Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 10:41 am

All times are UTC + 1 hour




Post new topic Reply to topic  [ 7 posts ] 
Author Message
PostPosted: Mon Feb 02, 2015 3:11 pm 
Offline

Joined: Mon Feb 02, 2015 3:07 pm
Posts: 4
I use Mac exclusively at home and at work. Is there a way to use my Yubikey for gmail on the Mac similar to this:

https://www.yubico.com/applications/int ... ces/gmail/

Why is this a Windows only solution?

Thanks.


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Mon Feb 02, 2015 6:31 pm 
Offline

Joined: Thu Oct 16, 2014 11:51 pm
Posts: 82
If you have a NEO, a better solution would be to use the Yubico Authenticator method of storing HOTP/TOTP credentials via the internal javacard applet instead:

https://developers.yubico.com/yubioath-desktop/
https://developers.yubico.com/yubioath- ... /Releases/

Brendan


Top
 Profile  
Reply with quote  
PostPosted: Mon Feb 02, 2015 9:58 pm 
Offline

Joined: Mon Feb 02, 2015 3:07 pm
Posts: 4
I have a standard Yubikey, but I could buy a NEO if I found it would help. I don't really understand the stuff in the links you provided. I'm not a developer. I just want to be able to use my Yubikey on a mac for gmail and other services...


Top
 Profile  
Reply with quote  
PostPosted: Mon Feb 02, 2015 11:34 pm 
Offline

Joined: Thu Oct 16, 2014 11:51 pm
Posts: 82
PTKen wrote:
I have a standard Yubikey, but I could buy a NEO if I found it would help. I don't really understand the stuff in the links you provided. I'm not a developer. I just want to be able to use my Yubikey on a mac for gmail and other services...


One of the two links I gave has a .pkg file, I believe that's the mac client that will support the NEO.

Basically, in addition to the standard yubikey functionality (supporting up to two HOTP/TOTP credentials, but perhaps no mac client), the NEO also includes a javacard-running processor that can support a large number of additional TOTP/HOTP credentials using the mac/windows/linux client I just linked to. For your situation, I recommend getting a NEO and using the mac client I linked to.

Brendan


Top
 Profile  
Reply with quote  
PostPosted: Wed Feb 04, 2015 1:24 pm 
Offline

Joined: Mon Feb 02, 2015 3:07 pm
Posts: 4
Okay, I see. Thank you for the reply. I might try this, but the more I think about it, I'm not sure if it will really work for me. If I set up this way, will I have to be at the computer with this software loaded to access my gmail? What if I'm at a public machine? How would I log on without the software loaded? The beauty of the Yubikey for me with LastPass is that I just plug it in and don't need any software loaded.

Thanks again for the help.


Top
 Profile  
Reply with quote  
PostPosted: Wed Feb 04, 2015 1:55 pm 
Offline

Joined: Thu Oct 16, 2014 11:51 pm
Posts: 82
PTKen wrote:
Okay, I see. Thank you for the reply. I might try this, but the more I think about it, I'm not sure if it will really work for me. If I set up this way, will I have to be at the computer with this software loaded to access my gmail? What if I'm at a public machine? How would I log on without the software loaded? The beauty of the Yubikey for me with LastPass is that I just plug it in and don't need any software loaded.

Thanks again for the help.


A google credential is a TOTP credential, so using it will always require some sort of software component to provide datetime data to the yubikey, since the yubikey doesn't have an internal clock and needs the current time provided to it to produce the time-based OTP.

In that stated case above, I'd definitely use a NEO (not NEO-n), but with my NFC-capable android phone running the android version of Yubico Authenticator. That's why I keep the Yubico Authenticator client installed on all of my machines, plus my phone: I can get the credentials generated in different situations.

Alternately, you could set up your google account to use U2F instead. That would require the public machine to be running a recent version of chrome (technically a software requirement, but not very burdensome) and have open and working USB ports.

An aside: I'm very very wary of public terminals and strongly recommend avoiding them. I'm personally more concerned about wire/wireless sniffed and replayed credentials or password-reuse attacks due to (now mostly past) password reuse behavior on my part.

B

PS - Also, since you mentioned LastPass: I also use LastPass on windows and android. It support NFC Yubikey OTPs on Android but it *also* supports "keyboard entry" of Yubikey OTPs connected via a USB OTG adapter (I have one similar to this one: http://www.amazon.com/PLAY-Android-Adap ... en+usb+otg ). If you use iPhone/iPad, there might be a way to do something similar (for Yubico OTPs, not google TOTPs) using the USB camera connection kit cable. Just FYI.


Top
 Profile  
Reply with quote  
PostPosted: Wed Feb 04, 2015 9:44 pm 
Offline

Joined: Mon Feb 02, 2015 3:07 pm
Posts: 4
Very interesting. Thank you. I'll look into the iPhone suggestion since I do use an iPhone. I don't actually usually use a public computer. It was just an easy way of saying "what if I'm at a computer where I can't install any software because I'm not allowed to" such as my work computer where I use gmail daily. :)

Again, thanks for the great replies.

Ken


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 7 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 4 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group