[ale] Deal on yubikey HW for 2FA

DJ-Pfulio djpfulio at jdpfu.com
Sun Oct 4 08:35:35 EDT 2015


Thanks for the info Jeremy!

Would love to have others with knowledge or warnings reply too.



This is the cheapest Yubikey I've seen and it *is* limited to U2F - but that
includes google and most of the google properties.

U2F can be used with PAM and ssh can be authenticated with this device too. I
think the PAM part isn't so bad/hard.  The ssh-specific method appears to
require building a new ssh - don't think I'll be doing that. It isn't like ssh
doesn't/can't use PAM.

No Yubikey is the holy grail, but if you'd like to cheaply get one or two of
these devices, this is the cheapest they've been.


On 10/04/2015 02:04 AM, Jeremy T. Bouse wrote:
> I've got an older Yubikey VIP that I believe the only thing I use it for is
> PayPal. For everything else I have my 2FA handled by using either Google
> Authenticator or Duo Security and I could honestly just move that down to Duo as
> it can handle both for me. Cost is nothing more than the smartphone/tablet I
> already own and always have handy nearby. If I site I use supports 2FA it's
> enabled immediately and used along with the long randomly generated password.
> Almost all of my servers with any outside public access require Duo 2FA to login
> and pretty much use SSH identity keys over v2 protocol to gain access.
> 
> On 2015-10-04 01:14, DJ-Pfulio wrote:
>> Hope that nobody minds this ...
>>
>> Github and Yubico are pushing 2-Factor Authentication by making it VERY
>> cheap.  $5 for a device + shipping and handling.  Limit 2; having 2 is a
>> "best practice" to avoid issue if you loose one when traveling.
>>
>> The offer:
>> https://www.yubico.com/github-special-offer/github-yubikey-special-offer/
>>
>> -------
>> I ordered 2 - total cost was $15 including shipping.
>>
>> An unvalidated list of websites claiming support for the U2F protocol:
>>   http://www.dongleauth.info/
>>
>> Only downside that I know is Google Chrome or Chromium browsers are
>> required. Doesn't work with Firefox. There appears to be some udev setup
>> required as well.
>>
>> Anyway - cheap protection against phishing  and replay attacks for some
>> online websites.



More information about the Ale mailing list