|
Title: Yubikey use across sites? Post by: Piper67 on September 06, 2011, 02:43:50 PM A question from deep within the recesses of my technical ignorance:
Is it possible for other sites (Tradehill, Flexcoin, Vibanko, etc) to implement user authorizations based on the Yubikey some of us are getting from Mt. Gox? Alternately, would it be possible to have a Yubikey-like solution that would work across many different sites? Sorry if this is a stupid question. Cheers, everyone. Title: Re: Yubikey use across sites? Post by: Drifter on September 06, 2011, 04:18:03 PM You can buy yubikeys that aren't attached to a specific service, but that can't be done with the Mt. Gox specific yubikeys.
Title: Re: Yubikey use across sites? Post by: w1R903 on September 06, 2011, 04:29:59 PM Depends on what version of Yubikey Mt. Gox is using. The latest version can store two passwords. Go to the Yubikey site, download the Yubikey manager software (available for Linux), and check to see how many slots you have available. I was able to store a 32-character password on the second slot of the Yubikey I received for a specific vendor. Just be careful not to overwrite the existing slot, or you may not be able to recover your Yubikey.
Title: Re: Yubikey use across sites? Post by: Otoh on September 06, 2011, 08:27:43 PM I've a regular Yubikey (as well as a free Mt.Goxxed one) that I got with a Lasspass Pro package, seems it's an open one & any site that wishes to contract Yubikey's service & not order proprietary keys could easily add this double authorisation to their sites, then if you have a Yubikey you just get the site to recognise it (2 seconds) & that's it - wish my banks would do this (will ask them) & Gmail too (even though they have phone DA) because I like the physical key & change phones (sim cards/numbers) when I travel
Title: Re: Yubikey use across sites? Post by: elggawf on September 06, 2011, 08:43:07 PM Depends on what version of Yubikey Mt. Gox is using. The latest version can store two passwords. Go to the Yubikey site, download the Yubikey manager software (available for Linux), and check to see how many slots you have available. I was able to store a 32-character password on the second slot of the Yubikey I received for a specific vendor. Just be careful not to overwrite the existing slot, or you may not be able to recover your Yubikey. MtGox use both slots. You can reset your Yubikey to use whatever you like, however doing so will break MtGox logins until you update the key that's stored on their end - and I don't think they've any motivation to do that whatsoever (particularly if you got the yubikey for free). Title: Re: Yubikey use across sites? Post by: w1R903 on September 06, 2011, 09:29:24 PM Mt. Gox must have the single-slot Yubikey, because I don't see how it would be possible to use both slots for a single authentication. That's too bad, since many services offer the dual slot version of Yubikey, which gives users an extra slot to use for their own purposes.
Title: Re: Yubikey use across sites? Post by: Raize on September 06, 2011, 09:50:25 PM I touch once to login and touch and hold for 3 seconds to withdraw on my MtGox-issued Yubikey.
Title: Re: Yubikey use across sites? Post by: MagicalTux on September 06, 2011, 10:10:13 PM We prevent use of the yubikey on other sites to limit (slightly) risks of phishing. Making it normal to enter your yubikey code on other sites might be a risk, and considering recent phishing attempts I wouldn't be surprised we start seeing phishing attempts targetting yubikeys.
Title: Re: Yubikey use across sites? Post by: elggawf on September 07, 2011, 01:50:46 AM Mt. Gox must have the single-slot Yubikey, because I don't see how it would be possible to use both slots for a single authentication. That's too bad, since many services offer the dual slot version of Yubikey, which gives users an extra slot to use for their own purposes. As Raize said, they use both slots - one for logging into the site, and one for authenticating withdrawals. |