Thursday, 7 March 2013
Yubico YubiKey Review
Basically the YubiKey is used in two-factor authentication and generates a one-time password when you touch the gold disc.
The device is physically sturdy (I tried to bend it but it didn't budge at all) and appears to the OS as a normal keyboard it can easily be used on pretty much any system.
The only problem being you can easily insert it the wrong way up into a USB port (I did, you usually only get this right once and there's no damage except the bit of lost ego), you should see the gold disc after inserting the device and a green light should shine from the hole in the gold disc.
Using a service like LastPass.com allows you to secure your password database with the YubiKey, additionally many other sites allow you to use the YubiKey with standard authentication methods. This effectively ensures your account remains secure even if the username and password has fallen into the wrong hands.
I added support for the YubiKey into my project at ONMS.Net, basically Yubico provides you with code to access their API, the code has multiple Yubico servers defined which it uses to check the one-time passwords using their servers. The first 12 characters of the one-time password remain the same as the tokens public ID, more information on the technical side is available here >>
Some companies already using YubiKey >>