YubiKey & OATH- TOTP Verification



Similar documents
VIP YubiKey Unlock Guide

Configuring a YubiKey for the YubiCloud

NetMotion + YubiRADIUS Quick Start Guide

NEO Manager Quick Start Guide

Yubico Authenticator User's Guide

YubiKey OSX Login. yubico. Via Yubico-PAM Challenge-Response. Version 1.6. October 24, 2015

September 25, Programming YubiKeys for Okta Adaptive Multi-Factor Authentication

Yubico YubiHSM Monitor

YubiKey Authentication Module Design Guideline

Multi-Factor Authentication for first time users

NetIQ Advanced Authentication Framework

YubiRADIUS Deployment Guide for corporate remote access. How to Guide

Guide for Setting Up Your Multi-Factor Authentication Account and Using Multi-Factor Authentication. Mobile App Activation

YubiCloud OTP Validation Service. Version 1.2

2-FACTOR AUTHENTICATION WITH

Yubico PIV Management Tools

Rohos Logon Key for Windows Remote Desktop logon with YubiKey token

Yale Software Library

How to install and use the File Sharing Outlook Plugin

USER MANUAL. v Windows Client January

1. Scope of Service. 1.1 About Boxcryptor Classic

Two-Factor Authentication

Guide for Setting Up Your Multi-Factor Authentication Account and Using Multi-Factor Authentication

Mobile Pay. for Android TM. *Android Version 4.0 or higher required

Device LinkUP + Desktop LP Guide RDP

Mac OS X User Manual Version 2.0

YubiKey Integration for Full Disk Encryption

Remote Desktop Services User's Guide

LP 2844 Thermal Printer

YubiCloud Validation Service. Version 1.1

MCBDirect Corporate Logging on using a Soft Token

NetIQ Advanced Authentication Framework - Smartphone Applications

Transferring Scans from your Dolphin into Destiny

Table of Contents. TPM Configuration Procedure Configuring the System BIOS... 2

DUO SECURITY CISCO VPN USER GUIDE 1/27/2016

SafeNet Authentication Client (Windows)

HOTPin Integration Guide: Microsoft Office 365 with Active Directory Federated Services

YubiKey with Password Safe

Welcome to ncrypted Cloud!

TrustKey Tool User Manual

Gold Lock Desktop. User Manual. Follow these simple steps to install, configure, and use Gold Lock Desktop.

Two-Factor Authentication

StarWind iscsi SAN Software: Tape Drives Using StarWind and Symantec Backup Exec

KANGAROO MOBILE DESKTOP USER GUIDE

Important Notes for WinConnect Server ES Software Installation:

Steps for using MagicConnect

Getting Started with POS. Omni POS Getting Started Manual. switched on accounting

Establishing two-factor authentication with Barracuda NG Firewall and HOTPin authentication server from Celestix Networks

How to use SURA in three simple steps:

Mobility with Eye-Fi Scanning Guide

VERIZON WIRELESS VZACCESS MANAGER QUICK START GUIDE FOR PC CARDS

Two Factor Authentication - USER GUIDE

Free Multi-Factor Authentication. Using and SMS in Enterprise/Random Password Manager (E/RPM)

ecstudent-ts Terminal Server How to Use

Note: This documentation was written using the Samsung Galaxy S5 and Android version 5.0. Configuration may be slightly different.

MiraCosta College now offers two ways to access your student virtual desktop.

Remote Access End User Guide (Cisco VPN Client)

Cloud Attached Storage

Simple Computer Backup

PROXKey Tool User Manual

Step 1. Step 2. Open your browser and go to and you will be presented a logon screen show below.

Global VPN Client Getting Started Guide

Guide to Installing BBL Crystal MIND on Windows 7

TECHNICAL BULLETIN. Configuring Wireless Settings in an i-stat 1 Wireless Analyzer

Solution domain. Cloud PC Backup Startingkit for users. Date 26/05/2015 Sensitivity Unrestricted Our reference V1.0 Contact

March How Eye-Fi Works Overview Flowcharts

Cloud Print Edition Quick Start Guide

Implementation Guide for protecting

Millennium SMS. Setup Guide. Version 1.01

Abila Nonprofit Online. Connection Guide

Presto User s Manual. Collobos Software Version Collobos Software, Inc!

Establishing two-factor authentication with Cyberoam UTM appliances and HOTPin authentication server from Celestix Networks

Smart TPM. User's Manual. Rev MD-STPM-1001R

Using GhostPorts Multi-Factor Authentication

Getting Started With Halo for Windows

USB 2.0 to VGA Quick Installation Guide

CRM Connector Installation & Integration USER GUIDE

HOTPin Integration Guide: Google Apps with Active Directory Federated Services

Akin Gump Strauss Hauer & Feld LLP Remote Access Resources (DUO)

HP Point of Sale (POS) Peripherals Configuration Guide 2D Imaging / Linear / Presentation Scanner

Two Factor Authentication (TFA; 2FA) is a security process in which two methods of authentication are used to verify who you are.

Access the UTHSCSA Palo Alto Networks (PAN) VPN using Global Protect VPN client and Two Factor Authentication (2FA)

NEC CLOUD STORAGE. Demo Guide

You can find the installer for the +Cloud Application on your SanDisk flash drive.

Getting Started What s included Setting up Fitbit One on a computer Mac & PC Requirements... 2

8x8 Click2Pop User Guide

QUICK START GUIDE Bluetooth Cordless Hand Scanner (CHS)

Getting to Know Your Mobile Internet Key

HOTPin Integration Guide: Salesforce SSO with Active Directory Federated Services

Replacing legacy twofactor. with YubiRADIUS for corporate remote access. How to Guide

IONU BETA USER MANUAL IONU Security, Inc.

Fingerprint Identity User Manual for the Griaule Biometric Framework Rev 1.00

NovaBACKUP xsp Version 15.0 Upgrade Guide

Mobile Printing. User's Guide

Scan2CRM - SalesForce

Backups User Guide. for Webroot SecureAnywhere Essentials Webroot SecureAnywhere Complete

Entrust Certificate Services for Adobe CDS

Windows XP Chinese Character Support Installation Instruction

Transcription:

YubiKey & OATH- TOTP Verification February 7, 2014 YubiKey & OATH-TOTP Verification 2014 Yubico. All rights reserved. Page 1 of 11

Introduction Disclaimer Yubico is the leading provider of simple, open online identity protection. The company s flagship product, the YubiKey, uniquely combines driverless USB hardware with open source software. More than a million users in 100 countries rely on YubiKey strong two-factor authentication for securing access to computers, mobile devices, networks and online services. Customers range from individual Internet users to e-governments and Fortune 500 companies. Founded in 2007, Yubico is privately held with offices in California, Sweden and UK. The contents of this document are subject to revision without notice due to continued progress in methodology, design, and manufacturing. Yubico shall have no liability for any error or damages of any kind resulting from the use of this document. The Yubico Software referenced in this document is licensed to you under the terms and conditions accompanying the software or as otherwise agreed between you or the company that you are representing. Trademarks Yubico and YubiKey are trademarks of Yubico Inc. Contact Information Yubico Inc 228 Hamilton Avenue, 3rd Floor Palo Alto, CA 94301 USA info@yubico.com YubiKey & OATH-TOTP Verification 2014 Yubico. All rights reserved. Page 2 of 11

1 Setting up the YubiKey for OATH-TOTP All YubiKey hardware can support the OATH-TOTP standard authentication method, used by services such as Microsoft Cloud accounts, Google Apps, Dropbox, EverNote and GitHub. This method utilizes one of the two configuration slots for a single site; no more than 2 sites or services can be supported on a single YubiKey. If there is a need to support additional sites or services, Yubico recommends the YubiKey NEO used with the YubiKey Desktop Authenticator and YubiOATH Android app. To setup your YubiKey for OATH-TOTP 2-step verification, you will need: Access to the account to be secured with OATH-TOTP The YubiTOTP application A YubiKey version 2.2 (or later) with an empty configuration slot The YubiTOTP application above can be found in the Yubico webpage: http://www.yubico.com/applications/internet-services/gmail/ Caution: YubiKeys normally come shipped with the first configuration slot Pre-configured with either a Yubico OTP or a Symantec VIP credential. Be extra careful about overwriting this. This guide assumes that you decide to use the second configuration slot, which is empty by default. The procedure adds a Challenge/Response configuration to the YubiKey in HMAC- SHA1 mode using the shared OATH secret from the site or service to be secured. The helper app (YubiTOTP) passes the current system time as a challenge to the YubiKey and processes the response as per the OATH specification to generate a 6 or 8 digit OATH-TOTP code. The helper app is triggered by double clicking the icon in the system tray. The OATH-TOTP 6 or 8 digit response is automatically typed into the text field the cursor is currently in. YubiKey & OATH-TOTP Verification 2014 Yubico. All rights reserved. Page 3 of 11

2 Configuring a YubiKey for TOTP on a Secured Site When setting up a YubiKey to work with a site protected with OATH-TOTP, the process will be to take the secret key provided by that site and configure it directly into one of the slots on the YubiKey. While each site will have a different process to present the secret key slightly differently, the process should have some similar steps: 1. Log into your Account Before 2-Factor verification can be applied to any account, you will first need to be able to log into the account. 2. Access Security / 2 nd Factor Verification Settings Most sites or services will have the settings for 2-Factor verification in the Security section of the user account settings. Some sites will require verification of a backup device, like an SMS/text message capable mobile phone, before permitting users to set up a 2 nd Factor Verification device. 3. Select Mobile Application When setting up your YubiKey, you will want to choose the option to set up a Mobile Application for verification; the process for configuring the YubiKey uses the same secret key as used by less secure mobile authentication apps. For ease of use, Yubico recommends selecting Android as the device type if prompted. 4. Look for the QR code Most sites or services first present the secret key as a QR Code (see example below). When a QR code is presented, there should be a link or option to present the secret key as plain text as well, such as an option if the QR code cannot be scanned Example of a QR code image 5. Display the Secret Key as text Clicking on the link or option to display the secret key should display the key as text. The secret key is often displayed in blocks of no more than 4 characters apiece. Example of a Secret Key 6. Copy the Secret Key Copy the Secret Key to the clipboard. It is HIGHLY recommend to also save the secret key to a secure location or to print it out and file it with other records. With a copy of the secret key, a backup YubiKey can be configured to gain access to the secured account in the event your primary YubiKey is unavailable. YubiKey & OATH-TOTP Verification 2014 Yubico. All rights reserved. Page 4 of 11

7. Plug in your YubiKey & Launch the YubiTOTP app The YubiTOTP app will automatically configure the YubiKey when the secret code is provided. When running, the YubiTOTP app should appear in the icon tray on the task bar (icon may be hidden at first). The YubiTOTP app will also need to be running to generate the Verification codes once the YubiKey is configured. 8. Open the YubiTOTP Configuration Window Open the configuration window by right clicking the YubiTOTP app taskbar icon. In the Right click context menu, select Show configuration window 9. Configure the OATH-TOTP Settings Check with the service for the OATH-TOTP verification settings. If settings are not explicitly stated by the site or service, use the 6 digit TOTP option and ensure the Use token identifier and Append Enter last options are not checked. 10. Check your YubiKey Ensure the correct YubiKey is plugged in click the Check button on the YubiTOTP configuration window. YubiKey & OATH-TOTP Verification 2014 Yubico. All rights reserved. Page 5 of 11

11. Paste the Secret Key in the YubiTOTP app From the Clipboard, paste the secret key into the text field in the YubiTOTP app. This will automatically start the process to program the YubiKey to work with the YubiTOTP app for the OATH-TOTP verification. When prompted to program the selected Configuration slot, select Yes to proceed. 12. Congratulations, your YubiKey has been successfully configured! When the site or service prompts you for the Verification Code, put the cursor in the indicated field, select (or double click) the Yubico icon in the system tray then select "Verify". You may want to configure your system tray so the YubiTOTP icon is always visible "show icon and notifications". 13. Using the YubiTOTP app When asked for a TOTP code from the secured site, make sure the YubiTOTP app is launched. With your configured YubiKey plugged in, click inside the field indicated for the TOTP code, then double click the YubiTOTP icon. The code will be entered automatically. 14. Create a back-up YubiKey A backup YubiKey can be created at any time using the YubiTOTP app and the secret key acquired from the site. Simply follow the previous steps with the new YubiKey, but use your existing secret key instead of requesting a new one from the site or service. Requesting a new secret key from an OATH-TOTP secured site will result in your original YubiKey to no longer be valid for that site or service. YubiKey & OATH-TOTP Verification 2014 Yubico. All rights reserved. Page 6 of 11

3 Setting up Google Apps As an example, below are the steps required to set up a Google Apps account s OATH-TOTP 2-factor verification with a YubiKey and the YubiTOTP app. 1. Log in to your Gmail Account and choose "Account". 2. In the Account page, select Security and locate the 2-step verification" section. Click the button labelled settings, and proceed to register for 2-step verification by registering a telephone number to the Google Account. YubiKey & OATH-TOTP Verification 2014 Yubico. All rights reserved. Page 7 of 11

3. Once 2-step verification is enabled, locate the Mobile Application section and select the Android option. The actual screen layout may be a bit different based on your region. 4. In the dialog that opens, click the Can t scan the barcode? link under the image and copy the 20 digit key provided. YubiKey & OATH-TOTP Verification 2014 Yubico. All rights reserved. Page 8 of 11

5. Launch the YubiTOTP app and right click its taskbar icon. In the Right click context menu, select Show configuration window 6. Plug in your YubiKey and click the Check button on the YubiTOTP configuration window. Make sure the Use token identifier and Append Enter last options are not checked. 7. Paste the Google Application key into the text field in the YubiTOTP app. This will automatically program the YubiKey to work with the YubiTOTP app for the Google Authenticator. YubiKey & OATH-TOTP Verification 2014 Yubico. All rights reserved. Page 9 of 11

8. Congratulations, your YubiKey has been successfully configured! When Google prompts you for the Verification Code, put the cursor in the box, select (double click) the Yubico icon in the system tray then select "Verify". You may want to configure your system tray so the YubiTOTP icon is always visible "show icon and notifications". YubiKey & OATH-TOTP Verification 2014 Yubico. All rights reserved. Page 10 of 11

4 Troubleshooting If your YubiKey is not generating valid codes, check the following: Make sure the correct YubiKey is inserted. Make sure only a single YubiKey is inserted in the computer. Attempt to enter another code TOTP codes have a limited lifespan, and are often not valid after 30 seconds or less. If a TOTP code is not entered soon enough, it may expire and a new code will need to be generated. Make sure the system time on the host computer is correct if the system time is off, the timedependent codes will not be valid. Make sure the host computer is set to the correct time, or automatically syncing its internal clock to a valid timekeeping site. Make sure your YubiKey is plugged in securely and in the correct orientation with the USB slot. If the LED on the YubiKey is not on, it is not inserted correctly. YubiKey & OATH-TOTP Verification 2014 Yubico. All rights reserved. Page 11 of 11

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information