Difference between revisions of "Yubikey Proposal"
(Created page with 'Yubikey is a two factor authentication mechanism that uses USB dongles to provide an encrypted password that is then decrypted by the machine and checked against an database on a…') |
|||
| Line 1: | Line 1: | ||
Yubikey is a two factor authentication mechanism that uses USB dongles to provide an encrypted password that is then decrypted by the machine and checked against an database on a server. | Yubikey is a two factor authentication mechanism that uses USB dongles to provide an encrypted password that is then decrypted by the machine and checked against an database on a server. | ||
| + | ==Pros/Cons== | ||
* PROS | * PROS | ||
** No drivers required | ** No drivers required | ||
| Line 19: | Line 20: | ||
** Additional administration and tracking required to distribute dongles | ** Additional administration and tracking required to distribute dongles | ||
| − | Considerations | + | ==Considerations== |
Best used in conjunction with other technology, eg: Full disk encryption, kerberos | Best used in conjunction with other technology, eg: Full disk encryption, kerberos | ||
Can be programmed to use a one time password mechanism or a reusable password that is concatenated to the end of a typed in password | Can be programmed to use a one time password mechanism or a reusable password that is concatenated to the end of a typed in password | ||
| Line 25: | Line 26: | ||
Both require the yubikey to log in, the latter being easier to configure but the former being more secure | Both require the yubikey to log in, the latter being easier to configure but the former being more secure | ||
| − | Conclusions | + | ==Conclusions== |
| + | |||
| + | Adding yubikey authentication to our existing infrastructure does increase authentication security, however it does little for physical security of machines. It's cross-platform nature makes it simple to integrate in our existing Windows, Mac and Linux computers and servers. | ||
Latest revision as of 14:07, 24 October 2012
Yubikey is a two factor authentication mechanism that uses USB dongles to provide an encrypted password that is then decrypted by the machine and checked against an database on a server.
Pros/Cons
- PROS
- No drivers required
- Two factor authentication is more secure
- Easy integration
- Cross Platform
- Flexible, can be tied into many existing systems
- Open source server implementation
- Cheap to implement
- Multiple Authentication options
- Resistance to keyloggers
- Cons
- Requires Additional Infrastructure
- Authentication server can be imitated
- Does not offer real data security in case of machine theft
- Physical object (Can be stolen/lost)
- Additional administration and tracking required to distribute dongles
Considerations
Best used in conjunction with other technology, eg: Full disk encryption, kerberos Can be programmed to use a one time password mechanism or a reusable password that is concatenated to the end of a typed in password
Both require the yubikey to log in, the latter being easier to configure but the former being more secure
Conclusions
Adding yubikey authentication to our existing infrastructure does increase authentication security, however it does little for physical security of machines. It's cross-platform nature makes it simple to integrate in our existing Windows, Mac and Linux computers and servers.
