| Yubico Forum https://forum.yubico.com/ |
|
| Can the YubiKey authenticate Windows logins? https://forum.yubico.com/viewtopic.php?f=4&t=8 |
Page 1 of 1 |
| Author: | hrag [ Tue May 13, 2008 12:48 am ] |
| Post subject: | Can the YubiKey authenticate Windows logins? |
Q: Do you have any documentation regarding the use of the YubiKey for authenticating Windows logins? A: We are currently exploring different ways to make this work, but don't have any support for Windows login right now. |
|
| Author: | LyndyB [ Fri Jun 06, 2008 10:25 pm ] |
| Post subject: | Re: Can the YubiKey authenticate Windows logins? |
As posted elsewhere in this forum, under the topic of using the Yubikey to authenticate in a RDP or Terminal Services session, the ability to use the Yubikey for general Windows login authentication is of significant interest to me and my company. I am definitely in favor of this enhancement. |
|
| Author: | Jakob [ Fri Jun 13, 2008 8:17 pm ] |
| Post subject: | Re: Can the YubiKey authenticate Windows logins? |
It is a high-prio topic - anyone prepared to take a bite on an AD login one would certainly be a hero. In an earlier project I was involved with another token where we developed a custom GINA (Windows login screen basically). My experience is that it created a nightmare in terms of support- and compatibility problems, including inability to login in at all. An alternative that always works is to use our "static OTP" configuration, i.e. having a Yubikey that sends a very long static password of gibberish. Although not as secure as a dynamic code, it is certainly a lift from traditional weak/short passwords. Consider replacing a pretty-hard-to-guess password like HaaRD!PaszwoRrD with fkjjrrceftukvgtvtekdvllnblrundclbdgteinlgrfvlnblrundkcelujvvuubgcirbhhjeegfenebteheg Just imagine telling that one to someone over the phone. Write it down on paper and type it in, letter by letter... In order to get more of a two-factor model, the password can be prefixed with the user's ordinary password. Then the Yubikey is pressed and the 32-64 character gibberish string is outputed after it together with an ENTER stroke. An user with the password "Yubico" would then have the real password Yubicofkjjrrceftukvgtvtekdvllnblrundclbdgteinlgrfvlnblrundkcelujvvuubgcirbhhjeegfenebteheg Again - not perfect but works for all settings, including local login. Allowing the user to changing the password is not that difficult either... Regards, JakobE Hardware- and firmware guy @ Yubico Telling the password over the |
|
| Page 1 of 1 | All times are UTC + 1 hour |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|