I 'm using a Yubikey 5 NFC in this demo. These are military grade and almost Indestructible.
https://www.yubico.com/product/yubikey-5-nfc/
1st download the yubikey manager, run thru the installer . In my setup I'm using 1.1.2 on all of my macos devices
Next, run the yubikey manager and see if you can find the details on your yubikey. It should report back both model and SN# info.
note: The usb interfaces where slow on my powerbook with seeing the yubikey details.
Go thru the steps and set a PIN and PUK.
note: Do not write these down, but you need to remember them. Also you always can re-change the PIN and PUK, but you need the current PIN and PUK codes to make any changes.
Generate new certificate details. Doing this process it will ask you to remove+re-insert the yubikey and enter your keychain login.
NOTE: you will need your PIN also since the pairing is to pair the login+pin+yubikey for user authentication.
Now your done. When you have the Yubikey inserted, the login prompt on the macOS desktop will require a PIN for login. This one of the simplest methods that can secure a macOS desktop with out using a 2 factor OTP authenticator.
You can read more about Yubikey and macOS from these wonderful folks at evil-martians. They have some cool tips and with regards to security at the desktop and applications.
https://evilmartians.com/chronicles/stick-with-security-yubikey-ssh-gnupg-macos
https://evilmartians.com/chronicles
NSE ( network security expert) and Route/Switching Engineer
kfelix -----a----t---- socpuppets ---dot---com
^ ^
=( @ @ )=
o
/ \
No comments:
Post a Comment