-
Notifications
You must be signed in to change notification settings - Fork 0
Programming the Yubikey for Time based One Time Passwords.
-
Check your service provider supports Time-based One-Time Passwords First of all, decide which service you want to use with 2-factor authentication, and check if the hostmasters support rfc6238. See also Wikipedia for a good overview of TOTP, including a list of major internet estates supporting this method of 2FA.
-
Check your Yubikey Model supports challenge response mode. See [This page] and check that your hardware reads "Yes (assisted)" for "OATH – TOTP (TIME)" in the comparison table.
-
Check you have a free slot The standard Yubikey has two slots available. Slot 1 is factory-preprogrammed to emit Yubikey's special OTPs, but slot 2 is un-populated. Either can be programmed, but you need to check you're not erasing an important slot.
-
Load your service provided secret key into your chosen Yubikey slot. The steps here vary from provider to provider. Typically, they look something like this:
- Find the 2FA section of your provider's account settings. This varies from one provider to the next.
- Follow the instructions for adding 2FA based on Time-based passwords (for gmail users, choose "Google Authenticator app", and the when presented with a barcode, select "Can't scan the barcode?" to reveal your secret key)
- In Yubikey-TOTP-Gui, select Edit ⇒ Program Yubikey for TOTP...
- Select your chosen slot.
- Select whether you require the button to be pressed on the device, or whether the machine can request a code at any time. (Button press required)
- Select Program, and then follow the confirmation instructions.
- Your service provider will likely require you to generate a new code from the device before enabling 2FA.