Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 7:22 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 2 posts ] 
Author Message
PostPosted: Mon Jul 12, 2010 12:24 pm 
Offline

Joined: Tue Feb 24, 2009 4:05 pm
Posts: 9
Sorry if some of these questions seem naive, I have tried RTFMing and couldn't find the answers, pointers would be appreciated.

I am thinking of deploying the Yubikey in a number of scenarios such as accessing encrypted volumes or login to local or web services.

Am I correct in believing that for accessing encrypted volumes I must use a static password? If the yubikey is lost or damaged is it sufficient to program another yubikey with the same password or do I need to somehow clone the old yubikey?

For login to online services it would be nice to consider a one time password usage however this will require extra processing at the server to validate the passwords, correct?.

Is replacing lost OTP yubikeys feasible or is it only realistic to issue a new yubikey to that user and revoke the old one. If this is the case then do all yubikey installations ultimately hinge on a static password as OTP devices are vulnerable to loss or damage and are thus not reliable for master key usage?

In brief, what is best practice for replacing lost or damaged yubikeys either static or OTP?


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Thu Jul 22, 2010 12:00 pm 
Offline
Yubico Team
Yubico Team

Joined: Mon Feb 22, 2010 9:49 am
Posts: 183
Regarding the static password (Backup Key):
Two or more than two YubiKeys can be configured to emit a same static password by programming them using the same programming parameters like same AES Key, same Public ID and same Private ID. For more information please visit the following post:
http://forum.yubico.com/viewtopic.php?f=6&t=513

For login to online services, Yubico provides the OTP validation service, the Web Service API and corresponding clients in various programming languages that can be easily integrated by application developers.

Regarding replacing the lost OTP, it really depends on the application if it provides the administrators to reassign a new key to the user. However, to avoid unauthorized use of the lost YubiKeys (OTP validation), Users/Client administrators can enroll their YubiKeys with the YubiRevoke Service (https://admin.yubico.com/yubirevoke/login.php ). YubiRevoke service allows to disable (or re-enable) specific YubiKeys on the Yubico Validation Service in case they are lost. This is very effective in preventing any potential misuse of YubiKeys if they fall in the wrong hands.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 4 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group