Tuesday, January 7, 2014

Two Factor Authentication and Strong Password Tool

I recently came across YubiKey, a neat little gadget that makes possible the use of one time passwords as well OATH and strong, static passwords. Think FortiToken or RSA SecurID but on a budget.

Imagine you have a strong password that you use to administer your firewalls. It's a pain to remember and takes a while to type. This is secure but get very tedious when you have a lot of firewalls to configure.
You could save the password in your web browser, but then technically anyone that uses your computer can login to your firewalls.

I use my Yubikey like this:

-Bring up firewall login screen
-Enter username
-Enter 4-6 digit pin that only I know
-Push the button on my YubiKey at which point it enters my strong, 30 character password for me

Now, while that's not exactly a "one time" password system it really cranks up the level of security by utilizing a strong password. Also, the YubiKey, as mentioned above, does support real OTP.

A single key costs $25 and never "expires". It works on any computer that can utilize a USB keyboard, i.e. pretty much any computer out there. You can program each key to hold 2 different authentication mechanisms. For example static password in slot 1 and OTP in slot 2. Depending on how long you press the button on the key it will use either slot 1 or slot 2.

For more information take a look at the Yubico page here.