Yubikey Proposal

From CDOT Wiki
Revision as of 14:05, 24 October 2012 by Jacwang (talk | contribs) (Created page with 'Yubikey is a two factor authentication mechanism that uses USB dongles to provide an encrypted password that is then decrypted by the machine and checked against an database on a…')
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Yubikey is a two factor authentication mechanism that uses USB dongles to provide an encrypted password that is then decrypted by the machine and checked against an database on a server.

  • PROS
    • No drivers required
    • Two factor authentication is more secure
    • Easy integration
    • Cross Platform
    • Flexible, can be tied into many existing systems
    • Open source server implementation
    • Cheap to implement
    • Multiple Authentication options
    • Resistance to keyloggers
  • Cons
    • Requires Additional Infrastructure
    • Authentication server can be imitated
    • Does not offer real data security in case of machine theft
    • Physical object (Can be stolen/lost)
    • Additional administration and tracking required to distribute dongles

Considerations Best used in conjunction with other technology, eg: Full disk encryption, kerberos Can be programmed to use a one time password mechanism or a reusable password that is concatenated to the end of a typed in password

Both require the yubikey to log in, the latter being easier to configure but the former being more secure

Conclusions