Hello everyone,
I always wanted a Yubikey but never got one for the fear of losing it.
Is the Apex Flex capable of 2FA with Windows and email logins?
Cheers
With the FIDO applet installed, it is capableā¦ however to be able to use it for local Windows computer authentication (log into Windows) you will need some 3rd party softwareā¦ orā¦ drink the Microsoft koolaid.
Microsoft has limited the ability to use security keys or tokens to log into Windows to Windows Pro systems that are attached to a domain (active directory) or Azure AD (cloud directory, possibly now called Entra ID because why not change it). I think they did this because they have some stupid ideas about 1) home users not having any interest in higher level security, and 2) they can make business types pay for higher level security.
1 Like
Any updates on an applet which would allow users to log in to local windows accounts using their apex with Computer Login Security Tools | YubiKeys | Yubico ?
Interesting. Is this somewhere on their github? If so, we might be able to use it as a basis for a VivoKey solution.
1 Like
Cheers!
Can you use the same chip for multiple applets?
Yes
There is a list in the fidesmo store, give me a bit and Iāll take a screenshot for you.
Like any other device, You are limited to the capacity as to how many you can install, but it will fit most of the list.
The biggest size determining factor is if/what you choose for NDEF data
What I have on mine currently (TAP IMAGE TO OPEN FULLY, there are 9 applets)
How much space I have remaining
Remaining apps I can add
3 Likes
The local authentication provider Yubico provides uses HMAC-SHA1. See https://support.yubico.com/hc/en-us/articles/360013708460-Yubico-Login-for-Windows-Configuration-Guide . Security of their authentication provider is kind of questionable as they implement a wrapped authentication provider (GitHub - Yubico/yubico-windows-auth: YubiKey Logon for windows , Credential Providers in Windows - Win32 apps | Microsoft Learn ). In addition, the Yubikey is only used as a second factor, the user still has to enter their password.
1 Like
Thank you!
1 Like
You mean something like Rohos???
And for windows peeps
Rohos is also pretty insecureā¦ it only supports Fido for USB inserted keys and everything else is UID onlyā¦ also you must enter your account password which is saved and then simply provides to the password credential provider module.
1 Like
pam_u2f allows secure login on Linux.
4 Likes
Do I need an Android phone to use the Apex?
When trying to enable FIDO2 in fidesmo, I says that I dont have memory although I have nothing installed. The Vivo app on iOS keep trying to connect to server without avail.
iOS has problems deploying applications sometimes. Try deploying a small application like free memory first.
The VivoKey app itself is not what youād use at this pointā¦ it is fully depreciated. There is a coming VivoKey app called Apex Manager which can be used to interact with the Apex to do things like read available memory etc.