Re: Yubikey 4 standard; Windows 10; KeePass; Using both slots.
All, It took me several days to figure this out, so I thought I'd share what worked and what did not:
1. The Yubikey Personalization Tool: Every time you update settings on a Slot or write configuration, use the same configuration log file. I mistakenly thought each feature used its own config file, but only one is needed. It is a .csv file with a row added each time Settings are updated or a Write Configuration is done. So, in this example, in the end you will find one row each for OATH-HOTP and Challenge-Response (see attached snapshot).
2. KeePass v. 2.30:
Use instructions at https://www.yubico.com/applications/password-management/consumer/keepass/.
I use Slot 1, Look-ahead count = 6. Why Slot 1? I use the same Yubikey 4 stick for Windows logon. Windows logon would work for me only in Slot 2, so KeePass' OATH-HOTP is configured in Slot 1.
My .kbdx file is in a locally-shared folder along with the YubiKey configuration file so I can get to it from any of the other accounts on the PC without confusing the "count."
A portable copy of the .kbdx kept on a thumbdrive still uses a Master Password.
3. Windows 10 Logon
I did not enable the built-in administrator account. Instead, I created a new, local account; promoted it to administrator; configured Yubikey 4's slot 2 according to https://www.yubico.com/wp-content/uploads/2013/02/Windows-Login-YubiKey-Configuration.pdf.
After convincing myself that the NewAdmin logon worked fine with YubiKey enabled, I demoted my own account to standard user. Now the PC behaves more like LINUX: if I want to do admin work from my own account, Windows asks me for the NewAdmin's logon info - which is managed by YubiKey.
-- Oji --
| Attachments: |
File comment: Only one configuration log file needed! Config_Log.png [ 3.49 KiB | Viewed 3153 times ] |