|
Title: Mt.Gox: now yubikey enabled Post by: MagicalTux on July 07, 2011, 11:55:39 PM You can now order a yubikey if you have a Mt.Gox account and 29.99 USD or equivalent in bitcoins.
You can just login to Mt.Gox and click on "order a yubikey". For the past weeks we have been focusing on improving the security on our site, both on our side, and on our users' side. We have tested various options, and the yubikey was chosen as it is cost-effective and secure. Each time you use it, a 44 characters long code is inputted by your yubikey on your keyboard. This string is in fact the hexadecimal representation of an AES128 encrypted message that allows us to certify you are indeed you. We will start shipping those today to people who have already ordered, and hve some stocks for the next days. So far it is difficult to know exactly how many people will order, swhich make it difficult to provide an estimate. We will update as we receive more orders on the shipping delays. When shipped you receive an URL to track your package. Title: Re: Mt.Gox: now yubikey enabled Post by: Chick on July 08, 2011, 12:10:22 AM You can now order a yubikey if you have a Mt.Gox account and 29.99 USD or equivalent in bitcoins. You can just login to Mt.Gox and click on "order a yubikey". For the past weeks we have been focusing on improving the security on our site, both on our side, and on our users' side. We have tested various options, and the yubikey was chosen as it is cost-effective and secure. Each time you use it, a 44 characters long code is inputted by your yubikey on your keyboard. This string is in fact the hexadecimal representation of an AES128 encrypted message that allows us to certify you are indeed you. We will start shipping those today to people who have already ordered, and hve some stocks for the next days. So far it is difficult to know exactly how many people will order, swhich make it difficult to provide an estimate. We will update as we receive more orders on the shipping delays. When shipped you receive an URL to track your package. Awesome! Title: Re: Mt.Gox: now yubikey enabled Post by: terrytibbs on July 08, 2011, 12:13:16 AM Where do I order one?
Title: Re: Mt.Gox: now yubikey enabled Post by: Chick on July 08, 2011, 12:13:48 AM Title: Re: Mt.Gox: now yubikey enabled Post by: terrytibbs on July 08, 2011, 12:16:16 AM Gah, I see it now!
Now shut up. Title: Re: Mt.Gox: now yubikey enabled Post by: BitcoinPorn on July 08, 2011, 11:32:20 AM Quote The yubikey is a small USB dongle from Yubico which generates one-time passwords (OTPs) and pretends to be a USB keyboard in order to enter the OTP into the keyboard datastream. I found out about them by chance - I can't remember how - and decided to buy one for experimentation. A major feature is that, having neither a real-time clock nor a display and thus needing no batteries either, they're really rather cheap. Including postage, mine cost less than £20, and you definitely won't get a SecurID dongle for that. Also, all the yubikey back-end software is generally available under GPL or other free licences; the security is your responsibility, not someone else's. I say "more-secure" not "secure" in the title because it looks as if it'll still be single-factor authentication, as right now not all methods of validating the yubikey OTP support the use of a personal PIN as well. But yubikey authentication is still much better than straight username-password as the dongle is not easily copied, and the OTP data is, well, only usable once. Not that this is a major issue, but I must confess that another attraction of the yubikey is that, it being lightweight and thin, I can wear it around my neck like a sort of digital dog-tag. Geek marine! Semper pinguis! http://www.teaparty.net/technotes/data/yubikey.gif http://www.teaparty.net/technotes/yubikey.html In case I wasn't the only one not fully familiar with this type of product. Title: Re: Mt.Gox: now yubikey enabled Post by: jacoder on July 08, 2011, 12:26:50 PM 20$? In my order I see zero$, am I lucky?
Title: Re: Mt.Gox: now yubikey enabled Post by: BitcoinCyberStore.com on July 08, 2011, 01:27:09 PM From MTGOX notice:
Quote Please note that our Yubikey can only be used with Mt.Gox. From what I understand about Yubikey, there are two modes of operation... OTP mode where the password changes all the time... and "Static" mode where a frozen OTP is output when you press/hold the button. While I'm sure the OTP mode is "locked into MTGOX", the "static mode" will work for you in other cases, as long as you append the 44 digit "frozen" string with your own easy to remember password. This is pretty close to two-factor authentication. But for $25, you can get your own yubikey (from yubico) and get the OTP mode for your own use and possibly be able to use the "almost two-factor authentication" at MTGOX. I've recently ordered 3 of them from Yubico for me and my family. Title: Re: Mt.Gox: now yubikey enabled Post by: angelo95 on July 08, 2011, 01:34:01 PM I have to say kudos to MtGox this time. They were bad on security but this is a proof that they try to improve and I notice that.
Title: Re: Mt.Gox: now yubikey enabled Post by: kiwiasian on July 08, 2011, 01:43:04 PM Just logged in to my account with Yubikey. So I'm assuming my account has been tied to my key. Is two-factor withdrawal authentication automaticay enabled now?
Title: Re: Mt.Gox: now yubikey enabled Post by: WakiMiko on July 08, 2011, 02:04:34 PM From http://www.teaparty.net/technotes/yubikey.html:
Quote I'll explain this in more detail later, but one nice wrinkle of the v2 yubikeys is that they support two profiles, which I shall refer to as slot-1 and slot-2. In use, these are differentiated by length of touch on the sensor; a quick press generates a token from the slot-1 data, a press of 3-4 seconds generates one from slot-2 data. Their website doesn't make clear, but their tech support confirms, that both slots can be in OTP mode. I intend to use slot-1 myself; I'll keep the AES key secret, and build my own authentication servers. But I intend to upload slot-2's AES key to yubikey, and use the infrastructure they provide when authenticating to the world. Is it possible to use the 2nd slot for other applications when ordering from MtGox, or will the 2nd slot be disabled? Can I overwrite the MtGox AES key and essentially lock myself out? Title: Re: Mt.Gox: now yubikey enabled Post by: Littleshop on July 08, 2011, 06:33:17 PM You can now order a yubikey if you have a Mt.Gox account and 29.99 USD or equivalent in bitcoins. Does it work on a mac?You can just login to Mt.Gox and click on "order a yubikey". For the past weeks we have been focusing on improving the security on our site, both on our side, and on our users' side. We have tested various options, and the yubikey was chosen as it is cost-effective and secure. Each time you use it, a 44 characters long code is inputted by your yubikey on your keyboard. This string is in fact the hexadecimal representation of an AES128 encrypted message that allows us to certify you are indeed you. We will start shipping those today to people who have already ordered, and hve some stocks for the next days. So far it is difficult to know exactly how many people will order, swhich make it difficult to provide an estimate. We will update as we receive more orders on the shipping delays. When shipped you receive an URL to track your package. Title: Re: Mt.Gox: now yubikey enabled Post by: BitcoinCyberStore.com on July 08, 2011, 06:44:53 PM Does it work on a mac? Yubikey is a USB device that acts like a standard USB keyboard. Should work automatically on any platform.Title: Re: Mt.Gox: now yubikey enabled Post by: SlipperySlope on July 08, 2011, 07:01:50 PM I would like it to work with the Mt Gox Trading API.
Title: Re: Mt.Gox: now yubikey enabled Post by: barbarousrelic on July 08, 2011, 08:53:35 PM It would be even better if this key could be incorporated with the Bitcoin client itself.
Title: Re: Mt.Gox: now yubikey enabled Post by: hashme on July 08, 2011, 09:08:18 PM I would like it to work with the Mt Gox Trading API. +1Title: Re: Mt.Gox: now yubikey enabled Post by: lebish on July 08, 2011, 09:25:08 PM Does it work on a mac? Yes, I use it for other projects with my Macs. Title: Re: Mt.Gox: now yubikey enabled Post by: MagicalTux on July 09, 2011, 06:09:51 AM what's the deal with those of us who already have a standard yubikey and want to use it with mtgox's? The yubikeys we are providing at this point are locked with both slots reserved for Mt.Gox. Both slots are blocked and limited to Mt.Gox, however we will offer at some point the ability to unlink a key, which would then allow to retrieve the key's codes. We will also open the ability to use yubicloud keys for protection. I would like to provide notice, however, than using the same key on different websites opens a serious security risk if you are not confident on each site's trustworthiness. A site could - for example - show "yubikey compatible" on its page but in fact use the OTP you provide it to identify itself on a different yubicloud-enabled site and do bad things there. This wouldn't be really hard to do, but could be really bad depending on the attacked website. |
