[AusNOG] Authentication Tokens

[Ian Henderson]

Will Dowling wrote on 2009-06-17:
> I'm currently looking at physical security tokens we can use for a second factor of
> authentication on our work VPN.

I'm using Yubikeys (www.yubico.com) for a side project.

Pros:
- Cheap $25USD per token, software is free.
- Easy to use for the end user. Emulates a USB keyboard - press the button and it 'types' in your current OTP.
- Open API - already supported by Radiator/etc.
- Order online, no resellers/account managers/etc.

Cons:
- If you don't have Internet access, or don't want to rely on Yubico's verification server, you need to run your own. Its all open source PHP/Java/Perl, but it's a bit of a pain in the ass.
- Documentation is hard to find - there's no single "make this work" document.
- Haven't had mine long, and its looking a bit battered being on my keys for easy access. Not sure how long it will last. In comparison, my RSA token lasted ages, including swimming in a pint of beer a few times (just don't ask...).

Certainly easy and cheap to give a few a go in a trial - no major loss if you choose some other product.

Rgds,


- I.

--
Ian Henderson, CCIE #14721
Senior Network Engineer, iiNet Limited