A Hacker's Guide to Using the YubiKey - How to Add Inexpensive 2-Factor Authentication to Your Next Project

Explore the world of affordable two-factor authentication in this 58-minute conference talk from BSidesLV 2015. Dive into the intricacies of using YubiKey for enhanced security in your projects. Learn about FIDO, OAuth, PIV standards, and various YubiKey modes including One-Time Password. Discover personalization tools, installation processes, cloud and local validation methods, and how to set up a validation server. Gain insights into security considerations, potential attack modes, and misuse scenarios. Perfect for hackers and security enthusiasts looking to implement cost-effective, robust authentication solutions.

Intro
Fido
Oauth
PIV Standard
Other Options
Im a Hacker
YubiKey Info
Why I Chose YubiKey
OneTime Password Mode
Other Modes
Personalization Tools
Installation
Cloud Validation
Additional Validation
Local Validation
Validation Server
Security Considerations
Attack Modes
Misuse
Other Questions
Conclusion