The (cheaper) Yubico Security Key does support this, but does not support OATH or OpenPGP. Sadly the Yubikey4 does not currently support CTAP2 (needed for FIDO2/WebAuthentication). Hopefully at some time in the near future, FIDO2/WebAuthentication will become widespread and then most of the (rather confusing) options presented on the Yubikey website and in this article will become obsolete - instead, “just use FIDO2/WebAuthentication” will be the advice. This appears to be an excellent solution, but currently only a few tools and websites support them. The FIDO2 and associated WebAuthentication protocols are pretty new at this point in time (mid 2018). The award for “most promising authentication” goes to FIDO2/WebAuthentication. TOTP is not the best authentication protocol, but is widely supported eg as Google login, and by many online banking sites. Probably the most practical feature, however, is its support for up to 28 OATH TOTP credentials. This allows configuring multiple keys for logging in to SSH servers via a private key on the device, encrypting/signing emails, and signing files (eg Docker images). In my opinion, the coolest feature of the Yubikey4 is its OpenPGP support. To save you a lot of reading, here are my conclusions up front. This includes support for FIDO2/WebAuthn. UPDATE: The Yubikey-5 is now available (since late September 2018). I hope this article helps you decide whether to buy a Yubikey4, and how to use it. Similarly, the management apps for them have lots of options that only apply to specific versions of keys and are rather confusing to use.
There is good functionality buried in there, but it takes some effort to find. Frankly, the set of available features, options, and the supporting applications are a mess. The Yubico devices have versions from 1 to 4 (currently). The content here is mostly Linux-specific I’m using my Yubikey4 on Linux and MacOS. I’m a software architect, developer, and sometimes sysadmin - and that is the level at which this article discusses the Yubikey. Therefore this article contains results of some research I did myself on the topic.
Even the developer pages are either marketing-oriented or extremely detailed. I recently purchased a Yubikey4, and found the technical documentation very lacking there is lots of info on the website, but most of it is pure marketing-level. Yubico is a company which produces a number of hardware authenticator devices, ie small physical tokens that can be used to authenticate (log in) to IT systems. Yubikey Concepts, Configuration and Use First published on: August 24, 2018
0 kommentar(er)
