Tags

, , ,

At least one reader is having problems getting started with the YubiKey, partly because it doesn’t come with instructions. If an operating system doesn’t support using the YubiKey as a 2FA device, there is a way around this – here I’ll show the process for storing a password on the YubiKey, so it dumps the password into a text field when the button on the device is pressed.

To get started, the YubiKey Personalization Tool is needed. Installation on a Linux system was covered here before. When the application is started, there’ll be a list in the main panel and along the top containing the following:

  • Yubico OTP
  • OATH-HOTP
  • Static Password
  • Challenge-Response
  • Update Settings

The option to select here is ‘Static Password’. The application might then display the following options:

As I want to configure just the one device, I’ve selected ‘Scan Code’.

Static Password Configuration Screen
The YubiKey has two storage regions called ‘Configuration Slots’, either or both of which might contain a password. Before setting a password here, ensure that Configuration Slot 1 or Configuration Slot 2 is checked.

Just below that is ‘Configuration Protection’, which prevents accidental overwrites of the stored configuration. Here I’ve left it as the default, which is unprotected.

Under the ‘Password’ section there are two input fields, which are both disabled/grayed-out. To enable these, a keyboard layout must be selected.

While it’s possible to configure the YubiKey to store and dump passwords, it’s possible to have a two-factor autentication setup by using the Static Password mode to store a prefix. For example, you might set the passwords on your laptop and email accounts as ‘xyz123abc’ + [unique password], and have the YubiKey enter just the first string.

All that remains after entering the password is to click the ‘Write Configuration’ button to write the password to Slot 1.

YubiKey Personalization Tool Settings Tab
One other thing that should be mentioned, just in case the operating system is having problems detecting the YubiKey is the options in the Settings tab.

Serial number visibility determines how the operating system would read the device’s serial number, which is done by reading the hardware descriptor or by reading the API call response. Output speed throttling might also be useful, especially if using the device with an older system that has a much lower input device reading rate.

Using the Programmed YubiKey
Now to use the YubiKey to enter the password in the login screen. Short press of the ‘y’ button on the device to dump the password in Slot 1, and hold the ‘y’ key for longer to dump the password in Slot 2.

Advertisements