Securing User Credentials With the YubiKey 4

I’m a big fan of the YubiKey 4.

The YubiKey is a security device that originally outputted a 44-character “one time password” that could be decoded and mathematically verified and used as a second factor for authentication. Over the last few years, improvements to the devices mean that they can also perform other important functions, such as storing:

  • Identity, Signature, and Encryption Certificates
  • U2F data for websites (GitHub and GMail, among others, support this)
  • GPG Keys

If you’re looking to set this up on your own, read on to learn how this extra functionality helps your security game, and how you can configure services to use it. Read more “Securing User Credentials With the YubiKey 4”

Five Lessons We Learned on Our Way to Centralized Authentication

In many startups, centralized authentication is a “future us” problem. Setting up centralized auth is useful for managing your network, but requires time, domain knowledge, and patience to get many of the technical solutions working. Compare this with the ease of user management via configuration management (CM) tools that your DevOps teams are already using — they work well enough (and, did we mention, are already in place?) — so it makes total sense that many organizations “punt” on this issue.

Read more “Five Lessons We Learned on Our Way to Centralized Authentication”