Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
SOLVED - YubiKey + Configure 2FA TOTP
« previous
next »
Print
Pages: [
1
]
Author
Topic: SOLVED - YubiKey + Configure 2FA TOTP (Read 6107 times)
MaDe
Newbie
Posts: 20
Karma: 0
SOLVED - YubiKey + Configure 2FA TOTP
«
on:
August 25, 2021, 09:55:33 am »
Good day,
is there a way to use the YubiKey for WebGui login? I followed this tutorial
https://docs.opnsense.org/manual/how-tos/two_factor.html
and it is working.
But questions was if it also possible with a YubiKey OTP.
Thanks for your advice.
«
Last Edit: September 01, 2021, 11:54:58 am by MaDe
»
Logged
bartjsmit
Hero Member
Posts: 2015
Karma: 194
Re: YubiKey + Configure 2FA TOTP
«
Reply #1 on:
August 25, 2021, 01:40:06 pm »
If you have the Yubico Authenticator app running on the same computer where you had the QR code up, it will grab it and offer it as a new TOTP. You can grab the same QR with your phone before you move on.
If you want to stick with the one you have set up, then in Google authenticator, hit the 3-dot menu and select Transfer accounts. Select Export, pick the OPNsense account and render the QR.
It will not let you screenshot it, so you'll need to photograph it with another phone or put it on a scanner to transfer it. Once you have it as an image file, import it into the Yubico Authenticator.
Bart...
Logged
MaDe
Newbie
Posts: 20
Karma: 0
Re: YubiKey + Configure 2FA TOTP
«
Reply #2 on:
August 26, 2021, 08:07:29 am »
Hi Bart,
thanks for your reply. But I'm lost....
I don't want to use the Yubico app. I use the MS authenticator app, works for me.
But I also have a 'YubiKey 5 NFC' and I thought it would be possible to use the key. In the case what I have faster at hand either the MS app or the key.
Made
Logged
bartjsmit
Hero Member
Posts: 2015
Karma: 194
Re: YubiKey + Configure 2FA TOTP
«
Reply #3 on:
August 26, 2021, 03:25:49 pm »
I have a NEO plugged into my desktop. Are you looking to use the NFC interface to browse to the OPNsense GUI on your phone? Not sure how that will input the OTP code for you.
Do you copy and paste the OTP digits from the MS authenticator to the GUI just now?
Bart...
Logged
MaDe
Newbie
Posts: 20
Karma: 0
Re: YubiKey + Configure 2FA TOTP
«
Reply #4 on:
August 26, 2021, 04:12:56 pm »
I would like to use both, either the YubiKey or the MS app. For example, if I forget the key at home I still have the app, or the other way around.
Logged
bartjsmit
Hero Member
Posts: 2015
Karma: 194
Re: YubiKey + Configure 2FA TOTP
«
Reply #5 on:
August 26, 2021, 04:34:20 pm »
You need to import the OPNsense TOTP into the Yubico app, desktop or phone. If you can't export it from the MS authenticator, you'll need to create a new code and import it into both apps on your phone.
Logged
MaDe
Newbie
Posts: 20
Karma: 0
Re: YubiKey + Configure 2FA TOTP
«
Reply #6 on:
August 27, 2021, 08:03:56 am »
I need the Yubico app to use the Yubikey and also the MS authenticator app? That does not make it easier.
Thought I can just use the Yubikey as a 'backup' in case I don't have the phone with me.
Thx,
MaDe
Logged
bartjsmit
Hero Member
Posts: 2015
Karma: 194
Re: YubiKey + Configure 2FA TOTP
«
Reply #7 on:
August 27, 2021, 08:29:29 am »
The Yubikey is just a store for secrets. You need some software to retrieve its secrets and a device to display them.
The only key fob I have used that is standalone is the RSA SecurID:
https://www.rsa.com/content/dam/en/data-sheet/rsa-securid-hardware-tokens.pdf
but these are reserved for large enterprises.
If you store the secrets on your phone (in the MS or Google app) then there is little point in carrying the Yubikey as well since it mitigates against your phone getting hacked, thereby compromising your codes.
You can use the Yubikey with your phone and your other devices as a single store but I would make sure there is some off-line backup (codes on paper, SD card, etc.) in case you lose it or it breaks.
Bart...
Logged
MaDe
Newbie
Posts: 20
Karma: 0
SOLVED - Re: YubiKey + Configure 2FA TOTP
«
Reply #8 on:
September 01, 2021, 11:54:17 am »
Thanks for helping me out, Bart.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
SOLVED - YubiKey + Configure 2FA TOTP