EmailDiscussions.com  

Go Back   EmailDiscussions.com > Email Service Provider-specific Forums > FastMail Forum
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read
Stay in touch wirelessly

FastMail Forum All posts relating to FastMail.FM should go here: suggestions, comments, requests for help, complaints, technical issues etc.

Reply
 
Thread Tools
Old 20 Jan 2010, 12:30 AM   #1
akorvemaker
Master of the @
 
Join Date: Nov 2002
Location: Canada
Posts: 1,002
Yubikey support

I just saw on Twitter that the beta server now supports Yubikey as an Alternative Login option.

Thanks! I'd love to have general OpenID support. I don't have a Yubikey right now, but this encourages me to look at it as an option.

I really appreciate the various login options.

Thanks FM! (This seems like the sort of thing that would be either Bron or Rob's work, but whoever did it, thank you!)

Andy
akorvemaker is offline   Reply With Quote

Old 20 Jan 2010, 05:21 AM   #2
jackmfm
Member
 
Join Date: Oct 2009
Location: USA
Posts: 62
YubiKey Support

Currently we're just using the Yubikey online API. If you ever change your internal yubikey AES token, you would need to upload that to the Yubikey website.

It will stay on the beta site for a while until we can confirm the implementation is working OK for everyone.

Jack
jackmfm is offline   Reply With Quote
Old 20 Jan 2010, 07:39 AM   #3
kirill
Cornerstone of the Community
 
Join Date: Jun 2001
Posts: 878
I ordered two keys today - will test with FM and use it for my own stuff too.
kirill is offline   Reply With Quote
Old 20 Jan 2010, 12:01 PM   #4
sflorack
The "e" in e-mail
 
Join Date: Feb 2002
Posts: 2,904
Yubikey + Fastmail + Lastpass = Good Stuff!
sflorack is offline   Reply With Quote
Old 20 Jan 2010, 08:29 PM   #5
jackmfm
Member
 
Join Date: Oct 2009
Location: USA
Posts: 62
Rob Has Posted on Blog

Rob has posted a discussion regarding Yubikey on the FastMail blog:

http://blog.fastmail.fm/2010/01/20/y...n-beta-server/


Jack
jackmfm is offline   Reply With Quote
Old 20 Jan 2010, 11:33 PM   #6
ReuvenNY
 Moderator 
 
Join Date: Mar 2002
Location: New York
Posts: 4,207
Where can we read more about the Yubikey, price and where to buy it?
ReuvenNY is offline   Reply With Quote
Old 20 Jan 2010, 11:41 PM   #7
scutworker
Member
 
Join Date: Mar 2006
Posts: 44
You can find out about the Yubikey here:

http://www.yubico.com/home/index/

Once question I have; do you just enter your username and press the Yubikey to log in, or is there some kind of PIN as well. I thought that with just the username and key what would prevent somebody stealing the Yubikey and using it if they knew your username too?
scutworker is offline   Reply With Quote
Old 21 Jan 2010, 04:27 AM   #8
sflorack
The "e" in e-mail
 
Join Date: Feb 2002
Posts: 2,904
Quote:
Originally Posted by scutworker View Post
Once question I have; do you just enter your username and press the Yubikey to log in, or is there some kind of PIN as well. I thought that with just the username and key what would prevent somebody stealing the Yubikey and using it if they knew your username too?
"The $25 YubiKey is a tough little chunk of plastic with USB connectors on one end and a touch-sensitive (no moving parts) button on top. Each time you touch the button it sends a static password and a dynamically-generated one-time password to any application that's listening for its input. If a spy program captures the password, so what - that particular one-time password won't be valid ever again."

SOURCE: PC Magazine

Sounds like you'll still logon with userid/password, but then need to touch the Yubikey for finalizing logon.
sflorack is offline   Reply With Quote
Old 21 Jan 2010, 09:07 AM   #9
qwertz123456
Essential Contributor
 
Join Date: Jan 2008
Posts: 362
Does anyone know if I can use ONE Yubikey for my Fastmail account and TrueCrypt or do I have to have two keys?
qwertz123456 is offline   Reply With Quote
Old 21 Jan 2010, 11:58 AM   #10
robmueller
Intergalactic Postmaster
 
Join Date: Oct 2001
Location: Melbourne, Australia
Posts: 6,102

Representative of:
Fastmail.FM
Re: Yubikey + truecrypt

No unfortunately. There's actually a good description why here.

http://forum.yubico.com/viewtopic.php?f=6&t=215

1. Truecrypt needs a fixed password. You can configure your yubikey to do that, but then you lose the one-time password
2. You could in theory change the Truecrypt code so it uses the one-time password and contacts the yubico server, but that's not really possible to do in a pre-boot environment if you've got a whole encrypted HD

Rob
robmueller is offline   Reply With Quote
Old 21 Jan 2010, 12:00 PM   #11
robmueller
Intergalactic Postmaster
 
Join Date: Oct 2001
Location: Melbourne, Australia
Posts: 6,102

Representative of:
Fastmail.FM
Re: Password vs Yubikey vs Yubikey+Password

Basically the difference is "one-factor authentication" vs "two-factor authentication".

At the moment, the yubikey is replacing your password, so it's still one-factor. So if you lose your password (some bits of data) or lose your yubikey (physical), you're account can still be accessed.

I'm looking at adding two-factor authentication. In that case, you'd have a password AND a yubikey code. You'd need both to login. In that case, losing either one alone wouldn't cause a problem, only losing both would, which is a lot less likely.

Rob
robmueller is offline   Reply With Quote
Old 21 Jan 2010, 05:56 PM   #12
kirill
Cornerstone of the Community
 
Join Date: Jun 2001
Posts: 878
Quote:
Originally Posted by robmueller View Post
Re: Yubikey + truecrypt

No unfortunately. There's actually a good description why here.

http://forum.yubico.com/viewtopic.php?f=6&t=215

1. Truecrypt needs a fixed password. You can configure your yubikey to do that, but then you lose the one-time password
2. You could in theory change the Truecrypt code so it uses the one-time password and contacts the yubico server, but that's not really possible to do in a pre-boot environment if you've got a whole encrypted HD

Rob
Rob, the new keys support two configurations. I just programmed my yubikey to use a static password in addition to OTP. Short press on the key - OTP, long press - static password. This way, the key can be used with Truecrypt too.
kirill is offline   Reply With Quote
Old 21 Jan 2010, 05:57 PM   #13
kirill
Cornerstone of the Community
 
Join Date: Jun 2001
Posts: 878
The dual-configuration feature of yubikey 2 is described here:

http://forum.yubico.com/viewtopic.php?f=16&t=348
kirill is offline   Reply With Quote
Old 27 Jan 2010, 12:06 AM   #14
simbo1905
Junior Member
 
Join Date: Jan 2010
Posts: 3
Lightbulb my yubikey arrived today. where is the beta server?

I am keen to give my new key a go but I only know about the production servers. Where do I go to try out my key on the beta servers?
simbo1905 is offline   Reply With Quote
Old 27 Jan 2010, 12:08 AM   #15
scutworker
Member
 
Join Date: Mar 2006
Posts: 44
The beta server is here:

http://www.fastmail.fm/beta
scutworker is offline   Reply With Quote
Reply


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump


All times are GMT +9. The time now is 03:57 PM.

 

Copyright EmailDiscussions.com 1998-2013. All Rights Reserved. Privacy Policy