Re: South Africa On Lockdown - Coronavirus - Update!

[Christopher Morrow <morrowc.lists () gmail com>]

First, for your whole message:
  s/\s+UBIKEY'/YUBIKEY/g
  s/\s+UBI/YUBI/g

thanks.

On Mon, Mar 23, 2020 at 9:24 PM Owen DeLong <owen () delong com> wrote:
> On Mar 23, 2020, at 17:24 , Warren Kumari <warren () kumari net> wrote:
>
> On Mon, Mar 23, 2020 at 8:03 PM Owen DeLong <owen () delong com> wrote:
>
>
>
>
> On Mar 23, 2020, at 16:50 , Warren Kumari <warren () kumari net> wrote:
>
> On Mon, Mar 23, 2020 at 6:53 PM Sabri Berisha <sabri () cluecentral net> wrote:
>
>
> Not if you run it in TOTP mode. Yubikeys support many options - if you
> choose to use a weak solution, well that's your choice...
> I guess you could ask them nicely to make a version without the
> features you don't want to use - or you could just not *use* the
> features you don't want to use….
>
>
> I confess I haven’t investigated the implementation details, but is it possible for one to issue ubikeys
> to an employee in a secure way with those features disabled?

You can set the key and the authentication system to only do TOTP
(time based) and not HOTP.
you can also program the keys (I think all of their keys since their
first key) with custom firmware.

> It’s the allowing the employee to make a poor choice not necessarily desired by the employer thing
> that seems to me is the issue in this case.

Sure limit the manner in which they can do foolish things, require
totp not hotp.
-chris