1. Forum
  2. Usenet
  3. COMP.INFOSYSTEMS.WWW.MISC

  • looking for a clear yubikey how-to

    From Eli the Bearded@21:1/5 to All on Tue Oct 10 21:05:30 2023
    I have a Yubikey 5c. Quoth their website:

    * Convenient and portable: The YubiKey 5C fits easily on your
    keychain, making it convenient to carry and use wherever you go,
    ensuring secure access to your accounts at all times. Simply plug in
    via USB-C to authenticate.

    * Versatile compatibility: Supported by Google and Microsoft accounts,
    password managers and hundreds of other popular services. It works
    with Windows, macOS, ChromeOS and Linux. "Works With YubiKey" lists
    compatible services.

    * Multi-protocol: YubiKey 5 Series is the most versatile security key
    supporting multiple authentication protocols including
    FIDO2/WebAuthn (hardware bound passkey), FIDO U2F, Yubico OTP,
    OATH-TOTP, OATH-HOTP, Smart card (PIV) and OpenPGP.

    * Durable and reliable: High quality design and resistant to
    tampering, water, and crushing. No batteries or network connectivity
    required, offering dependable authentication without any downtime.
    Securely manufactured in USA & Sweden.

    There are various and differing limitations on various protocols. I have presently used one of two OTP slots and one of many Fido2 slots for
    $WORK related uses. I have found through this that Firefox on Linux
    works fine with the device (but not when there is a USB hub involved, I
    suspect the device can detect the hub and shuts down as an
    anti-eavesdropping measure).

    I have several personal websites that are Perl scripts sitting behind
    Apache and/or Nginx. These are generally not Perl scripts using standard modules more sophisticated than "strict.pm", but I'm not against using something I need. My use of Javascript is typically measured in the tens
    of lines of code.

    How can I use any of the Yubikey security protocols on my own stuff?
    Where are the guides for setting this up? The guides I find are more
    "here's where to go in the preferences for $FOODOTCOM to use your
    hardware device" or "here's a whitepaper at fidoalliance.org for
    implementing this for your enterprise".

    Elijah
    ------
    suspects Javascript is important for this, so no lynx support

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Benjamin Esham@21:1/5 to Eli the Bearded on Mon Oct 23 16:42:13 2023
    Eli the Bearded wrote:

    I have a Yubikey 5c. [snip]

    How can I use any of the Yubikey security protocols on my own stuff?
    Where are the guides for setting this up? The guides I find are more
    "here's where to go in the preferences for $FOODOTCOM to use your
    hardware device" or "here's a whitepaper at fidoalliance.org for
    implementing this for your enterprise".

    Are you interested in using it as a second factor (e.g., in addition to username-and-password authentication), or as a replacement for your existing authentication method? I don't have experience with either, unfortunately,
    but clarifying your use case might get you better results.

    (If you're trying to replace username-and-password auth entirely, [1] seems like a decent guide, although it's hardly simple.)

    Ben


    [1] https://webauthn.guide/

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)