YubiKey


The YubiKey is a hardware authentication device manufactured by Yubico to protect access to computers, networks, and online services that supports one-time passwords, public-key cryptography, and authentication, and the Universal 2nd Factor (U2F) and FIDO2 protocols[1] developed by the FIDO Alliance. It allows users to securely log into their accounts by emitting one-time passwords or using a FIDO-based public/private key pair generated by the device.

Wikipedia


Setup

The YubiKey itself should work out of the box.

Usage

During our own testing we have found that our current version of Firefox (default) does not yet properly support the YubiKey. We are working on a solution to rectify this. In the meantime: If you rely on YubiKey for 2FA we recommend that you install “Chromium” via Software.

Tested:

  • demo.yubico.com/webauthn-technical/registration (Google Chromium)
  • Fastmail 2Fa (Google Chromium)

Troubleshooting

Check if your YubiKey is recognized

$ su - root # login as root
$ dmesg|grep Yubi
[  997.077641] usb 1-4: Product: YubiKey FIDO
[  997.077642] usb 1-4: Manufacturer: Yubico
[  997.079001] hid-generic 0003:1050:0402.0006: hiddev0,hidraw3: USB HID v1.10 Device [Yubico YubiKey FIDO] on usb-0000:00:14.0-4/input0

Check if the browser is working

  1. Go to demo.yubico.com/webauthn-technical/registration
  2. Register your device

Note: On Firefox this will fail with: The operation failed for an unknown transient reason

PantherX & (unofficial) GNU Guix Wiki.

Last update: 2021-10-12 20:09:22 +0000

Inspired by the excellent Arch Linux Wiki