Yubico Forum

Hi there,

I have a number of YubiKey's (non-NFC) for a team of people and I'm not sure which protocol is right for me to set up.

1. I use KeePass extensively, in my business and at home.
2. I split my company passwords between ~10 KeePass files with different passwords in a central Dropbox location, and share certain passwords with certain people as a kind of role-based access system.
3. We access these by PC and using KeepassDroid.
4. We'll add YubiKey as a second authentication factor, and will program all keys the same

I think the 'many keys to many files' rules out OATH OTP's. Static passwords would work, but would "Challenge-Response"?

I don't quite understand the pros & con's of the different methods.

Cheers,
Chris

This is the HOTP plugin http://keepass.info/help/kb/yubikey.html

There should be a CR plugin on keepass.info but i can't find the pointer, someone was working on it here as well:
viewtopic.php?f=8&t=929&p=6601#p6601



You are right when you say that many keys = no HOTP. They counter will quickly go out of sync and become un-usable. using Challenge Response would be ideal or adding Yubico OTP support, but I am not sure somene did this work for KeePass yet.

Other password managers such as KEYnTO, LastPass, support Yubico OTP.