| Yubico Forum https://forum.yubico.com/ |
|
| [Question] Knowing whether it's the correct user or not. https://forum.yubico.com/viewtopic.php?f=8&t=1632 |
Page 1 of 1 |
| Author: | carlgo11 [ Fri Nov 28, 2014 3:16 pm ] |
| Post subject: | [Question] Knowing whether it's the correct user or not. |
I'm a developer and have owned a yubikey for quite some time now but have yet to understand how the OTP system can authorize a user. From what I've seen on https://github.com/Yubico/php-yubico/ there's not really a way to know if it's the same user. Just if they user entered a correct OTP. So if I were to setup a yubikey 2fa integration on one of my pages another user could use their yubikey to login. I hope this is wrong, please advice. Thanks in advance, Carlgo11 
|
|
| Author: | henrik [ Mon Dec 01, 2014 9:45 am ] |
| Post subject: | Re: [Question] Knowing whether it's the correct user or not. |
Hi! The first 12 characters of a standard YubiKey One-Time Password is the ID of the key. For example, the OTP ccccccdtrielbtgbgkbrjvlteentubijtnjeengvrvuh is produced by a YubiKey with the ID ccccccdtriel. You can read more about this at developers.yubico.com/OTP. |
|
| Page 1 of 1 | All times are UTC + 1 hour |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|