|[Question] Knowing whether it's the correct user or not.
|Page 1 of 1|
|Author:||carlgo11 [ Fri Nov 28, 2014 3:16 pm ]|
|Post subject:||[Question] Knowing whether it's the correct user or not.|
I'm a developer and have owned a yubikey for quite some time now but have yet to understand how the OTP system can authorize a user.
From what I've seen on https://github.com/Yubico/php-yubico/ there's not really a way to know if it's the same user. Just if they user entered a correct OTP.
So if I were to setup a yubikey 2fa integration on one of my pages another user could use their yubikey to login. I hope this is wrong, please advice.
Thanks in advance,
|Author:||henrik [ Mon Dec 01, 2014 9:45 am ]|
|Post subject:||Re: [Question] Knowing whether it's the correct user or not.|
The first 12 characters of a standard YubiKey One-Time Password is the ID of the key. For example, the OTP ccccccdtrielbtgbgkbrjvlteentubijtnjeengvrvuh is produced by a YubiKey with the ID ccccccdtriel.
You can read more about this at developers.yubico.com/OTP.
|Page 1 of 1||All times are UTC + 1 hour|
|Powered by phpBB® Forum Software © phpBB Group