Yubico Forum

[Question] Knowing whether it's the correct user or not.
Page 1 of 1

Author:  carlgo11 [ Fri Nov 28, 2014 3:16 pm ]
Post subject:  [Question] Knowing whether it's the correct user or not.

I'm a developer and have owned a yubikey for quite some time now but have yet to understand how the OTP system can authorize a user.
From what I've seen on https://github.com/Yubico/php-yubico/ there's not really a way to know if it's the same user. Just if they user entered a correct OTP.
So if I were to setup a yubikey 2fa integration on one of my pages another user could use their yubikey to login. I hope this is wrong, please advice.

Thanks in advance,
Carlgo11 :)

Author:  henrik [ Mon Dec 01, 2014 9:45 am ]
Post subject:  Re: [Question] Knowing whether it's the correct user or not.


The first 12 characters of a standard YubiKey One-Time Password is the ID of the key. For example, the OTP ccccccdtrielbtgbgkbrjvlteentubijtnjeengvrvuh is produced by a YubiKey with the ID ccccccdtriel.

You can read more about this at developers.yubico.com/OTP.

Page 1 of 1 All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group