Yubikey Issues
by OKButton on May.14, 2008, under Computing, Security, Web
I have ordered my key now will be with me in two weeks so I can have a proper play then. But I have been thinking. This device doesn’t work if you can just buy one anonymously and create an identity with it and use it for authentication. All it is really good for a single user is for adding to existing accounts on systems and using the key as a single authentication device through the central auth system (openID). Other than that the key needs to be issued by a party and tied to there system and issued in a way so that it is securely placed into the hands of the correct owner for multi factor authentication. in this method for each system you need authentication to you would need a separate key ie for access to a bank account with one firm and access to a credit card held by another firm. One key will not do all. What this system needs is a central authentication system that can be trusted to some level. A bit like Thawte did with ssl certs all those years ago.
November 19th, 2008 on 11:52 pm
You know cacert have a web of trust for ssl certs, pgp and the like.
June 27th, 2009 on 2:38 am
I have two keys so far. You can control your system to choose which keys are granted access. So I can’t login to your server for example with my key. It is possible to connect to a remote authentication system to verify the key, but that is not the default. I have some ssh install examples and videos on my site.