YubiKeys demystified

When I saw the Bloodhound Developer use his YubiKey at Black Hat to access Github (in front of hundreds of people), I knew then I had to get a YubiKey of my own!

This article documents some of the initial “hands-on” experience – with accompanying comments and conclusions.


LastPass, Duo, Google “Push” for 2FA

Came back from Black Hat / Defcon all fired up about 2FA (“Two-Factor Authentication”).

I was particularly impressed when the Bloodhound developer used his YubiKey to access GitHub in front of all the hackers, er,  security people.

So decided to take a quick look at LastPass, Duo, as well as Google’s new Push 2FA. The result is this 3-part series.

LastPass (or is it LostPass?)

LastPass has great Password Management function. But would a better name have been “LostPass”? This article takes a quick look.

Duo: Here-a-Push, There-a-Push, Everywhere a Push-Push

Duo innovated with their 2FA (“Two-factor Authentication”) using mobile Push notification.

Although Duo’s primary focus is corporate, they have a great “freemium” version that is useful for SMBs as well as individual users.

This article takes Duo out for a test drive as well as a technical dive into Duo ssh configuration.