Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 6:02 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 4 posts ] 
Author Message
PostPosted: Mon Aug 31, 2015 11:18 pm 
Offline

Joined: Mon Aug 31, 2015 10:47 pm
Posts: 2
I currently use an app called Authy as an alternative to Google Authenticator which generates all my auth codes for over a dozen sites. I would like to use my Yubikey Neo to generate those codes at the push of a button. I have an iPhone, not an Android phone, so I can't use your Android app. I downloaded a Mac version of the Yubico Authenticator, but it won't recognize my Neo. I'm comfortablish on the command line but the process to get this up and running seems inordinately complex and I've already been ground to a halt trying to configure this thing for logging into my Mac.

I also bought a Yubikey U2F which, obviously, was incredibly easy to configure with Google and Dropbox. I guess what I'm wondering is, if that's so easy, why is it so complex for me to configure this thing to do all the other stuff I want it to do? How can I do what I want simply?

Why not design an app that just says, "How would you like to use your Yubikey?" with checkboxes for "to login with two factor auth for websites," "to login to my computer," "to store my PGP/GPG keys," "to store my SSH keys," and automate that process through the app instead of making such a complicated path for less hardcore folks like me?

The whole issue with broad adoption of advanced security is that there's such a high level of know-how needed to make even the most basic things work (like GPG) that the average end user will never adopt it. I thought the U2F was awesome and wanted to do more with it, so I bought a Neo. Now I feel like I wasted my money on something I can't even get working without having to write forum posts. Must we count on website owners to add U2F support instead of counting on you guys to make kick ass software that makes it easy for fools like me to secure their devices?

Like, why does this exist instead of an app to drag and drop my GPG private key and my SSH private key directly onto the Yubikey and have them activated for use automatically?


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Thu Sep 03, 2015 5:20 pm 
Offline
Yubico Team
Yubico Team

Joined: Thu Oct 16, 2014 3:44 pm
Posts: 349
It depends on what type of OATH codes are used...
HOTP - counter based, you can program this into Slot 2 and use long-press
TOTP - time based, requires Yubico Authenticator (so button press is irrelevant, requires system time and the helper app)

If Yubico Authenticator doesn't see the NEO, you most likely still need to enable CCID mode (smart card functionality). Install the YubiKey NEO Manager to enable CCID, power cycle, and run Yubico Authenticator again. https://developers.yubico.com/yubikey-n ... /Releases/

Yubico is working on a configuration app that is more user friendly and handles the functionality of the NEO Manager / Personalization Tool - we are in the early testing phase right now.

iOS NFC is still limited to Apple Pay only and is not available for third-party developers to utilize, and Windows Phone cannot handle NFC/Mifare combo devices, so we are currently working on a BLE YubiKey to address these (and other) limitations.

If you're curious why smart card communication over USB is disabled by default on NEOs, it's because a good percentage of users never even use the smart card functionality over USB, and due to the way smart card / USB devices behave, the "smart card" has to be disconnected each time you want to use one of the configuration slots, and then reconnected. If you have your volume turned up, this results in the annoying disconnect/reconnect sound from the OS. The smart card functionality is still available over NFC when CCID mode is disabled, so apps like Yubico Authenticator for Android continue to work.


Top
 Profile  
Reply with quote  
PostPosted: Thu Sep 10, 2015 10:29 am 
Offline
Yubico Team
Yubico Team

Joined: Wed Aug 06, 2014 2:40 pm
Posts: 38
This is very valuable input. When you work with the same tools all the time, it's easy to get used to and not see their usability issues.

ChrisHalos wrote:
If you're curious why smart card communication over USB is disabled by default on NEOs, it's because a good percentage of users never even use the smart card functionality over USB, and due to the way smart card / USB devices behave, the "smart card" has to be disconnected each time you want to use one of the configuration slots, and then reconnected.

Since Smart Card communication is disabled by default, we should make Yubico Authenticator detect that a NEO without Smart Card communication is inserted (and give the user an option to enable it). I created an issue to implement this.

selfagency wrote:
Why not design an app that just says, "How would you like to use your Yubikey?" with checkboxes for "to login with two factor auth for websites," "to login to my computer," "to store my PGP/GPG keys," "to store my SSH keys," and automate that process through the app instead of making such a complicated path for less hardcore folks like me?

"to login with two factor auth for websites"
This is essentially what Yubico Authenticator is trying to do (I know that it didn't work for you, but we're now working on that).

selfagency wrote:
Like, why does this exist instead of an app to drag and drop my GPG private key and my SSH private key directly onto the Yubikey and have them activated for use automatically?

That PGP/SSH guide is old. Many things can be done much easier now. We will update it! In the meantime, maybe this guide or this one helps?


Top
 Profile  
Reply with quote  
PostPosted: Thu Sep 10, 2015 12:30 pm 
Offline
Yubico Team
Yubico Team

Joined: Wed Aug 06, 2014 2:40 pm
Posts: 38
selfagency wrote:
I also bought a Yubikey U2F which, obviously, was incredibly easy to configure with Google and Dropbox. I guess what I'm wondering is, if that's so easy, why is it so complex for me to configure this thing to do all the other stuff I want it to do? How can I do what I want simply?

selfagency wrote:
Must we count on website owners to add U2F support instead of counting on you guys to make kick ass software that makes it easy for fools like me to secure their devices?

This is why U2F exists and why Yubico has put a lot of effort into U2F. If the other authentication protocols were as easy to use, U2F would probably not exist.

Btw, I'm a developer at Yubico and I find GPG+SSH setup frustrating myself at times, so there's no reason for you to feel like a fool :)


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 4 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 6 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group