Yubico Forum :: View topic - What is the benefit of OTP Windows Logon?

Yubico Forum https://forum.yubico.com/

What is the benefit of OTP Windows Logon? https://forum.yubico.com/viewtopic.php?f=23&t=2100	Page 1 of 1

Author:	wkleinschmit [ Fri Nov 20, 2015 2:03 am ]
Post subject:	What is the benefit of OTP Windows Logon?
Hello all, Maybe I'm missing something here. I have successfully set up OTP Windows Logon on my Windows 10 machine and now, every time I log on, Windows gives me two options: 1.) Logon with username + password 2.) Logon with username + password + YubiKey plugged in With both methods I log in to the same account. I would understand if the OTP would replace my password, but as it is I need it anyway. So, again, why should I bother?

Author:	braklisz [ Thu Jan 07, 2016 3:30 pm ]
Post subject:	Re: What is the benefit of OTP Windows Logon?
wkleinschmit wrote: every time I log on, Windows gives me two options: 1.) Logon with username + password 2.) Logon with username + password + YubiKey plugged in With both methods I log in to the same account. Yeah, the latest yubico-windows-auth-3.3.7.exe does not disable default Windows 10 credential provider for logon, hence the two login options. To list providers' GUIDs head to: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers The default one is PasswordProvider with GUID (for Win8 and Win10) {60b78e88-ead8-445c-9cfd-0b87f74ea6cd} You can read up on disabling cred-providers through GP here: http://softwarefileprotection.com/how-t ... -interface BTW, it's not OTP, it's HMAC-SHA1 Challenge-Response mode we're using with yubico windows auth.

Author:	braklisz [ Fri Jan 08, 2016 11:55 am ]
Post subject:	Re: What is the benefit of OTP Windows Logon?
Plot thickens I was corrected that the default credential provider should not be disabled, as yubico-windows-auth registers a subauthentication module that provides yubikey authentication. For now in Win10 the userlist is indeed doubled but BOTH LOGIN OPTIONS need Yubikey. It doesn't matter that the first option does not display the "YubiKey Logon enabled for user" message - it's still correctly required for logon. So, the basic functionality is there - what remains for full Win10 support is being discussed here: https://github.com/Yubico/yubico-windows-auth/issues/1

Author:	My1 [ Thu Feb 04, 2016 2:19 pm ]
Post subject:	Re: What is the benefit of OTP Windows Logon?
in w8 the user list is doubled as well. if you are not using a pro version I can recommend EIDAuthenticate. it uses a smartcard for login (as we remember the yubi does smartcard and what's better, it doesnt need a config slot) and when you use smartcard login you use a "pin" to access your acc so you can use some superstrong megapassword to get in your account in case you dont have your yubi with you. and what's better, that just leverages some windows stuff since smartcard logon is a native windows function, albeit being usually domain-only.

Page 1 of 1	All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/