Multifactor authentication: Difference between revisions

Jump to navigation Jump to search

Multifactor authentication (view source)

Revision as of 21:30, 10 March 2023

504 bytes removed ,  1 year ago
no edit summary
No edit summary
No edit summary
Line 24: Line 24:


== To use a YubiKey == <!--T:4-->
== To use a YubiKey == <!--T:4-->
YubiKeys are hardware tokens made by the company [https://yubico.com/ Yubico]. They have the size of a small USB stick, and different models support different ports. Some will connect to a USB-A port, USB-C port, Lightning. Some models also support near field communication (NFC) to be used with your phone or tablet. To figure out which one may best suit your need, consult [https://www.yubico.com/quiz/ this page]. They cost between 50$ and 100$, and they are the best option if you do not want to use or if you do not have a smart phone. They are also the best option if you are often in situations when using your phone is not possible.  
A YubiKey is a hardware token made by the company Yubico. If you do not have a smartphone or tablet, do not wish to use your phone or tablet for multifactor authentication,or are often in a situation when using your phone or tablet is not possible, then a Yubikey is your best option.
 
A YubiKey is the size of a small USB stick and costs between $50 and $100. Different models can fit in USB-A, USB-C, or Lightning ports, and some also support near-field communication (NFC) for use with a phone or tablet.


<!--T:5-->
<!--T:5-->
YubiKeys support multiple authentication protocols which are commonly used for web authentication, such as WebAuthn, FIDO2, U2F. However, the one protocol which works with SSH connections used on our clusters is called Yubico One Time Password (OTP). When using Yubico OTP, pressing the button on the key will write a long string of characters looking like <tt>vvcccbhbndkglanfhevnricjdvftcfugdtjeflgrhenr</tt>, which will act as your second factor.  
Among the many protocols supported by YubiKeys, the one which works with SSH connections to our clusters is the Yubico One-Time Password (OTP). After you have registered a YubiKey for multifactor authentication, when you log in to one of our clusters you will be prompted for a one-time password (OTP). You respond by touching a button on your YubiKey, which generates and transmits a string of 32 characters to complete your authentication.


<!--T:6-->
<!--T:6-->
Yubico OTP itself has two modes which it can use. In Yubico Cloud mode, authentication requests are forwarded to the Yubico Cloud, where your key was preregistered when you purchased it. This mode is not supported by Duo, which instead supports Yubico OTP. For this mode, you need to have the Public ID, the Private ID, and the Secret Key for your key. If you already have this information, you can use your existing information to register your Yubico OTP on your [https://ccdb.computecanada.ca/multi_factor_authentications multifactor authentication account page]. If you do not have this information, you need to configure your key using the steps below.  
To register your YubiKey you will need its Public ID, Private ID, and Secret Key. If you have this information, go to [https://ccdb.computecanada.ca/multi_factor_authentications multifactor authentication account page].
If you do not have this information, configure your key using the steps below.


==== Configuring your YubiKey for Yubico OTP ==== <!--T:7-->
=== Configuring your YubiKey for Yubico OTP === <!--T:7-->
To configure your YubiKey, follow these instructions:  
To configure your YubiKey, follow these instructions:  


Diane27
rsnt_translations
56,430

edits

Retrieved from "https://docs.alliancecan.ca/wiki/Special:MobileDiff/131300"

Navigation menu