For example if configured to work as an alternative login factor it is enough to be in front of the machine with the key slotted to login. This means that presence is required but is also enough. Keep in mind that without a PIN YubiKey authentication is only a button press away. Most features of the key can be used either with button press only or require entering an additional PIN.
In practice you register both hardware tokens with your linux and web accounts, generate private keys on both keys, and configure their public keys at remote services. All registrations you do with a primary key you should do with a second backup key which you store in a secure location like a safe or at least leave at home. As hardware security tokens are unique and designed to be extremely hard to copy you can’t just make a backup of it as with software vaults like Keepass or AndOTP. Always setup a backup keyĪs soon as you start working with security tokens you have to account for the potential to lock yourself out of accounts tied to these tokens. Added security on the other hand covers multi-factor authentication (MFA) scenarios as well as storing private credentials. Convenience covers anything from using the hardware token to unlock your LUKS encrypted disk to logging in to your Fedora Workstation with the press of a button. Use-cases are roughly divided into two categories: convenience and added security. Nowadays hardware security tokens are quite versatile and can be used for a variety of interesting things. These tokens require extreme dedication, time and money to forge or maliciously acquire. Such a token and its secrets can not be copied by large malware attacks.Īpplications and services that have to authenticate your access can use a physical token as a factor of ownership and identification. Hardware security tokens are a physical, cryptographically secured storage for secrets. In times of sophisticated malware and always-and-everything-on(line), software based storage of credentials becomes at least unsettling. This article explains how to configure Yubico’s YubiKey, a hardware security token, and Fedora Linux Workstation for typical use-cases such as logging into GDM, authentication for the sudo command, OpenSSH authentication and key management, or as a second-factor on the web.
0 kommentar(er)
