Comments on: Two Weeks With The Yubikey https://pthree.org/2012/11/10/two-weeks-with-the-yubikey/ Linux. GNU. Freedom. Sun, 13 May 2018 18:21:35 +0000 hourly 1 https://wordpress.org/?v=5.0-alpha-43006 By: Aaron Toponce https://pthree.org/2012/11/10/two-weeks-with-the-yubikey/#comment-130055 Mon, 21 Oct 2013 18:01:30 +0000 http://pthree.org/?p=2561#comment-130055 You can install the Yubikey server on your own instance, for all your personal stuff. And it supports Challenge/Response for anything local (workstation login, SSH keys, etc). Further, you can configure the ports to work in static password mode, which will send static strings. This is great for two-factor authentication in all password form fields.

]]>
By: Dave https://pthree.org/2012/11/10/two-weeks-with-the-yubikey/#comment-129920 Fri, 18 Oct 2013 21:48:50 +0000 http://pthree.org/?p=2561#comment-129920 Ive used my Yubi Key for a few weeks now and Ill be honest I don't think it works well. I haven't been able to get it to work with Gmail even with they Yubi key application and the sites that have yubi integration dont seem to work OR they allow you to enter the site with your user name and password regardless of whether or not you have any level of Yubi auth enabled. It seems useless to me unless you use it with LastPass which seems to be the only reliable and working application and site that works with Yubi seamlessly.

]]>
By: argo https://pthree.org/2012/11/10/two-weeks-with-the-yubikey/#comment-126159 Wed, 15 May 2013 09:11:43 +0000 http://pthree.org/?p=2561#comment-126159 I forgot to mention passpack

https://www.passpack.com/online/#0

stores up to 100 passwords in the free account and supports two-factor authentication both with the yubikey or with your email. Actually I'm evaluating it even if I own much more passwords ( : solved with 2 accounts? 1 for light accounts and the other for accounts dealing with money as for your bank or paypal account? don't know).

]]>
By: argo https://pthree.org/2012/11/10/two-weeks-with-the-yubikey/#comment-126158 Wed, 15 May 2013 08:50:17 +0000 http://pthree.org/?p=2561#comment-126158 Hi aaron,

the keepassdroid solution is attractive, but it depends on how you use it. Keys used to decrypt could be stolen if kept on the phone or even in the cache of the downloads and keyloggers are active on android too (actually don't know about screenloggers), so the good solution would be implementation of OTP from yubikey (or key pushing) on keepassdroid too...but again you need to keep always the phone and the yubikey always with you.
At the moment I use keepass on my old nokia (java without fast data connection except for the classic GSM), and doubt about moving to a smartphone depends on this too.

]]>
By: kalos https://pthree.org/2012/11/10/two-weeks-with-the-yubikey/#comment-118705 Tue, 04 Dec 2012 08:55:40 +0000 http://pthree.org/?p=2561#comment-118705 Just use yubikey with a service like LastPass.com.
I use both from 1 year.

]]>
By: lol https://pthree.org/2012/11/10/two-weeks-with-the-yubikey/#comment-117155 Sun, 11 Nov 2012 15:32:35 +0000 http://pthree.org/?p=2561#comment-117155 Just checking whether pthree.org recognises Windows 95 and IE 5.

]]>
By: rubiojr https://pthree.org/2012/11/10/two-weeks-with-the-yubikey/#comment-117153 Sun, 11 Nov 2012 10:22:28 +0000 http://pthree.org/?p=2561#comment-117153 Hey Aaron, thanks for sharing.

I did the experiment too (because I read the first part of the article and I had a yubikey). Reached the same conclusion.

I'm always wearing my android phone with keepassdroid, much more comfortable, always available and you can copy/paste easily and sync with the laptop database.

]]>
By: anonymous https://pthree.org/2012/11/10/two-weeks-with-the-yubikey/#comment-117152 Sun, 11 Nov 2012 05:29:03 +0000 http://pthree.org/?p=2561#comment-117152 Thanks for those insights. I'm also on Dvorak (German Type II).

"The way I am managing my passwords is a lot of work."
I've been using pwdhash for a few years now:
* No need to store a file anywhere
* You only need to remember one password if you are lazy
* Different passwords on every website

https://www.pwdhash.com/

]]>