Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 2:47 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 4 posts ] 
Author Message
PostPosted: Tue Dec 25, 2012 6:11 pm 
Offline

Joined: Tue Dec 25, 2012 5:52 pm
Posts: 2
Hi,

I was testing out additional security layers options and stumbled upon a problem I think.

I have two standard Yubikeys currently, white & black.

So far I only used the white one. Slot1 is as default and used with LP amongst other things. Slot2 is challenge-response for Windows Logon, which works great too.

Now, soon I will be temporarily moving my computer to a site where other people could easily try to access my computer, which I don't want to due privacy concerns. Remembering a long static password is not my 'thing'. I read that article on using Truecrypt + Yubikey static, namely using a simple password (like 'helloshorty1') + a Yubikey static password. I figured, why not take this approach with the Windows Login?

So the idea is, in short:
- White Yubikey is in challenge-response for Windows Logon, so 'just' needs to be inserted.
- The black Yubikey creates a long static password, which I intend to enhance by adding a short simple password that I know.

However when I tried logging in with the black Yubikey inserted too, Yubikey Windows Logon does not recognise the first Yubikey, it asks if I have inserted my Yubikey (the white one, with challenge-response in slot2).

Does that mean it is not possible to use a second Yubikey, when the first is in challenge-response-mode?

I hope my question & problem is easy to understand :)

BR,
faxij


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Fri Dec 28, 2012 3:11 pm 
Offline
Site Admin
Site Admin

Joined: Wed Nov 14, 2012 2:59 pm
Posts: 666
Hello,

Please try this:

1) Plug in the YubiKey configured for challenge response,

2) Plug in the Yubikey with the static password,

3) output the static password, add your "personal" password,

4) Unplug the Yubikey with the static password,

5) press enter.

let me know if it works.

_________________
-Tom


Top
 Profile  
Reply with quote  
PostPosted: Fri Jan 04, 2013 9:09 pm 
Offline

Joined: Tue Dec 25, 2012 5:52 pm
Posts: 2
Yes, that works.

(Which is my issue. If I want to do it that way, I need to plug and unplug the second Yubikey with the static password EACH time I want to log into Windows when it is locked (and I do lock it every time I leave my computer).

So my issue is inconvenience vs. safety, if you will. For now, I only use challenge-response. I am hoping there is or will be a way to do what I described above :) )


Top
 Profile  
Reply with quote  
PostPosted: Wed Jan 09, 2013 9:29 am 
Offline
Site Admin
Site Admin

Joined: Wed Nov 14, 2012 2:59 pm
Posts: 666
The problem is that you have two Yubikey,

The challenge response is probably probing the wrong usb port, because he does not know which Yubikey is configured with the challenge.

Please, try using 2 keys at the same time but first plug in the one with the challenge.
If it does not work, plug firs the one with the password.

if it does not work, the sequence i suggested in the previous post is the only temporary solution.

Regards,
Tom.

_________________
-Tom


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 4 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: Heise IT-Markt [Crawler] and 5 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group