Workstation login with two-factor authentication
A good place to start securing your digital life is with the machine sitting in front of you. Strengthen your workstation’s security with the YubiKey and keep intruders and prying eyes away.
For YubiKey Windows login with Active Directory, Yubico partners with AuthLite offering an enterprise class software.
Authlite (Windows Active Directory)
Free Windows Login
Yubico offers a free application which enables two-factor authentication in a Windows environment with a YubiKey in challenge-response mode. Designed for individual users to work with Windows 7.
Yubico Windows Login
We currently do not offer a Yubikey computer login application for Mac OS X, but it is possible to integrate YubiKey two-factor authentication in challenge-response mode for Mac OS X by using the Yubico PAM.
Yubico PAM (github)
Yubico Pluggable Authentication Module (PAM) expands login with secure YubiKey two-factor authentication during login. The Yubico PAM may easily be integrated with an existing Linux/Unix user authentication infrastructure.
How it works
When logging into an SSH enabled server with any standard SSH client, the user will be required to use their YubiKey to send a One-Time Password (OTP) along with their account username and password. The SSH Server, upon validating the SSH user and password, will pass the OTP provided by the YubiKey to the Yubico authentication server. Upon validation of the OTP, the user will be able to login to the SSH server and proceed as normal.
The two-factor SSH authentication supported by Yubico PAM can accommodate a wide range of solutions. A single account can have multiple YubiKeys assigned to it, allowing multiple users access to the same account, or a single YubiKey can be assigned to multiple accounts.
Yubico PAM supports both Administrator and User level configuration for YubiKeys. The assigning of YubiKeys to user accounts may be limited only to the SSH server administrator, or a number of YubiKeys may be assigned to a single user and managed by that user. Both methods of assigning YubiKeys to SSH users can be supported simultaneously.