Yubico Forum https://forum.yubico.com/ |
|
Yubikey for gmail using a Mac https://forum.yubico.com/viewtopic.php?f=16&t=1728 |
Page 1 of 1 |
Author: | PTKen [ Mon Feb 02, 2015 3:11 pm ] |
Post subject: | Yubikey for gmail using a Mac |
I use Mac exclusively at home and at work. Is there a way to use my Yubikey for gmail on the Mac similar to this: https://www.yubico.com/applications/int ... ces/gmail/ Why is this a Windows only solution? Thanks. |
Author: | brendanhoar [ Mon Feb 02, 2015 6:31 pm ] |
Post subject: | Re: Yubikey for gmail using a Mac |
If you have a NEO, a better solution would be to use the Yubico Authenticator method of storing HOTP/TOTP credentials via the internal javacard applet instead: https://developers.yubico.com/yubioath-desktop/ https://developers.yubico.com/yubioath- ... /Releases/ Brendan |
Author: | PTKen [ Mon Feb 02, 2015 9:58 pm ] |
Post subject: | Re: Yubikey for gmail using a Mac |
I have a standard Yubikey, but I could buy a NEO if I found it would help. I don't really understand the stuff in the links you provided. I'm not a developer. I just want to be able to use my Yubikey on a mac for gmail and other services... |
Author: | brendanhoar [ Mon Feb 02, 2015 11:34 pm ] |
Post subject: | Re: Yubikey for gmail using a Mac |
PTKen wrote: I have a standard Yubikey, but I could buy a NEO if I found it would help. I don't really understand the stuff in the links you provided. I'm not a developer. I just want to be able to use my Yubikey on a mac for gmail and other services... One of the two links I gave has a .pkg file, I believe that's the mac client that will support the NEO. Basically, in addition to the standard yubikey functionality (supporting up to two HOTP/TOTP credentials, but perhaps no mac client), the NEO also includes a javacard-running processor that can support a large number of additional TOTP/HOTP credentials using the mac/windows/linux client I just linked to. For your situation, I recommend getting a NEO and using the mac client I linked to. Brendan |
Author: | PTKen [ Wed Feb 04, 2015 1:24 pm ] |
Post subject: | Re: Yubikey for gmail using a Mac |
Okay, I see. Thank you for the reply. I might try this, but the more I think about it, I'm not sure if it will really work for me. If I set up this way, will I have to be at the computer with this software loaded to access my gmail? What if I'm at a public machine? How would I log on without the software loaded? The beauty of the Yubikey for me with LastPass is that I just plug it in and don't need any software loaded. Thanks again for the help. |
Author: | brendanhoar [ Wed Feb 04, 2015 1:55 pm ] |
Post subject: | Re: Yubikey for gmail using a Mac |
PTKen wrote: Okay, I see. Thank you for the reply. I might try this, but the more I think about it, I'm not sure if it will really work for me. If I set up this way, will I have to be at the computer with this software loaded to access my gmail? What if I'm at a public machine? How would I log on without the software loaded? The beauty of the Yubikey for me with LastPass is that I just plug it in and don't need any software loaded. Thanks again for the help. A google credential is a TOTP credential, so using it will always require some sort of software component to provide datetime data to the yubikey, since the yubikey doesn't have an internal clock and needs the current time provided to it to produce the time-based OTP. In that stated case above, I'd definitely use a NEO (not NEO-n), but with my NFC-capable android phone running the android version of Yubico Authenticator. That's why I keep the Yubico Authenticator client installed on all of my machines, plus my phone: I can get the credentials generated in different situations. Alternately, you could set up your google account to use U2F instead. That would require the public machine to be running a recent version of chrome (technically a software requirement, but not very burdensome) and have open and working USB ports. An aside: I'm very very wary of public terminals and strongly recommend avoiding them. I'm personally more concerned about wire/wireless sniffed and replayed credentials or password-reuse attacks due to (now mostly past) password reuse behavior on my part. B PS - Also, since you mentioned LastPass: I also use LastPass on windows and android. It support NFC Yubikey OTPs on Android but it *also* supports "keyboard entry" of Yubikey OTPs connected via a USB OTG adapter (I have one similar to this one: http://www.amazon.com/PLAY-Android-Adap ... en+usb+otg ). If you use iPhone/iPad, there might be a way to do something similar (for Yubico OTPs, not google TOTPs) using the USB camera connection kit cable. Just FYI. |
Author: | PTKen [ Wed Feb 04, 2015 9:44 pm ] |
Post subject: | Re: Yubikey for gmail using a Mac |
Very interesting. Thank you. I'll look into the iPhone suggestion since I do use an iPhone. I don't actually usually use a public computer. It was just an easy way of saying "what if I'm at a computer where I can't install any software because I'm not allowed to" such as my work computer where I use gmail daily. Again, thanks for the great replies. Ken |
Page 1 of 1 | All times are UTC + 1 hour |
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |