For almost a year now I've been testing a Yubikey hard token. Basically, it's USB-key that adds strong two factor authentication to the process of logging in to my computer. You can check out my previous blog post on exploring hard tokens and the need for better identity management.
Now it's time to update you on my experiences thus far...
Set up
- The Yubikey is programmed to memorize a string of 32 random characters.
- To login to my computer, I first enter my own 4 digit code.
- Then, at the touch of a button, the Yubikey adds it's memorized string to it.
- The Yubikey (and the string it contains) is used strictly for this purpose.
- The Yubikey is attatched to my car key so I always have it with me. Well almost always, but more on that later....
Impressions
Security - The characters programmed on the Yubikey in combination with my 4 digit code are necessary to login in to my Laptop. Without them my account is simply not accessible.
Reliability - The hard token still works perfectly. However I must admit that the USB port on my MacBookPro is bit tricky now and then and I have to wiggle the Yubikey into working.
Efficiency - Instead of having to type a really hard password to crack (which would mean considerable length and special characters), I only have to type a simple 4 digit numeric code. The Yubikey fills in the other 32 characters. Quite handy, and very quick.
Portability - Thus far, I've only used the Yubikey to login on my own laptop, so I have yet to test it on other machines.
Usability - This device is extremely easy to use. I do have to admit that my dependency on that one Yubikey did end up hurting me once: I had an appointment at the dealership in the morning, left my car there and a colleague picked me up on the way to work. Unfortunately, I left my keys with the car... Quite embarrassing really. I guess don't need to explain... Anyways, that day I unwillingly followed my colleague's Gert-Jan's advise and had myself a "
Don't bring your laptop to work day".
Conclusion
I'm more than happy with the selected setup. And I'm pretty sure you only forget your device once ;-). So go ahead everybody, secure your data!