Two-factor authentication using YubiKey

This talk will cover user authentication with a focus on stronger systems that utilize not only a password but also a second authentication factor. We'll describe common solutions such as OATH HOTP/TOTP widely used by leading cloud services and explain Yubico's YubiKey one-time password system which is easy to deploy and start to use thanks to the eco-system of free and open source software. We'll cover how to implement YubiKey support in your web-based solution, and touch on how it can implemented using a PAM module or Radius interface in other environments. Yubico operate an online cloud service called YubiCloud that can be used for veriying OTPs and we'll describe how that work. Finally we'll speak about what is coming and how the FIDO Alliance's Universal 2nd Factor (U2F) protocol will simplify and strengthen user authentication.


Simon Josefsson has worked with free software and network security for over 20 years. He works with standardization matters in the IETF and is a prolific contributor to the GNU project including implementations of security protocols such as SASL, TLS, Kerberos and GSS-API. For the past half decade he has worked with building up the software eco-system and cloud services around the two-factor authentication device YubiKey.