TO OTP OR NOT TO OTP
Apr 07, 2020
1 minute
If you want to use YubiKeys in your own applications, and issue physical keys directly to trusted users, then check out. The service provides free authentication for YubiKeys (which come set-up for OTP out of the box), but they also provide open source software so that you can host your own auth server, in the spirit of decentralisation. YubiKeys ship with their own unique AES key, which enables them to be verified by (which holds a copy of it). Locally, the symmetric key is locked away in the hardware, and while it’s invisible to software it can still be changed.
You’re reading a preview, subscribe to read more.
Start your free 30 days