Computer login with two-factor authentication

It doesn’t matter which operating system you have installed — Windows, Mac OS X or Linux — you can use a YubiKey to strengthen authentication and keep intruders from prying into your computer.

Windows

Associating a YubiKey with a Windows account is straightforward for both enterprise users connected to a domain and end-users running a single computer.

For enterprise users, the YubiKey NEO and NEO-n act as a smart-card, link to a Windows Certificate Authority, and work with any supported Windows Client operating system. This configuration enables RSA or ECC sign/decrypt operations.

Both keys support NIST’s SP 800-73 Personal Identity Verification Card (PIV) interface. Setting up the YubiKey NEO requires one of the YubiKey PIV Manager tools (either the user interface or command line version). In addition, Authlite from Collective Software integrates with Microsoft’s Active Directory to support two-factor authentication.

For individual users, with a local account on their Windows computer, a small utility is installed that works in conjunction with a YubiKey to secure access. This feature works without an Internet connection. It does not work with Microsoft Cloud Accounts.

Linux

Workstation:

The Yubico Pluggable Authentication Module (PAM) provides an easy way to integrate the YubiKey into existing user authentication infrastructures. PAM is used by GNU/Linux, Solaris and Mac OS X for user authentication. There is an offline validation option via the use of HMAC-SHA1 Challenge-Response feature of the YubiKey. The PAM module supports YubiKey coupled with FreeRadius, OpenVPN, Radius, SELinux on Fedora 18 and up, or SSH.

Server:

The Yubico PAM provides an easy way to integrate the YubiKey into existing user authentication infrastructures. PAM is used by GNU/Linux, Solaris and Mac OS X for user authentication.

The PAM U2F module provides an easy way to integrate the Yubikey into your existing user authentication infrastructure. The module supports PAM authentication using U2F.

Red Hat Enterprise Linux (RHEL) 7.1 contains Red Hat’s first implementation of the standard OTPs leveraging the open standard OATH HOTP and TOTP, which are both supported by the YubiKey. This functionality is part of the Identity Management features in RHEL 7.1.

Mac OS X

YubiKey two-factor authentication can be activated in the Challenge-Response mode on OS X.It is recommended to have the YubiKey pre-configured with the HMAC-SHA1 Challenge-Response configuration before setting up the OS X login. You’ll need to download the Cross Platform Personalization Tool. For a link and a How-To for OS X set-up click the Learn More Button.