Re: Yubikey 4 standard; Windows 10; KeePass; Using both slots.
All, It took me several days to figure this out, so I thought I'd share what worked and what did not:
1.
The Yubikey Personalization Tool: Every time you
update settings on a Slot or
write configuration, use the
same configuration log file. I mistakenly thought each feature used its own config file, but only one is needed. It is a .csv file with a row added each time
Settings are updated or a
Write Configuration is done. So, in this example, in the end you will find one row each for OATH-HOTP and Challenge-Response (see attached snapshot).
2.
KeePass v. 2.30:
Use instructions at
https://www.yubico.com/applications/password-management/consumer/keepass/.
I use Slot 1, Look-ahead count = 6. Why Slot 1? I use the same Yubikey 4 stick for Windows logon. Windows logon would work for me only in Slot 2, so KeePass' OATH-HOTP is configured in Slot 1.
My .kbdx file is in a locally-shared folder along with the YubiKey configuration file so I can get to it from any of the other accounts on the PC without confusing the "count."
A portable copy of the .kbdx kept on a thumbdrive still uses a Master Password.
3.
Windows 10 Logon I did not enable the built-in administrator account. Instead, I created a new, local account; promoted it to administrator; configured Yubikey 4's slot 2 according to
https://www.yubico.com/wp-content/uploads/2013/02/Windows-Login-YubiKey-Configuration.pdf.
After convincing myself that the NewAdmin logon worked fine with YubiKey enabled, I demoted my own account to standard user. Now the PC behaves more like LINUX: if I want to do admin work from my own account, Windows asks me for the NewAdmin's logon info - which is managed by YubiKey.
-- Oji --
Login
FAQ
Search
