Yubico Forum
https://forum.yubico.com/

Users who leave Yubikey plugged in -- tweaks to avoid this?
https://forum.yubico.com/viewtopic.php?f=16&t=763
Page 1 of 1

Author:  tls [ Sun Mar 04, 2012 10:36 pm ]
Post subject:  Users who leave Yubikey plugged in -- tweaks to avoid this?

We're concerned about users leaving the Yubikey plugged in when they walk away from their desks. We've had a few ideas to work around this at the system level (such as writing a Windows scheduled task that looks for the Yubikey in the device tree and locks the display if it finds it) but it seems like a small firmware adjustment might do the trick.

Would it be feasible to add a configuration option to the Yubikey in some future firmware version that could cause it to emit only one response each time it's plugged in, or, alternately, to "time out" and shut itself off if it's plugged in for a configurable interval with no button press?

Does anyone have other ideas for dealing with this issue? One of my coworkers sees this as a reason to use traditional code-displaying HOTP keyfobs for in-office applications instead of the Yubikey, and I have to admit I can see his point. It's a shame there isn't a display version of the Yubikey, with all the same handy USB configuration functionality, but code output on a builtin display instead. Then we could have a uniform keying and management interface, but issue Yubikeys for primarily remote access applications and display tokens for at-desk ones where we're worried about the yubikey being left plugged in.

The RFID Yubikey seems like it would offer another cute solution to this problem, since making the Yubikey and the door access card the same device would keep people from leaving it plugged in on bathroom breaks, when leaving the office for the day, etc. but Mifare Classic as the RFID component is a tough sell in North America -- we see 3 or 4 different access card systems in buildings we're in but that does not seem to be one of them anywhere.

Page 1 of 1 All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/