Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 9:12 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 3 posts ] 
Author Message
PostPosted: Tue Jun 02, 2015 10:21 am 
Offline

Joined: Tue Jun 02, 2015 9:57 am
Posts: 2
Hello people,

I'm sorry if subject is not too clear, but I'm really new to NFC development and I started to use the YubiKey only yesterday.
I'm developing a mobile application and I'm using the YubiKey to secure login with the 2FA, but I'm a little bit confused on the way I should use my Key.

My question is : is there any way to make the NFC exchange to be "unique"? When I get the NDEF tag, the only thing that seems to be unique is the id, but I don't think it will really be secure to just check if this Id matches with the one registered into my database (even if it's specific to every user).

I'm a little bit confused on how to use the YubiKey, using NFC, to check if "it's really that person" and prevent this step to be easily hacked.
Right now (I just started to code the application) I'm just checking if the Id matches, but I tell myself that anyone could buy a NFC device, change the Id and hack everything.

I'm sorry if the question has already been asked (I didn't find anything similar) or if I misunderstood all the YubiKey authentication principle, but I would like if anyone could help me out :)

Thank you!!


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Tue Jun 02, 2015 1:03 pm 
Offline
Site Admin
Site Admin

Joined: Mon Dec 08, 2014 2:52 pm
Posts: 314
You application should be using OTP or FIDO U2F most probably (guessing here)

Thus have a look at this:

demo.yubico.com
demo.yubico.com/u2f

https://developers.yubico.com/OTP/
https://developers.yubico.com/U2F/

or https://developers.yubico.com/yubioath-android/

Thus send over NFC an OTP and validate it against YubiCloud https://developers.yubico.com/Software_ ... Libraries/


Top
 Profile  
Reply with quote  
PostPosted: Tue Jun 02, 2015 2:30 pm 
Offline

Joined: Tue Jun 02, 2015 9:57 am
Posts: 2
Tom2 wrote:
You application should be using OTP or FIDO U2F most probably (guessing here)

Thus have a look at this:

demo.yubico.com
demo.yubico.com/u2f

https://developers.yubico.com/OTP/
https://developers.yubico.com/U2F/

or https://developers.yubico.com/yubioath-android/

Thus send over NFC an OTP and validate it against YubiCloud https://developers.yubico.com/Software_ ... Libraries/


Just amazing, thank you!


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 3 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 7 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group