Yubico Forum
https://forum.yubico.com/

Static Password and Key loggers
https://forum.yubico.com/viewtopic.php?f=4&t=248
Page 1 of 1

Author:  network-marvels [ Tue Feb 03, 2009 7:53 am ]
Post subject:  Static Password and Key loggers

There have been a few support mails lately showing concerns over static password emitted by the YubiKey having the key logger vulnerability. Here is some discussion about this topic.

Yubikey acts as a USB keyboard and will therefore be affected by a key-logger program when running in static mode. However, most online services with Yubikey support is running in OTP mode and are therefore not sensitive to key loggers.

Furthermore, in situations where Yubico will be used in static PW mode, it will likely be used for a service that is somewhat local to the user; either used locally on the user's computer itself to login to the computer or locally in the user's network thus making it less sensitive from key-logger attacks launched over the Internet.

Page 1 of 1 All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/