Definitely worth looking at, but need to make sure it's not vendor centric. Using the OATH standard should allow use of a range of OTP apps on different mobile platforms
Given the near ubiquity of Yubikeys, it seems like a good integration to run with.
Although the exact implementation might vary, suspect a good (and relatively easy) way forward would be to have the system behave like the PAM module used for SSH.
The user's login process would therefore be
- Enter Username
- Enter password
- WIthout leaving the password field, short press on the yubikey
The back-end would then need to seperate the password from the yubikey's input (though it'll have the yubikey's ID stored anyway) and place a request to the Yubico API server to validate the OTP
Activity
2013-12-07 00:16:17
2013-12-07 00:16:17
2013-12-16 19:47:50
https://github.com/Yubico/php-yubico
2014-10-25 13:48:54
Although the exact implementation might vary, suspect a good (and relatively easy) way forward would be to have the system behave like the PAM module used for SSH.
The user's login process would therefore be
- Enter Username
- Enter password
- WIthout leaving the password field, short press on the yubikey
The back-end would then need to seperate the password from the yubikey's input (though it'll have the yubikey's ID stored anyway) and place a request to the Yubico API server to validate the OTP
2019-09-09 15:51:12
Credlocker is EOL so no further work will be done.
2019-09-09 15:51:12
2019-09-09 15:51:12