Thursday, August 13, 2009

Application Express & YubiKey

Roger Cohen from APEXtras was kind enough to introduce me to two-factor authentication using YubiKey and Application Express.

Now - I'll be honest, I had never heard of YubiKey before, but I am familiar with two-factor authentication. I am a satisfied user of KeePass, and I am able to maintain both a password and a separate key file (in my case, on a Flash Drive) for access to my encrypted KeePass passwords database. I need both my password and the keyfile to access the passwords database. I lose one or both and I can't get in.

Roger gives a very good description of YubiKey here, what it's good for and why you would want to consider it. But more importantly, Roger has a working demonstration of APEX and YubiKey authentication live on Granted, you'll need a YubiKey for this demonstration to work. Lastly, the folks from APEXtras were kind enough to post an explanation of the logic and all of the source code for the custom authentication for this solution.

1 comment:

Anonymous said...

Very cool. The "Security Now" podcast has covered YubiKey in several episodes.

I'm a big fan of KeePass as well. Love the ctrl+alt+a syntax to auto fill passwords.