Derick Posted January 13, 2020 Share Posted January 13, 2020 I'm rolling out 2FA for our The password reset and password database. Although some users are happy to use a mobile device others wanted us to provide a token. Having looked at the ease of use for setup and use of U2F tokens I'd like to request u2F support. We use Duo as our 2FA and the Duo API allows u2F tokens so I'm hoping it's not too complex. Additionally the ease of use, single click for password resets, or 2fa to a stored database. It's a sure way to encourage user enrollment. Thanks Derick Link to comment Share on other sites More sharing options...
La+zy Posted August 9, 2020 Share Posted August 9, 2020 Firstly, it appears that entering a forum search for "U2F" does not return this post. I only found it from a Google search result, and had to enter "Derick" to find the post. If this feature would allow us to use YubiKey U2F, then I second the request - it would be very convenient. We currently us it for AWS - enter username and password, click the button on the YubiKey, you're in. ...or, if this feature is already available, please let me know X-/ Cheers Link to comment Share on other sites More sharing options...
support Posted August 9, 2020 Share Posted August 9, 2020 Hi La+zy, Yes, our Yubikey implementation supports U2F - we were only testing it again the other day, and the press of the button is quite convenient Regards Click Studios Link to comment Share on other sites More sharing options...
Martin W. Posted August 10, 2020 Share Posted August 10, 2020 Dear Support, where should we found the implementation for U2F? There are only OATH(TOTP/HOTP) and yubico OTP, but no U2F or similar. I asked some time ago, but got no answer from support https://www.clickstudios.com.au/community/index.php?/topic/5232-full-yubikey-support-with-webauthn/ Best regards Link to comment Share on other sites More sharing options...
La+zy Posted August 10, 2020 Share Posted August 10, 2020 Thanks Martin, I was going to ask the same question. Serves me right for not originally asking "if this feature is already available, please let me know where" The OATH - HOTP option works well with a YubiKey if you have a spare "slot" in the key, but I suspect U2F would be preferable. Looking forward to the CS response. Cheers Link to comment Share on other sites More sharing options...
support Posted August 10, 2020 Share Posted August 10, 2020 Hi Guys, Hopefully I have not misunderstood what U2F is, with respects to Yubikey. Can you please have a look at the following: https://www.clickstudios.com.au/downloads/version9/Passwordstate_Security_Administrators_Manual.pdf - Page 116 and 117 https://www.clickstudios.com.au/downloads/version9/Passwordstate_User_Manual.pdf Page 147, 148 and 149. By using the Yubikey OTP option, we can authenticate with a click on the button as you've mentioned La+zy - it autofills the OTP on the screen. Regards Click Studios Link to comment Share on other sites More sharing options...
Martin W. Posted August 18, 2020 Share Posted August 18, 2020 Hey Support, U2F is slightly better than Yubico OTP see https://www.yubico.com/authentication-standards/fido-u2f/ Also there is no need for any fields on the website, because the Browser communicate directly with the U2F device. Best regards Link to comment Share on other sites More sharing options...
La+zy Posted August 20, 2020 Share Posted August 20, 2020 Yep, what Martin said. Using an AWS logon with U2F as an example: Page 1: We enter the standard username and password, click Sign In Page 2: We are prompted "Insert your U2F security key into your USB port, and then tap the button or gold disk", the YubiKey flashes, we tap the button on the key and we're in It's not a huge thing, but it would simplify the use/management of our YubiKeys, assuming PasswordState could use the same U2F credentials in the primary YubiKey "slot". Cheers Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now