1. t w o -f a c t o r a u t h e n t ic a t io n w it h
y u b ik e y
H elmuth N euberger , hn@zarafaserver.de
2 0 12 j u n e 2 1

2. c o nte nt
p r o b le m a n d
s o lu t io n
y u b ik e y c lo u d
– la s t p a s s
– z a ra fa
…. .
y u b ik e y in t e r n a l
( 4 z a ra fa )
y u b ik e y
t e c h n o lo g y
d o 's a n d d o n t's
de mo
c o s ts

3. p r o b le m a n d s o lu t io n
To many passwords
→ easy passwords used many times
→ hacks like Sony , Nortel, linkedin ….
New ways of authentication
Secure passwords ( thRpf-X%$§1o32 )
One time passwords
Secure password managers / repositories
→ new keys → yubikey !

4. y u b ik e y c lo u d
small USB device
emulate USB keyboard
secure storage of 2 keys
→ one time passwords @ yubico cloud
→ one time passwords @ yourserver
→ up to 64 character static password
Why two-factor-auth. ?
→ normal password + onetimepassword

5. h o w -t o u s e t h e k e y ?
validation service
→ yubikey cloud
→ lasstpass
→ Zarafa
Symantec VIP, Google Apps, OneLogin …....

6. la s t p a s s
Secure cloud storage of ALL your passwords
→ only remember one “strong” password
→ make it more secure with yubikey

7. z a r a fa
YubiCloud with Zarafa WebAccess

8. y u b ik e y t e c h n o lo g y

9. y u b ik e y t e c h n o lo g y

10. y u b ik e y t e c h n o lo g y
NFR
R F ID
na n
o

11. y u b ik e y t e c h n o lo g y
NFR
R F ID
na n
o

12. d o ´ s a nd d o n t's
Allways use “backup” keys !
Make pictures of all keys ( serial ) !
Use the YubiRevoke service !
Never leave yubikey in device !
Never use yubikey as a one-factor-auth.
Never store key info on filesystem !
→ use YubikeyHSM

13. Yu b i k e y H S M

14. c o s ts
1 pcs → 25 $ YubiCloud → free
50 pcs → 15 $ each YubiRevoke → free

15. de mo

16. Th a n k yo u !