On Thu, 7 Oct 2010, Mike McGrath wrote: >>> We also decided to allow yubikeys as an authentication option for the >>> larger community to some hosts and services like fedorapeople.org or >>> https://admin.fedoraproject.org/community/. When asked for a password, >>> just use your yubikey to generate a otp instead. Those wishing to use one >>> may purchase a yubikey on their own at: > I suspect it'd be worth it to see if we could get one for Fedora. I have one and I've played with it in fedora. There is however an important catch. The server and the yubikey share the same AES symmetric key. This means that if the yubikey is used for multiple sites by one user, that user is sharing is his "private key" over various external sites. So if fedoraproject would accept it, and the same user uses this yubikey for another site, and that other site gets hacked, then fedoraproject could be hacked as well. I guess in a way it is like using the same password, but people might not be thinking of that when they have a "device" on them that they use. Paul -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel