The first system that I wanted to make more secure by adding a second authentication factor was my own laptop. But I can’t use Yubico’s OTP Cloud service, like I implemented for my SSH servers, since I need to login even if my machine is not connected to the Internet.
If all you have is a hammer, everything looks like a nail, they say. I have a Yubikey (two, actually, one white and one black), so I am tempted to use them as much as possible. This week’s victim? SSH.
When you buy a YubiKey, it comes with slot 1 configured with YubiCloud OTP, and slot 2 empty. Normally, you would play around with slot 2 and after a while you will decide that configs you want, you will activate OTP / 2 factor auth on the service you use. Only after a few days of usage you might notice (like I did) that in fact you use slot 2 more than slot 1.
I have been wanting to get my hands on a YubiKey for a while now. I finally managed to get one after being pushed by a colleague, and I don’t regret it – the YubiKey is very, very cool. It’s almost indistructible, it emulates a USB keyboard so there are no drivers to install, it has two profiles, supports a lot of configuration options, the Yubico team is very responsive and all their software is open source. What more would anyone want? (Except a key with 10 profiles, of course. Yubico team, do you read this? Want 10 profiles nao!)
The impossible to remember codename is a laptop model from Asus. Targeted at gamers, I use it mostly as a desktop replacement. And I run Linux on it, of course – Arch Linux for the past few months. The only real problem that I ever had with this laptop on Linux was suspend not working. It didn’t happen only in Arch, the same problem was present in my previous Ubuntu setup, too – see here (article in Romanian, sorry).