YubiKey: Difference between revisions

From Omnia
Jump to navigation Jump to search
 
Line 13: Line 13:
Applications:
Applications:
* '''OTP''' - One-Time Password <ref>https://docs.yubico.com/yesdk/users-manual/application-otp/otp-overview.html</ref>
* '''OTP''' - One-Time Password <ref>https://docs.yubico.com/yesdk/users-manual/application-otp/otp-overview.html</ref>
** Short Touch (Slot 1)
** Long Touch (Slot 2)
** Options:
*** Yubico OTP (Default)
*** Challenge-response
*** Static password
*** OATH-HOTP (Good option for 2nd slot)
* '''FIDO2''' - Fast IDentity Online version 2 <ref>https://docs.yubico.com/yesdk/users-manual/application-fido2/fido2-overview.html</ref>
* '''FIDO2''' - Fast IDentity Online version 2 <ref>https://docs.yubico.com/yesdk/users-manual/application-fido2/fido2-overview.html</ref>
** FIDO2 PIN
* '''PIV''' - Personal Identity Verification (PIV) <ref>https://docs.yubico.com/yesdk/users-manual/application-piv/piv-overview.html</ref>
* '''PIV''' - Personal Identity Verification (PIV) <ref>https://docs.yubico.com/yesdk/users-manual/application-piv/piv-overview.html</ref>
** PIN, PUK, Management Key
** Certificates


Interfaces: (USB and NFC)
Interfaces: (USB and NFC)

Latest revision as of 16:33, 14 March 2025

YubiKey Manager

https://www.yubico.com/support/download/yubikey-manager

Use the YubiKey Manager to configure FIDO2, OTP and PIV functionality on your YubiKey on Windows, macOS, and Linux operating systems. The tool works with any currently supported YubiKey. You can also use the tool to check the type and firmware of a YubiKey. In addition, you can use the extended settings to specify other features, such as to configure 3-second long touch.

HOTP

Interfaces

USB and NFC

Applications:

  • OTP - One-Time Password [1]
    • Short Touch (Slot 1)
    • Long Touch (Slot 2)
    • Options:
      • Yubico OTP (Default)
      • Challenge-response
      • Static password
      • OATH-HOTP (Good option for 2nd slot)
  • FIDO2 - Fast IDentity Online version 2 [2]
    • FIDO2 PIN
  • PIV - Personal Identity Verification (PIV) [3]
    • PIN, PUK, Management Key
    • Certificates

Interfaces: (USB and NFC)

  • OTP - One-Time Password [4]
  • FIDO U2F - Fast IDentity Online / Universal 2nd Factor [5]
    • Version 1 of FIDO
  • FIDO2 - Fast IDentity Online version 2 [6]
    • Version 2 of FIDO
  • PIV - Personal Identity Verification (PIV) [7]
  • OpenPGP - [8] [9]
  • OATH - Open Authentication [10]

Remote Desktop

FIDO2 Passthrough requires Windows version 1903 or Higher. 

"WebAuthN requires Windows 10 version 1903 or higher"

Ref: 

FIDO2 security key sign-in to Windows - Microsoft Entra ID | Microsoft Learn
https://learn.microsoft.com/en-us/entra/identity/authentication/howto-authentication-passwordless-security-key-windows

SSO

OTP/TOTP mode vs PIN+FIDO2 mode

The benefit of FIDO2 is that it verifies the physical USB connection end-to-end, but this also requires end-to-end FIDO2 support.

Compared to traditional MFA methods like SMS codes or TOTP (Time-based One-Time Password), FIDO2 offers higher security by resisting phishing and man-in-the-middle attacks. Methods such as SMS-based codes can be intercepted, and TOTP is susceptible to phishing.

macOS

The "Micorosft Remote Desktop" client for macOS does not support FIDO2 WebAuthn, but there is a client available that does called Thincast

Thincast Client

A free Remote Desktop Client for Linux, macOS and Windows.
https://thincast.com/en/products/client

Web Authentication (WebAuthn)
Use biometric devices or security keys (like Yubico and FIDO2) for authenticating your users in remote desktop sessions.

Web Authentication (WebAuthN)
Securely authenticate your users.
Thincast Client has built-in support for the WebAuthN virtual channel. It enables secure authentication for users accessing remote desktops and leverages the Web Authentication (WebAuthN) API to provide strong authentication using either biometric data, security keys, or other methods.

keywords

  1. https://docs.yubico.com/yesdk/users-manual/application-otp/otp-overview.html
  2. https://docs.yubico.com/yesdk/users-manual/application-fido2/fido2-overview.html
  3. https://docs.yubico.com/yesdk/users-manual/application-piv/piv-overview.html
  4. https://docs.yubico.com/yesdk/users-manual/application-otp/otp-overview.html
  5. https://docs.yubico.com/yesdk/users-manual/application-u2f/fido-u2f-overview.html
  6. https://docs.yubico.com/yesdk/users-manual/application-fido2/fido2-overview.html
  7. https://docs.yubico.com/yesdk/users-manual/application-piv/piv-overview.html
  8. https://support.yubico.com/hc/en-us/articles/360013790259-Using-Your-YubiKey-with-OpenPGP
  9. https://developers.yubico.com/PGP/
  10. https://docs.yubico.com/yesdk/users-manual/application-oath/oath-overview.html
Retrieved from "https://aznot.com/index.php?title=YubiKey&oldid=8484"