

This will generate one time passwords based on a counter (HOTP). There are two options, one (which I don’t want) is Yubico OTP. If you might use YubiCloud in the future don’t reprogram SLOT 1. Open the YubiKey Personalization Tool and program SLOT 2. If you want more details and screenshots see the Kahu Security post. Below is the configuration I used when testing.

I think some of the options I used such as variable input were not working right when the above guide was written. I followed a well-written post: Securing Keepass with a Second Factor – Kahu Security but made a few minor changes. Encrypting a KeePass Database Enable Challenge/Response on the Yubikey Open up the Yubikey NEO Manager, insert a YubiKey and hit Change Connection Mode.Īnd now apps are available. The rest of this post is sort of a guide on some of the things I’ve experimented with. Use with a service that supports FIDO-U2F (Universal Second Factor).Use in place of a Battle.Net Authenticator.Use in place of a Google Authenticator for services that support OATH-TOTP.Secure a KeePass database using a YubiKey.So far Yubico has stood behind their product and done what’s right–last year a security issue was discovered with the Yubikey NEO’s OpenPGP card applet and Yubico issued free replacements to everyone affected. The downside is it’s impossible to upgrade them when new firmware features become available, but the benefit is it’s more secure. YubiKeys purposefully have firmware that can’t be overwritten. It’s $50 on Amazon or can be ordered direct from the Yubico Store for $55. There are several models, I opted for the NEO since it supports the most features and has an NFC chip that Android phones can use. Last year I started looking at 2FA (Two Factor Authentication) solutions and came across YubiKey which is a fantastic little device.
