Yubikey

Yubico designed a physical authentication key called Yubikey, which can be integrated with Securden PAM for 2FA.

To integrate Yubikey with Securden,

1. Navigate to Admin >> Authentication >> Two-Factor Authentication.
2. Click on Yubikey.
3. Click Save.

4. To connect to Securden PAM after integrating it with Yubikey, you need to launch the Securden PAM’s web interface first.

   

5. Enter your Securden credentials and complete the first level of authentication. Once it succeeds, you will be asked to enter the Yubikey OTP.

6. In the USB port of your computer, insert the Yubikey.

7. Before generating a one-time password, you need to decide which of the two slots, slot 1 or slot 2, of the YubiKey you're going to use for authentication throughout.

   Slot 1: If you tap the YubiKey once, it generates a 44-character security key whose first 12 characters are unique to this slot. For every subsequent login through this slot, the first 12 characters remain the same and the rest of the 32 characters are randomized.

   Slot 2: If you tap and hold the YubiKey for 2-5 seconds, it generates a 44-character security key whose first 12 characters are unique to this slot. For every subsequent login through this slot, the first 12 characters will remain the same and the rest of the 32 characters will be randomized.

8. Here is a sample output from a YubiKey where the button has been pressed three times.

   • cccjgdwkdjkwjdkjwikjdkhhfgrtnnlgedjlftrbdeut
   • cccjgjubuebduhubnjkedjkehijeiocjbnublfnrev
   • cccjgjgkcbejnvchfkfhiiuunbtnvgihdfiktncvlhck

   Note

   By default, YubiKey generates slot 1 passcode for NFC configured mobile devices. You can set slot 2 passcodes as default by changing the setting from slot 1 to slot 2 using the Yubikey Personalization Tool.

9. Securden matches the 12-character key against your account in its database and verifies the same for the second level of authentication during future login attempts.

10. After submitting the YubiKey one-time password, click Register and Login.