Posted by: Ken Harthun
Gmail, Two-factor authentication, Yubikey
I love my Yubikey and I recommend it highly to everyone. I have it set up to authenticate me to LastPass and as the second factor on PayPal and eBay. Now, thanks to a small Windows app, you can use your Yubikey to provide two-factor authentication for Gmail and Google Apps.
This past Wednesday, October 26, 2011, Yubico announced that the company has successfully implemented the Initiative For Open Authentication (OATH) Time-based One-time Password (TOTP) configuration for the YubiKey USB authentication key, enabling secure access to Gmail and Google Apps.
Built into the Google account framework to supplement traditional password protection, Gmail and Google Apps users are able to authenticate their login with an additional layer of security using OATH TOTP. The YubiKey simplifies the process of logging in with a one-time password token, as it does not require the user to re-type long passcodes from a display device into the login field of the computer.
“The OATH-TOTP configuration of the YubiKey enables Google Apps and Gmail users to authenticate with a simple click of the mouse, with a higher level of security than a smartphone application and with a minimal sized and practically indestructible token,” said Stina Ehrensvard, CEO and Founder, Yubico.
The OATH-TOTP protocol relies on using the current time to create a hash-based message authentication code for login credentials. To utilize the YubiKey to support this protocol, Yubico has developed a small Windows app. Once installed, the app sends the current time as a challenge to the YubiKey and the response is processed to produce the OATH-TOTP six-digit response.
You can get full details here: yubico.com/totp.
Now, I’m off to set up Google two-factor authentication on my accounts.