Comments on: Yubikey – New Hardware for Strong Authentication

By: Luc

Luc — Fri, 11 Dec 2009 08:18:47 +0000

I feel sorry for you Jen.

I'm part of Musbe, Inc, we designed the swekey authentication key.

We don't have open position to offer yet, but if you want I can send you a free swekey if you want to have a look on the product.

By: Luc

Luc — Fri, 11 Dec 2009 08:15:14 +0000

You should try the swekey.
With the swekey you don't even have to press a button to get the OTP.
We sites can also detect when the swekey is unplugged to automatically logout users…

Fell free to ask for a free swekey for evaluation.

By: Joerg Resch

Joerg Resch — Sun, 10 Aug 2008 08:09:33 +0000

I have been using the Yubikey now for a while and find it very useful. It’s form factor is more user friendly than a smart card format 1-time token device, it is as easy to use as a fingerprint scanning device, it has been 100% reliable and I can use it on any of my computers. With regards to the man-in-the-middle-attack, it provides the same level of security like all those OTP devices. The only difference is, that I don’t need to type the OTP manually.

By: David

David — Mon, 30 Jun 2008 03:36:15 +0000

From what I understand, the One time password is validated by a central server (or a server you hosted yourself). The server software will detect replay attack. So if the OTP is capture and the man in the middle turn around and asked me another and use the 2nd OTP to log me into the site, the 1st OTP is invalidated. If the man-in-the-middle catpured my 1st OTP and just pretend to have dropped it, as long as I re-authenticated with my Yubikey the second time, the 1st OTP is still invalidated.

By: Joerg Resch

Joerg Resch — Thu, 12 Jun 2008 05:07:37 +0000

Pong

By: Joerg Resch

Joerg Resch — Thu, 12 Jun 2008 04:54:38 +0000

Ping