| Yubico Forum https://forum.yubico.com/ |
|
| Setting up Win10 Hello https://forum.yubico.com/viewtopic.php?f=23&t=2517 |
Page 1 of 1 |
| Author: | Yogui [ Sat Jan 07, 2017 1:17 pm ] |
| Post subject: | Setting up Win10 Hello |
Hi, I've been waiting for this app since it was teased on Yubico's blog a few months ago. I believe it has the potential to solve many concerns about secure logon with desktop computers. The MacOS app is almost there, too (though quite not, but that's a different topic). However, I am having trouble with the setup of this Win10 Hello app. Apparently, my Yubikey can't be used this way because I have set up a pin to protect it against unwanted modifications. This is documented as a Known Issue right on the product page: https://www.yubico.com/support/knowledg ... hello-app/ However, the message displayed by the Hello app itself doesn't match what is described in that page; since I don't want to be locked out of my session, I am not going to try. But most worrying is this other known issue: Quote: There is currently no way to require the YubiKey to unlock your system — you can always access your account using your PIN or password. I'd love to have a time frame on this because, as I understand it, this issue renders the whole thing completely useless. I hope I am mistaken or that it will be solved very soon? Thanks, |
|
| Author: | ChrisHalos [ Sun Jan 08, 2017 11:49 pm ] |
| Post subject: | Re: Setting up Win10 Hello |
You can't lock yourself out of your account by setting up Windows Hello - you can still log in with your password or your PIN. Currently a Windows limitation, no ETA (up to Microsoft). Given the current limitations of the CDF, this app is for convenience. |
|
| Author: | rehevkor5 [ Sat Feb 11, 2017 10:25 pm ] |
| Post subject: | Re: Setting up Win10 Hello |
Does the Hello app use one of the two slots of a Yubikey 4? If not, where does it store its data? Will it overwrite anything on the Yubikey? I get the message "An error has occurred. Try again. Insert one valid YubiKey, then press Continue." when I try to add a Yubikey to the app. I am using Windows 10 Home edition and I haven't used Yubico Authenticator. Is there any way to tell what the problem is? |
|
| Author: | ChrisHalos [ Sun Feb 12, 2017 9:46 am ] |
| Post subject: | Re: Setting up Win10 Hello |
No, it uses the OATH applet, same as Yubico Authenticator. CCID mode has to be enabled in order to register a YubiKey 4/NEO, and you have to make sure a password isn't set in Yubico Authenticator. "An error has occurred" doesn't help much, it's a generic error. The only way I can get that is if I pull the YubiKey while the app is trying to communicate with it. |
|
| Author: | rehevkor5 [ Sun Feb 12, 2017 7:42 pm ] |
| Post subject: | Re: Setting up Win10 Hello |
Thanks for the info Chris... after doing a little searching around I found that the smart card can't be used by more than one applet at once: viewtopic.php?f=26&t=1869 viewtopic.php?f=35&t=2231 In my case, scdaemon which is used for SSH/PGP stuff was apparently blocking the app from using the OATH applet. After killing scdaemon (and adding card-timeout) I was able to register the Yubikey with the app. However it's a bit flaky. Sometimes one of the two features doesn't work, and sometimes errors like "ERR 100663404 Card error <SCD>" appear in the scdaemon log. Removing the card and re-inserting it sometimes makes it behave, but sometimes it stays broken. In any case, maybe you can get someone to add info about the usage conflict into the docs. |
|
| Author: | My1 [ Wed Nov 01, 2017 11:34 am ] |
| Post subject: | Re: Setting up Win10 Hello |
ChrisHalos wrote: No, it uses the OATH applet, same as Yubico Authenticator. stupid question, why doesnt it just use U2F? |
|
| Author: | ChrisHalos [ Thu Nov 02, 2017 4:37 am ] |
| Post subject: | Re: Setting up Win10 Hello |
My1 wrote: ChrisHalos wrote: No, it uses the OATH applet, same as Yubico Authenticator. stupid question, why doesnt it just use U2F? That would be a question for Microsoft. I have no idea why they decided to have Windows Hello support OATH and not U2F 
|
|
| Author: | My1 [ Thu Nov 02, 2017 7:35 am ] |
| Post subject: | Re: Setting up Win10 Hello |
Okay i would have thought that hello similar to in earlier versions supports arbitrary auth providers as long as the provider does its stuff, lol Although they imo should really support either smart card ro u2f on standalone pcs. |
|
| Page 1 of 1 | All times are UTC + 1 hour |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|