[AusNOG] Authentication Tokens

Ian Henderson ianh at chime.net.au
Wed Jun 17 15:11:10 EST 2009


Will Dowling wrote on 2009-06-17:
> I'm currently looking at physical security tokens we can use for a second factor of
> authentication on our work VPN.

I'm using Yubikeys (www.yubico.com) for a side project.

Pros:
- Cheap $25USD per token, software is free.
- Easy to use for the end user. Emulates a USB keyboard - press the button and it 'types' in your current OTP.
- Open API - already supported by Radiator/etc.
- Order online, no resellers/account managers/etc.

Cons:
- If you don't have Internet access, or don't want to rely on Yubico's verification server, you need to run your own. Its all open source PHP/Java/Perl, but it's a bit of a pain in the ass.
- Documentation is hard to find - there's no single "make this work" document.
- Haven't had mine long, and its looking a bit battered being on my keys for easy access. Not sure how long it will last. In comparison, my RSA token lasted ages, including swimming in a pint of beer a few times (just don't ask...).

Certainly easy and cheap to give a few a go in a trial - no major loss if you choose some other product.

Rgds,


- I.

--
Ian Henderson, CCIE #14721
Senior Network Engineer, iiNet Limited



More information about the AusNOG mailing list