Pages:
Author

Topic: YubiKey Security - page 2. (Read 3644 times)

sr. member
Activity: 463
Merit: 252
June 05, 2012, 03:43:31 PM
#1
While working on implementing YubiKeys for various projects it struck me that the stated security of a yubikey token (128 bits) is substantially overstated.

The security of the tokens as most people use them is more like 18 bits.

If you're relying on these tokens for security I strongly suggest that you utilize username/password/OTP authentication and limit authentication attempts per user to something fairly low.

For most users this makes little difference, but it's definitely something to keep in mind when designing an authentication system.
Pages:
Jump to: