Never Ending Security

It starts all here

What the Yubikey NEO all can do!?

The YubiKey NEO is a unique One-Time Authentication device which combines the functionality of a YubiKey Hardware Authentication device with the extended capabilities of a smart card, without requiring additional drivers or software.

The YubiKey NEO has 3 major elements – the first is the YubiKey element, which allows the YubiKey to be used as a configurable hardware authentication device, capable of hold 2 independent configurations. Each configuration can be set to generate codes using the Yubico OTP, OATH-HOTP, a challenge-response configuration or a simple static password. All of the validation sever software used to support the YubiKey modes is also open source. In fact, a number of password managers have already integrated the YubiKey into their offerings – http://www.yubico.com/applications/password-management/consumer

One of your use cases is the requirement to log into your Linux desktop. This can be simply done using the YubiKey and the Yubico – PAM module (https://developers.yubico.com/yubico-pam). The same Module can also be used to secure your SSH with second factor authentication as well (http://hak5.org/episodes/hak5-1114).

The second element of the YubiKey NEO is the secure element on the NEO which allows for smart card based functionality, including using the YubiKey NEO as a PIV compliant smart card for holding certificates (https://developers.yubico.com/yubico-piv-tool/doc/YubiKey-NEO-PIV-Introduction.html). Further, the YubiKey NEO has an OpenPGP applet, used to securely hold your private keys on the YubiKey itself, preventing them from being expose should your system become compromised (http://www.yubico.com/2012/12/yubikey-neo-openpgp).

Finally, the YubiKey NEO is the first device to support the revolutionary new protocol, U2F (https://fidoalliance.org/adoption/video/yubico-fido-alliance-universal-2nd-factor-u2f-demonstration). This next generation authentication protocol looks to provide the security of a smart-card based solution with the ease of integration and support of a traditional hardware authentication token system.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s