On Fri, May 1, 2009 at 19:08, Mike McGrath <mmcgrath@xxxxxxxxxx> wrote: > * Implementation details still unclear though it was generally > considered that "yubikey + ssh key" were both "something you have". > Meaning it'd be "yubikey + fas password" "Something you have + > something you know" as is common with most multifactor authentication > mechanisms. > Questions comments? > > -Mike In my opinion, a hardware token is much more secure when compared to a software token. In either case you would still want to require the use of some sort of passphrase (fas password) to maintain the multi-factor which would mitigate the risk of having the token stolen. I've been doing a bit of research on the Yubikey solution for a DoD project I'm working on and have been impressed by how it is designed and how easy it is for a non-geek to understand and use. Still trying to figure out my own implementation, however, so I haven't had an opportunity to use it. Just my two cents worth. Eric "Sparks" _______________________________________________ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
