Yubikey support #36
Comments
|
HI @cyli, thank you! And without help from the community, the project wouldn't be in it's current shape :). I'm not familiar with Yubikeys, but if they are already supported by django-otp, then supporting them shouldn't be so hard. Currently it is hard-wired to use certain devices, but with some code Yubikeys could be added. Maybe you could do some looking into how support would be possible? What the correct UX would be, and how this project could support other otp devices as well? |
|
Hi @Bouke! I'd definitely love to help with this, as well as with the email notification! This project has been really helpful to me for learning how to integrate 2FA with Django - I'm giving a pycon talk about multifactor auth, and pretty much my section on Django is "look at this awesome project which does stuff for you and has an awesome demo teaching you how to integrate everything!" But I noticed these two points in the last few days, and I wanted to raise them with you and see if they were actual useful things you think would be useful features for django-two-factor-auth before mentioning them in the talk. |
|
It's great to hear that you'll be talking about security in general and including this package in your session is fantastic. If you could share a recording, or otherwise your slides, I would be very honored! |
|
@cyli all kind of yubico's keys work or just the standard? I wish to order few for testing and implementing it with django two factor auth too :) |
|
@Bouke: Here is the talk: http://www.pyvideo.org/video/2699/multi-factor-authentication-possession-factors, and here are the slides: http://blargh.ying.li/slides/pycon2014/#/1 :) |
|
@Bashar: I think just any device supporting the Yubikey algorithm? https://bitbucket.org/psagers/django-otp/src/efb4dccaf25017bb7ada293fbc62f9a8995039c2/django-otp-yubikey/ The Yubikey's Yubikey specific algorithm parts work, but I don't think it supports Symantic Security Credentials, which the Yubikey VIP also supports. But the Nano, Neo, and Standard should all work, and the Yubikey part of the VIP should work I think. :) |
|
@cyli congrats on the nice talk, I've enjoyed the analogy you used. How was your talk received? My YubiKey has been delivered and I've started hacking with it. There is a proof of concept in the branch features/yubikey which you're invited to try out. There are probably some rough edges to it, but in the basics it works. Update: also see the unfinished pull request. |
|
@Bouke Thanks! People seemed to like it in general. :) Oh wow, thanks so much for ordering one and working on this! Looking at it now. |
YubiKeys offer a OTP, similar to token generator application. The key is generated by a hardware device, generating a 44 character OTP, which is to be by YubiCloud (or locally if needed be).
|
I've merged the support into master. Have a look at the example app for a demo. |
|
This is awesome, thanks so much! |
|
Is the Yubikey option still working on the demo site? I bought this Yubikey, but can't get it loaded. What should I fill in, in the Yubikey field? |
|
@pckapps for me the demo does work with my Yubikey NEO, but the demo uses Yubico OTP and not U2F. AFAIK all newer Yubikeys other than the blue U2F-only one, support both U2F and Yubico OTP. You need to have one of your OTP slots configured in YubiOTP mode and loaded with a key thattap th is accepted by yubico servers. Then you focus the text field and tap your yubikey, it should type a one-time password for you. Still, U2F support would be nicer. |
Hi! I just want to thank you for your work on this! It's pretty amazing. I was wondering if Yubikey support would be added at any point, since django-otp also supports Yubikeys?
The text was updated successfully, but these errors were encountered: