Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 8:08 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 6 posts ] 
Author Message
 Post subject: Yubikey and Facebook
PostPosted: Wed Jan 06, 2010 1:48 am 
Offline

Joined: Wed Jan 06, 2010 1:44 am
Posts: 2
I got my yubikey as a Christmas present and think is an amazing piece of technology.

I noticed there was an earlier discussion on using the yubikey with facebook, and the conclusion seemed to be that yuibikey does not support openid 2.0. Is there any way to get openid 2.0 support with the key? I have tried an openid account both here and at clavid. Is there some other error that I am making? Has someone gotten yubikey to allow a login to facebook? I have been able to link accounts, but I cannot get any further.

Thanks,

Alphageek


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

 Post subject: Re: Yubikey and Facebook
PostPosted: Wed Jan 06, 2010 10:06 am 
Offline

Joined: Thu Nov 05, 2009 7:06 pm
Posts: 7
I used Yubikey + MashedLife or Lastpass to log in to any site.

That's convenient and secure.

:)


Top
 Profile  
Reply with quote  
 Post subject: Re: Yubikey and Facebook
PostPosted: Thu Jan 07, 2010 12:42 am 
Offline

Joined: Wed Jan 06, 2010 1:44 am
Posts: 2
I want to believe such sites are secure, but how does one know? I am a little concerned about storing all of my passwords on a remote site. Now, that site has all my accounts and passwords. What if someone there goes bad? Is my information somehow encrypted so that only my yubikey can decode the site? How has this site and its security been verified?

Sorry, I am just paranoid.


Top
 Profile  
Reply with quote  
 Post subject: Re: Yubikey and Facebook
PostPosted: Thu Mar 10, 2011 7:46 pm 
Offline

Joined: Wed Mar 09, 2011 5:08 am
Posts: 1
I found this thread via the search feature.

Currently I'm using LastPass and a machine generated password to secure my Facebook login, and I just set up Clavid so that I can actually sign into my FB account away from home now.

However, if it is at all possible to convince the people behind Facebook to directly support YubiKey then I would be one happy fella. I've only had my keys for two or three days and I already love it.

I'm flabbergasted that sites like Facebook still rely on the nonsense that's username and passwords. This isn't Yubico's fault, I know, I'm just a bit frustrated at the other folks.


Top
 Profile  
Reply with quote  
 Post subject: Re: Yubikey and Facebook
PostPosted: Sun Mar 13, 2011 10:20 am 
Offline

Joined: Thu Feb 03, 2011 1:28 pm
Posts: 10
Location: Brisbane, QLD, Australia
alphageek wrote:
I got my yubikey as a Christmas present and think is an amazing piece of technology.

I noticed there was an earlier discussion on using the yubikey with facebook, and the conclusion seemed to be that yuibikey does not support openid 2.0.


Why would a hardware crypto token need to support an online authentication standard like OpenID 2.0? It's like expecting your computer monitor to support HTML5. The YubiKey is just an input peripheral that generates OTPs according to a set of rules which may be checked by a remote system. How the remote system uses the information obtained is entirely outside the realm of the YubiKey itself.

There are a couple of OpenID providers that support the YubiKey such as Clavid (mentioned earlier), or you can set up your own (as I have done here) that will let you use the YubiKey on any OpenID enabled site.

I'm not sure of the specifics regarding FaceBook. Never got involved with that site, and I'm happy to not be anywhere near it.


Top
 Profile  
Reply with quote  
 Post subject: Re: Yubikey and Facebook
PostPosted: Wed May 04, 2011 7:13 pm 
Offline

Joined: Wed May 04, 2011 6:50 pm
Posts: 4
<em>I want to believe such sites are secure, but how does one know? I am a little concerned about storing all of my passwords on a remote site. Now, that site has all my accounts and passwords. What if someone there goes bad? Is my information somehow encrypted so that only my yubikey can decode the site? How has this site and its security been verified?

Sorry, I am just paranoid.</em>

All of your questions are answered already. LastPass encrypts and decrypts your passwords locally, not on their server. They store your encrypted password data on their servers to enable you to share password data across many browsers and mobile devices. That's not a security risk because they only have your encrypted data.

When you add a YubiKey to the LastPass account it means that even if someone guesses your LastPass master password they cannot log in without your YubiKey present. You can optionally set up a list of trusted computers that LastPass will not require YubiKey more than once for. If you add a mobile device to your account you can lock it by MEID so that only your trusted mobile phones can even log in to your account.

There is criticism of LastPass for not being open-source like Keepass or other options. To me personally, I'm willing to go with LastPass even given this criticism because of the support for YubiKey and the easy syncing between multiple browsers. This product has finally made it possible for me to have strong, unique passwords for all of my sites, and also to share them easily with my wife on all of our computers and phones. For the minimal cost, it really does work great.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 6 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group