Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 4:14 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 2 posts ] 
Author Message
PostPosted: Sat Apr 14, 2012 10:36 pm 
Offline

Joined: Sat Apr 14, 2012 10:33 pm
Posts: 1
I'm not a tech person…don't know what OATH Multi-Factor-HOTP, 2 configurations, scan code mode, challenge-response, Client Software, Server Side Software, OpenID, etc. are…nor do I really need to know. In English, this is what I'm trying to accomplish…and I'm hoping someone can provide me with advice how best to accomplish it.

I have a corporate intranet that's only accessed by our 50-60 employees. The employees are mostly remote/home based. We run our intranet from a RackSpace cloud server. Currently, we just have our employees enter a username and password to gain access to the intranet. I want to enhance our security/access to the intranet and also insure employees don't "share" passwords.

I believe the Yubikey is my answer however I don't know what type of configuration I need. I would like the ability to disable the key if we terminate an employee. Can anyone advise what our best solution would be?

I'm also looking to hire someone that can implement this for us.

Thank you!

Ken


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Sun Apr 15, 2012 11:06 pm 
Offline

Joined: Sat Jan 14, 2012 3:05 am
Posts: 7
Using 2 factor authentication provides two critical pieces of information: something you know, something you have. Yubikey provides the second part of this equation.

If you deploy yubikeys to your employees, each yubikey would be associated with a given account and in addition to entering the username and password, the yubikey's OTP (one time password) would be requested at login.

If you are using unix systems, it would be possible to use the Yubikey PAM authentication module to easily get authentication against your services (you can use the yubicloud authentication service or have your own authenication server depending on your security requirements -- yubicloud usage is very easy to integrate).

Once this is setup, even if your employees are sharing passwords, they would also need to share the yubikey to access their account (in which case you would need to have a corporate policy against).

When an employee is terminated, if you are running the authenication server, you could delete their key or if you are using the yubicloud, you could remove the association of their key with their account -- easy enough to disable from the administrative side.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 4 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group