Yubico Forum

Do I miss understand automount? I create a file container, use Yubikey. I can mount it find but auto-mount devices it says wrong password or no volume found.

How do I get prompted on login to put Yubikey when I login?

Also, how do I set the static password for Yubikey? I might wanna have a second one to keep off my keys around the house and the other on my keychain.

Thank you,
Eric Vogel

unfortunately, Truecrypt does not support the Yubikey right now (unless you are using a static password, in which case almost everything supports it).

If you download the Yubikey configuration tool, you can easily set a static password into its second slot

_________________
My Website
Yubikey Login mod for phpBB

OK, so you set a static passcode, and anyone and their uncle can launch it since this doesn't actually scan for a certain fingerprint.

How is this not a security issue?

Because if you first enter a strong password you know by heart and then press the yubikey you have effectively created a two part authentication, something you know and something you have

//A

Thought I'd already replied to this-

Thanks for setting off the lightbulb in my head. LOVE this thing!

This is not true multi-factor authentication: "something the user knows" and "something the user has." If the system is compromised (keylogger) the infiltrator now knows the entire sequence and can access the encrypted drive without the Yubikey present.

We have successfully made the password more difficult to brute force (likely scenario) and/or if the Yubikey is destroyed one cannot be forced to enter the password (unlikely scenario.) If only we could protect from keyloggers, which I believe is the most likely scenario.

If you are using system level Truecrypt encryption of the whole of the hard disk, I don't think there is any mechanism for a keylogger to be active at that point, mainly because you have only just jumped from the BIOS into the password prompt issued by the Truecrypt Boot Loader.

Z.

As the OP mentioned the use of auto-mount I assumed he was not using whole disk encryption. There are cases in which a user wants to encrypt a partition or file container separate from their operating system, that way the computer is functional while more private data is stored safely away.

Although for my laptop a yubikey with a static password and full disk encryption would be great... and this thread prompted me to read more about the issue and realize that the performance impact isn't as dramatic as I thought.