Yubikey use across sites? | Bitcointalksearch.org

elggawf

sr. member

Activity: 308

Merit: 250

Quote from: w1R903 on September 06, 2011, 04:29:24 PM

Mt. Gox must have the single-slot Yubikey, because I don't see how it would be possible to use both slots for a single authentication. That's too bad, since many services offer the dual slot version of Yubikey, which gives users an extra slot to use for their own purposes.

As Raize said, they use both slots - one for logging into the site, and one for authenticating withdrawals.

MagicalTux

vip

Activity: 608

Merit: 501

-

We prevent use of the yubikey on other sites to limit (slightly) risks of phishing. Making it normal to enter your yubikey code on other sites might be a risk, and considering recent phishing attempts I wouldn't be surprised we start seeing phishing attempts targetting yubikeys.

Raize

donator

Activity: 1419

Merit: 1015

I touch once to login and touch and hold for 3 seconds to withdraw on my MtGox-issued Yubikey.

w1R903

full member

Activity: 218

Merit: 100

Mt. Gox must have the single-slot Yubikey, because I don't see how it would be possible to use both slots for a single authentication. That's too bad, since many services offer the dual slot version of Yubikey, which gives users an extra slot to use for their own purposes.

elggawf

sr. member

Activity: 308

Merit: 250

Quote from: w1R903 on September 06, 2011, 11:29:59 AM

Depends on what version of Yubikey Mt. Gox is using. The latest version can store two passwords. Go to the Yubikey site, download the Yubikey manager software (available for Linux), and check to see how many slots you have available. I was able to store a 32-character password on the second slot of the Yubikey I received for a specific vendor. Just be careful not to overwrite the existing slot, or you may not be able to recover your Yubikey.

MtGox use both slots.

You can reset your Yubikey to use whatever you like, however doing so will break MtGox logins until you update the key that's stored on their end - and I don't think they've any motivation to do that whatsoever (particularly if you got the yubikey for free).

Otoh

donator

Activity: 3108

Merit: 1166

I've a regular Yubikey (as well as a free Mt.Goxxed one) that I got with a Lasspass Pro package, seems it's an open one & any site that wishes to contract Yubikey's service & not order proprietary keys could easily add this double authorisation to their sites, then if you have a Yubikey you just get the site to recognise it (2 seconds) & that's it - wish my banks would do this (will ask them) & Gmail too (even though they have phone DA) because I like the physical key & change phones (sim cards/numbers) when I travel

w1R903

full member

Activity: 218

Merit: 100

Depends on what version of Yubikey Mt. Gox is using. The latest version can store two passwords. Go to the Yubikey site, download the Yubikey manager software (available for Linux), and check to see how many slots you have available. I was able to store a 32-character password on the second slot of the Yubikey I received for a specific vendor. Just be careful not to overwrite the existing slot, or you may not be able to recover your Yubikey.

Drifter

sr. member

Activity: 364

Merit: 252

You can buy yubikeys that aren't attached to a specific service, but that can't be done with the Mt. Gox specific yubikeys.

Piper67

legendary

Activity: 1106

Merit: 1001

A question from deep within the recesses of my technical ignorance:

Is it possible for other sites (Tradehill, Flexcoin, Vibanko, etc) to implement user authorizations based on the Yubikey some of us are getting from Mt. Gox? Alternately, would it be possible to have a Yubikey-like solution that would work across many different sites?

Sorry if this is a stupid question.

Cheers, everyone.

Topic: Yubikey use across sites? (Read 1301 times)