Yubico Forum

Hi,

I was testing out additional security layers options and stumbled upon a problem I think.

I have two standard Yubikeys currently, white & black.

So far I only used the white one. Slot1 is as default and used with LP amongst other things. Slot2 is challenge-response for Windows Logon, which works great too.

Now, soon I will be temporarily moving my computer to a site where other people could easily try to access my computer, which I don't want to due privacy concerns. Remembering a long static password is not my 'thing'. I read that article on using Truecrypt + Yubikey static, namely using a simple password (like 'helloshorty1') + a Yubikey static password. I figured, why not take this approach with the Windows Login?

So the idea is, in short:
- White Yubikey is in challenge-response for Windows Logon, so 'just' needs to be inserted.
- The black Yubikey creates a long static password, which I intend to enhance by adding a short simple password that I know.

However when I tried logging in with the black Yubikey inserted too, Yubikey Windows Logon does not recognise the first Yubikey, it asks if I have inserted my Yubikey (the white one, with challenge-response in slot2).

Does that mean it is not possible to use a second Yubikey, when the first is in challenge-response-mode?

I hope my question & problem is easy to understand

BR,
faxij

Hello,

Please try this:

1) Plug in the YubiKey configured for challenge response,

2) Plug in the Yubikey with the static password,

3) output the static password, add your "personal" password,

4) Unplug the Yubikey with the static password,

5) press enter.

let me know if it works.

_________________
-Tom

Yes, that works.

(Which is my issue. If I want to do it that way, I need to plug and unplug the second Yubikey with the static password EACH time I want to log into Windows when it is locked (and I do lock it every time I leave my computer).

So my issue is inconvenience vs. safety, if you will. For now, I only use challenge-response. I am hoping there is or will be a way to do what I described above )

The problem is that you have two Yubikey,

The challenge response is probably probing the wrong usb port, because he does not know which Yubikey is configured with the challenge.

Please, try using 2 keys at the same time but first plug in the one with the challenge.
If it does not work, plug firs the one with the password.

if it does not work, the sequence i suggested in the previous post is the only temporary solution.

Regards,
Tom.

_________________
-Tom