Yubico Forum

Re: No password option for openid?

2009-02-18T12:15:34+01:00

Massyn wrote:

Hi all,

Can we get a password added to the openid server? I feel somewhat insecure knowing if my yubikey gets lost, someone could authenticate as me. I think it's important to be sure with the "something you have" and "something you know" methodology.

THanks!

Good point, I have added an issue in our project around this:

http://code.google.com/p/yubico-openid- ... etail?id=1

We don't have time to implement this now, the reason is the complexity and size of this task, but I would be very happy if you or someone else took up the effort here and implemented this.

For our upcoming SAML server, we have created a separate administrative interface, see:

http://code.google.com/p/yubikey-simplesaml-admin/

Possibly something like that could be used for OpenID as well.

/Simon

Statistics: Posted by Simon — Wed Feb 18, 2009 12:15 pm

Re: No password option for openid?

2008-10-20T20:01:44+01:00

Here the login settings screen of clavid where you can disable one-factor authentication and enable Yubikey & Password to assure two-factor authentication.

clavid-login-settings.jpg

Statistics: Posted by Robert — Mon Oct 20, 2008 8:01 pm

Re: No password option for openid?

2008-10-20T12:23:53+01:00

Have you seen Clavid.Com? They provide a more full-featured OpenID server with YubiKey support, and they do support passwords.

As for our openid server, it is open source, so if you send patches to (optionally!) set a password and require that it is used for verification, I can review it. See source code at:

http://code.google.com/p/yubico-openid-server/

It is based on JanRain's example server.

/Simon

Statistics: Posted by Simon — Mon Oct 20, 2008 12:23 pm

No password option for openid?

2008-10-06T07:31:41+01:00

Statistics: Posted by Massyn — Mon Oct 06, 2008 7:31 am