| Yubico Forum https://forum.yubico.com/ |
|
| Static Password Settings https://forum.yubico.com/viewtopic.php?f=16&t=854 |
Page 1 of 1 |
| Author: | SamuelGE [ Sat Sep 01, 2012 12:49 am ] |
| Post subject: | Static Password Settings |
Hi, I have just been looking at my YubiKey personalisation program on my Mac and come across a part in the settings titled 'Static Password Settings'. Under the title there is a tick box with 'Enable manual update using the button (YubiKey 2)' What does this mean/do? Thank you, Sam |
|
| Author: | samir [ Mon Sep 03, 2012 11:27 am ] |
| Post subject: | Re: Static Password Settings |
Hello, In order to support legacy password systems, the Yubikey 2 supports user-triggered static password change. The function is designed for the specific use case of a traditional login system with a stricter password policy where the user is asked to change their password on a regular basis. The intended use case is like the following: 1. The user is asked to update their password. 2. The user enters their secret password. The user presses the Yubikey button and the current fixed password is yielded 3. The user is asked to enter the new password. 4. The user enters their secret password. The user presses and holds the Yubikey button for 10 seconds. 5. When released, a short tap updates the internal password with a new randomized one. The new OTP is sent. 6. The user is asked to confirm the new password. 7. The user enters their secret password. The user presses the Yubikey button again and the new password is sent. 8. The user completes the password change. As the change function has no protection against unauthorized usage, there is a danger that an unauthorized person can sabotage a user’s Yubikey by triggering this function. Thanks and best regards, Samir. |
|
| Page 1 of 1 | All times are UTC + 1 hour |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|