Difference between revisions of "Yubikey Proposal"

Yubikey is a two factor authentication mechanism that uses USB dongles to provide an encrypted password that is then decrypted by the machine and checked against an database on a server.

• PROS
  • No drivers required
  • Two factor authentication is more secure
  • Easy integration
  • Cross Platform
  • Flexible, can be tied into many existing systems
  • Open source server implementation
  • Cheap to implement
  • Multiple Authentication options
  • Resistance to keyloggers

• Cons
  • Requires Additional Infrastructure
  • Authentication server can be imitated
  • Does not offer real data security in case of machine theft
  • Physical object (Can be stolen/lost)
  • Additional administration and tracking required to distribute dongles

Considerations Best used in conjunction with other technology, eg: Full disk encryption, kerberos Can be programmed to use a one time password mechanism or a reusable password that is concatenated to the end of a typed in password

Both require the yubikey to log in, the latter being easier to configure but the former being more secure

Conclusions