20T16:10:28+01:00 2008-11-20T16:10:28+01:00 https://forum.yubico.com/viewtopic.php?t=80&p=796#p796 <![CDATA[Re: YubiKey for Windows login?]]> Rohos Logon Key release with OTP validation.

Statistics: Posted by Rohos — Thu Nov 20, 2008 4:10 pm

]]> 2008-08-21T02:13:47+01:00 2008-08-21T02:13:47+01:00 https://forum.yubico.com/viewtopic.php?t=80&p=579#p579 <![CDATA[Re: YubiKey for Windows login?]]> Statistics: Posted by deekdeek — Thu Aug 21, 2008 2:13 am

]]> 2008-08-19T14:37:58+01:00 2008-08-19T14:37:58+01:00 https://forum.yubico.com/viewtopic.php?t=80&p=561#p561 <![CDATA[Re: YubiKey for Windows login?]]>
/Simon

Statistics: Posted by Simon — Tue Aug 19, 2008 2:37 pm

]]> 2008-08-08T23:09:30+01:00 2008-08-08T23:09:30+01:00 https://forum.yubico.com/viewtopic.php?t=80&p=537#p537 <![CDATA[Re: YubiKey for Windows login?]]>
:D

Statistics: Posted by paul — Fri Aug 08, 2008 11:09 pm

]]> 2008-08-06T14:30:28+01:00 2008-08-06T14:30:28+01:00 https://forum.yubico.com/viewtopic.php?t=80&p=530#p530 <![CDATA[Re: YubiKey for Windows login?]]>
We have published next release with Windows Vista support (x64/x86).
This is a final release.

Rohos Logon Key can be intalled into Windows 2000/XP/Vista standalone workstations or AD workstations.
Local login/AD login are possible.

Some answers:
    * During Yubikey setup the program bounds to YubiKey IDs (first 12 chars).
    * In current release Rohos doesn’t check generated OTP on the server, or OTP validity. It only checks the key’s ID.
    * Rohos checks that OTP string was entered from YubiKey device, but not manually.
    * For login rohos uses actual username/password that is stored in Windows registry (encrypted).

Download: http://www.rohos.com/free-encryption/2008/07/28/yubikey/

Statistics: Posted by Rohos — Wed Aug 06, 2008 2:30 pm

]]> 2008-08-01T08:54:03+01:00 2008-08-01T08:54:03+01:00 https://forum.yubico.com/viewtopic.php?t=80&p=510#p510 <![CDATA[Rohos Logon. Windows Login with YubiKey]]>
Thanks Paul for the device sample!
Here is how to try Yubikey for Windows Logon:
http://www.rohos.com/yubikey.htm

* At the moment Windows XP (x64/x86) are supported.
* Windows Vista in progress.
* MAC OS X login in development plan.

Statistics: Posted by Rohos — Fri Aug 01, 2008 8:54 am

]]> 2008-07-22T14:09:16+01:00 2008-07-22T14:09:16+01:00 https://forum.yubico.com/viewtopic.php?t=80&p=458#p458 <![CDATA[Re: YubiKey for Windows login?]]> Statistics: Posted by jdetar — Tue Jul 22, 2008 2:09 pm

]]> 2008-07-18T04:36:54+01:00 2008-07-18T04:36:54+01:00 https://forum.yubico.com/viewtopic.php?t=80&p=440#p440 <![CDATA[Re: YubiKey for Windows login?]]>
We need details :D

Statistics: Posted by ferrix — Fri Jul 18, 2008 4:36 am

]]> 2008-07-18T04:34:29+01:00 2008-07-18T04:34:29+01:00 https://forum.yubico.com/viewtopic.php?t=80&p=439#p439 <![CDATA[Rohos did a beta release of using YubiKey for Windows login]]>
I'm excited to try out a great piece of work done by Rohos to use Yubikey for Windows login. They are polishing it and testing it more before making the official release.

Cheers
8-)

Statistics: Posted by paul — Fri Jul 18, 2008 4:34 am

]]> 2008-06-30T15:28:49+01:00 2008-06-30T15:28:49+01:00 https://forum.yubico.com/viewtopic.php?t=80&p=381#p381 <![CDATA[Re: YubiKey for Windows login?]]> Simon wrote:

Right. I suspect that our "static OTP" yubikey will be a simpler solution for this camp.


That is certainly an easy solution. I'm interested to see if the AES key can be pushed into the TPM chip and that way use the key in OTP mode.

Simon wrote:

Some are using Active Directory, which if I understand correctly, would mean that it is the server that needs to become yubikey-aware and not the client (or possibly both).


For logon to AD workstations, it's definitely both. The interface needs to change on the client, and there needs to be quite a lot of infrastructure code on the domain side.

But there are other scenarios. The first simple one we are supporting is to use the yubikey as a second factor to log in to the extranet, preventing remote password attacks and access. This solution would not change the way authentication to the workstations happens, only remote web authentication and VPN.

I'm just trying to get a feel for what the priorities are of the community (potential customers)

Simon if you don't want to field questions about Windows directly feel free to forward them to me at greg@collectivesoftware.com

Cheers!

Statistics: Posted by ferrix — Mon Jun 30, 2008 3:28 pm

]]> 2008-06-30T15:12:22+01:00 2008-06-30T15:12:22+01:00 https://forum.yubico.com/viewtopic.php?t=80&p=378#p378 <![CDATA[Re: YubiKey for Windows login?]]> paul wrote:

* Secure a personal PC:

Convenience is the driver. People do not want to leave the PC w/o a password
but do not like the hassle of remmebering & typing the password.


Right. I suspect that our "static OTP" yubikey will be a simpler solution for this camp.

I've asked the people who want "windows login" what they mean, but it seems there are soo many things they can mean that I lose track. I'm not a windows expert. Some are using Active Directory, which if I understand correctly, would mean that it is the server that needs to become yubikey-aware and not the client (or possibly both).

Doesn't windows support radius for login authentication? If so, getting it to work should be relatively easy, at least for demonstration purposes, via our Pam module and FreeRadius.

/Simon

Statistics: Posted by Simon — Mon Jun 30, 2008 3:12 pm

]]> 2008-06-28T01:20:43+01:00 2008-06-28T01:20:43+01:00 https://forum.yubico.com/viewtopic.php?t=80&p=371#p371 <![CDATA[Re: YubiKey for Windows login?]]> paul wrote:

* Secure an enterprise PC:

2nd-factor strong auth is the selling point. The PC can be online connected to a corp AD as well as off-line when you are travelling.


The only ways I can think of to allow offline access would be:

1) Have the AES key in the machine's TPM store, and log on with local validation. Neat but it's hard to administer because it requires a secure authority to visit each laptop and commit the AES key to storage.

2) Just look at the public ID of the yubikey since we can't decrypt it without access to the AD server.

3) The default-- don't require yubikey to log in locally, but when we get back to the domain and try to access net resources, do the OTP then.
----

This is the reason I want to have these discussions here. Using symmetric encryption can be tricky because storage of the secret becomes important, and because it's impossible to evaluate the identity without knowledge of the secret or connection to (in this case) the domain.

Or, were you talking about having the OTP validation connect out to a publically available server such as the Yubico one? But I bet enterprises will not want to trust their identity security to an external company.

I look forward to responses; trying to generate some good ideas and discussion so the product is as good as possible.

Statistics: Posted by ferrix — Sat Jun 28, 2008 1:20 am

]]> 2008-06-28T01:10:22+01:00 2008-06-28T01:10:22+01:00 https://forum.yubico.com/viewtopic.php?t=80&p=370#p370 <![CDATA[Re: YubiKey for Windows login?]]>
The requests on Windows login go into 2 camps as you may already knew:

* Secure an enterprise PC:

2nd-factor strong auth is the selling point. The PC can be online connected to a corp AD as well as off-line when you are travelling.

* Secure a personal PC:

Convenience is the driver. People do not want to leave the PC w/o a password
but do not like the hassle of remmebering & typing the password.

:ugeek:

Statistics: Posted by paul — Sat Jun 28, 2008 1:10 am

]]> 2008-06-25T14:04:30+01:00 2008-06-25T14:04:30+01:00 https://forum.yubico.com/viewtopic.php?t=80&p=351#p351 <![CDATA[Re: YubiKey for Windows login?]]>
Simon (et al) could you post any details about requests you've received? "log in to windows" is a very broad thing. I'm assuming most people want to do this in an organization and log in to active directory. But also some people may want to do this on their home (standalone) machines... I'm sure my fellow "Security Now" listeners probably fall into this "enthusiast" category..

So any details will be very helpful as we do development.

Statistics: Posted by ferrix — Wed Jun 25, 2008 2:04 pm

]]> 2008-06-25T08:13:45+01:00 2008-06-25T08:13:45+01:00 https://forum.yubico.com/viewtopic.php?t=80&p=339#p339 <![CDATA[Re: YubiKey for Windows login?]]> ferrix wrote:

My company is interested in building and selling a custom windows interactive authentication module (they are a lot of work). But don't worry, it will be affordable, like the keys :)


Thanks! This is exactly the kind of efforts that we from Yubico wants to encourage, companies should be able to develop applications or integration components and bundle them with yubikeys as a value-added service. Yubico isn't a integration company, so this co-operation is excellent for us. We have many potential customers asking for Windows login, and if you or someone else develops a solution for it, we'll send these customers your way.

/Simon

Statistics: Posted by Simon — Wed Jun 25, 2008 8:13 am

]]>