Do you need to use the device in combination with a user...

2008-05-20T20:13:57+01:00

Q: Regarding my previous question, does you need to use the device in combination with a username and password? If so, then that obviously answers the question - but from what I've read, it's not clear to me that that is the case, I thought you could maybe use the device by itself as the only authentication factor; however that doesn't make much sense since the data is encrypted symmetrically

A: If you don't want to automatically send the pubic ID prefix, you can use a user-supplied identification, such as a username or so. In such a case, only the OTP part is sent (32 characters = 128 bits).

If you want a two-factor login, then you also request the user to supply a PIN or password. That can be used as a static part to be verified by the server together with the dynamic OTP.

Statistics: Posted by hrag — Tue May 20, 2008 8:13 pm

Yubico Forum

Do you need to use the device in combination with a user...