Author

Topic: Yubikey use across sites? (Read 1303 times)

sr. member
Activity: 308
Merit: 250
September 06, 2011, 08:50:46 PM
#9
Mt. Gox must have the single-slot Yubikey, because I don't see how it would be possible to use both slots for a single authentication.  That's too bad, since many services offer the dual slot version of Yubikey, which gives users an extra slot to use for their own purposes.

As Raize said, they use both slots - one for logging into the site, and one for authenticating withdrawals.
vip
Activity: 608
Merit: 501
-
September 06, 2011, 05:10:13 PM
#8
We prevent use of the yubikey on other sites to limit (slightly) risks of phishing. Making it normal to enter your yubikey code on other sites might be a risk, and considering recent phishing attempts I wouldn't be surprised we start seeing phishing attempts targetting yubikeys.
donator
Activity: 1419
Merit: 1015
September 06, 2011, 04:50:25 PM
#7
I touch once to login and touch and hold for 3 seconds to withdraw on my MtGox-issued Yubikey.
full member
Activity: 218
Merit: 100
September 06, 2011, 04:29:24 PM
#6
Mt. Gox must have the single-slot Yubikey, because I don't see how it would be possible to use both slots for a single authentication.  That's too bad, since many services offer the dual slot version of Yubikey, which gives users an extra slot to use for their own purposes.
sr. member
Activity: 308
Merit: 250
September 06, 2011, 03:43:07 PM
#5
Depends on what version of Yubikey Mt. Gox is using.  The latest version can store two passwords.  Go to the Yubikey site, download the Yubikey manager software (available for Linux), and check to see how many slots you have available.  I was able to store a 32-character password on the second slot of the Yubikey I received for a specific vendor.  Just be careful not to overwrite the existing slot, or you may not be able to recover your Yubikey.

MtGox use both slots.

You can reset your Yubikey to use whatever you like, however doing so will break MtGox logins until you update the key that's stored on their end - and I don't think they've any motivation to do that whatsoever (particularly if you got the yubikey for free).
donator
Activity: 3136
Merit: 1167
September 06, 2011, 03:27:43 PM
#4
I've a regular Yubikey (as well as a free Mt.Goxxed one) that I got with a Lasspass Pro package, seems it's an open one & any site that wishes to contract Yubikey's service & not order proprietary keys could easily add this double authorisation to their sites, then if you have a Yubikey you just get the site to recognise it (2 seconds) & that's it - wish my banks would do this (will ask them) & Gmail too (even though they have phone DA) because I like the physical key & change phones (sim cards/numbers) when I travel
full member
Activity: 218
Merit: 100
September 06, 2011, 11:29:59 AM
#3
Depends on what version of Yubikey Mt. Gox is using.  The latest version can store two passwords.  Go to the Yubikey site, download the Yubikey manager software (available for Linux), and check to see how many slots you have available.  I was able to store a 32-character password on the second slot of the Yubikey I received for a specific vendor.  Just be careful not to overwrite the existing slot, or you may not be able to recover your Yubikey.
sr. member
Activity: 364
Merit: 252
September 06, 2011, 11:18:03 AM
#2
You can buy yubikeys that aren't attached to a specific service, but that can't be done with the Mt. Gox specific yubikeys.
legendary
Activity: 1106
Merit: 1001
September 06, 2011, 09:43:50 AM
#1
A question from deep within the recesses of my technical ignorance:

Is it possible for other sites (Tradehill, Flexcoin, Vibanko, etc) to implement user authorizations based on the Yubikey some of us are getting from Mt. Gox? Alternately, would it be possible to have a Yubikey-like solution that would work across many different sites?

Sorry if this is a stupid question.

Cheers, everyone.
Jump to: