Yubico Forum
https://forum.yubico.com/

Windows logon using only first 12 in OTP?
https://forum.yubico.com/viewtopic.php?f=23&t=1426
Page 1 of 1

Author:  Josasp [ Tue Jul 15, 2014 5:38 am ]
Post subject:  Windows logon using only first 12 in OTP?

Hi!

Forgive me if this has been asked before, but I'm short on time and need a quick answer.

Is there any option in avalible software to allow Windows login based only on the first 12 characters in the OTP?

I understand that there is a login tool for challenge and response mode.
But that takes up one slot on my yubikeys and those are both busy.

Ofcourse that does not provide the security of a challenge response or the that of the OTP.
But it's still better than the simple passwords we use today, atleast it won't be as easy as looking over someone's shoulder.

Is there any software for that?

Author:  Tom [ Thu Jul 17, 2014 6:38 am ]
Post subject:  Re: Windows logon using only first 12 in OTP?

That solution would not be secure, unless it uses the full OTP and validates against the Yubicloud.

However, you can use the tool posted in this forum under the project section called "yubikey monitor"

it is not secure, but it will protect you against you family members/friends (if the are not erudite in science) using the Yubikey serial number.

Tom.

Author:  Josasp [ Thu Jul 24, 2014 11:39 am ]
Post subject:  Re: Windows logon using only first 12 in OTP?

I understad, that does not validate against the 12 in OTP but rather the keys serial.
It may be fine, will definently check it out.

Well I agree, it's not secure.
But neither are Windows-passwords, unless using user accounts in a domain, windows-passwords are stored locally and easily cracked with OphCrack or a similar utility.

I don't consider Windows passwords to be any sercurity at all, since they can easily be decrypted.
They are however good for keeping away unwanted people from your workstation.

However using windows passwords makes for little security and a minor inconvenience.
I would like to eliminate that incovenience totally, by for example integrating my yubikey.
Maybe even using a NFC reader ;)

Best would be some BTLE solution, but that requireres harware support though.

Tried FastAccess, facial recognition, worked great but is way to expensive for what i does.
25$ is too expensive for a so small problem.

Page 1 of 1 All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/