PTKen wrote:
Okay, I see. Thank you for the reply. I might try this, but the more I think about it, I'm not sure if it will really work for me. If I set up this way, will I have to be at the computer with this software loaded to access my gmail? What if I'm at a public machine? How would I log on without the software loaded? The beauty of the Yubikey for me with LastPass is that I just plug it in and don't need any software loaded.
Thanks again for the help.
A google credential is a TOTP credential, so using it will always require some sort of software component to provide datetime data to the yubikey, since the yubikey doesn't have an internal clock and needs the current time provided to it to produce the time-based OTP.
In that stated case above, I'd definitely use a NEO (not NEO-n), but with my NFC-capable android phone running the android version of Yubico Authenticator. That's why I keep the Yubico Authenticator client installed on all of my machines, plus my phone: I can get the credentials generated in different situations.
Alternately, you could set up your google account to use U2F instead. That would require the public machine to be running a recent version of chrome (technically a software requirement, but not very burdensome) and have open and working USB ports.
An aside: I'm very very wary of public terminals and strongly recommend avoiding them. I'm personally more concerned about wire/wireless sniffed and replayed credentials or password-reuse attacks due to (now mostly past) password reuse behavior on my part.
B
PS - Also, since you mentioned LastPass: I also use LastPass on windows and android. It support NFC Yubikey OTPs on Android but it *also* supports "keyboard entry" of Yubikey OTPs connected via a USB OTG adapter (I have one similar to this one:
http://www.amazon.com/PLAY-Android-Adap ... en+usb+otg ). If you use iPhone/iPad, there might be a way to do something similar (for Yubico OTPs, not google TOTPs) using the USB camera connection kit cable. Just FYI.
Login
FAQ
Search
