Yubico Forum
https://forum.yubico.com/

[QUESTION] 2nd factor on mobile devices without a NEO
https://forum.yubico.com/viewtopic.php?f=35&t=2782
Page 1 of 1

Author:  onemorething [ Tue Nov 14, 2017 1:04 am ]
Post subject:  [QUESTION] 2nd factor on mobile devices without a NEO

I have a Yubikey 4 and plan to use it wherever it's accepted as my only 2nd factor (i.e., no mobile device OTP if avoidable), but if I configure an account to require the key, and I don't have a NEO, doesn't that prevent me from accessing that account on my phone? With phones being essentially as important (or more so) than computers, does that mean that the purchase of a Yubikey 4 or a Security Key are essentially worthless? And wouldn't that be the case for nearly everybody?

Thanks for any clarification that can be provided.

B.

Author:  ChrisHalos [ Tue Nov 14, 2017 3:16 am ]
Post subject:  Re: [QUESTION] 2nd factor on mobile devices without a NEO

The logic is always determined by the service you're authenticating to. There's no way to answer this question without knowing the specific use case.

Author:  onemorething [ Tue Nov 14, 2017 3:09 pm ]
Post subject:  Re: [QUESTION] 2nd factor on mobile devices without a NEO

Pretty easy to present a use case. I cannot log on to this forum without my Yubikey. This presents no challenge when logging on to this forum from a computer. It seems insurmountable when trying to log on to this forum from my phone. This scenario would be the same for any account that requires the key and an alternative 2nd factor (e.g., Google Authenticator) is not available or in use.

Thanks for your help in understanding this.

B.

Author:  ChrisHalos [ Tue Nov 14, 2017 10:19 pm ]
Post subject:  Re: [QUESTION] 2nd factor on mobile devices without a NEO

My point is that EVERY use case is different. Yubico OTP on the forum -

You can either turn off the requirement for an OTP in your account settings, or if you really want to log in from a phone with OTP enabled, you'll need an adapter to plug the YubiKey into your phone.

LastPass uses the same credential (Yubico OTP) but has completely different access rules. The access rules are determined by the service, not by the authentication device. You can change the settings in LastPass to require an OTP on your computer but not from a mobile device, if that's how you want your LastPass account to behave.

Again, every single site/service you're trying to authenticate to will use different logic. You should be asking the service now they handle the scenario, not Yubico. We have no control over the workflow.

Page 1 of 1 All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/