Yubikey authentication available on production

The Yubikey authentication mechanism we were trialling on on our beta server has now been released to production.

There’s been a few small changes since we first rolled it out on beta.

  1. After feedback from Yubico, we’ve made a few extra internal security improvements. In two-factor mode, the Yubikey one-time value is checked before the password, so a one-time value can’t be reused with the wrong password
  2. On the login screen, you can click the “+ More” link to display the Yubikey login box. Currently the password box will continue to work if you put the Yubikey one-time value in there, but we recommend using the specific Yubikey login box, because the browser won’t prompt you to save the one-time value as a password, which obviously won’t work a second time

We’ve also added some help documentation about Yubikey so people can learn about how it works and how to get one.

Posted in News. Comments Off
Follow

Get every new post delivered to your Inbox.

Join 5,150 other followers

%d bloggers like this: