GitLab 10.0 Released
GitLab 10.0 Released
Posted Sep 23, 2017 6:44 UTC (Sat) by flussence (guest, #85566)Parent article: GitLab 10.0 Released
Posted Sep 23, 2017 20:44 UTC (Sat)
by dsommers (subscriber, #55274)
[Link] (6 responses)
Those USB tokens exists in various prices with different features:
Posted Sep 24, 2017 8:50 UTC (Sun)
by tialaramex (subscriber, #21167)
[Link] (4 responses)
Tiny USB touch tokens probably are the right thing for me (I have no idea if they suit flussence) if I can use them with lots of sites. I could, it seems, buy one that works with my phone as well as my PC. But if they're a passing fad for the same half dozen sites that embrace every new authentication idea then I shouldn't bother wasting my $10, I can wait until the next fad is free. And seeing the logo is one way I'd estimate if that's the situation
Posted Sep 24, 2017 11:13 UTC (Sun)
by ms (subscriber, #41272)
[Link] (3 responses)
Posted Sep 24, 2017 13:03 UTC (Sun)
by dsommers (subscriber, #55274)
[Link] (1 responses)
For U2F to function, the browser needs to support it. Google Chrome/Chromium supports it out-of-the-box, while with Firefox this add-on[1] works most of the time (not with Atlassian's login for some reaon)
[1] https://addons.mozilla.org/en-GB/firefox/addon/u2f-suppor...
More details on U2F can be found here:
Posted Sep 24, 2017 16:13 UTC (Sun)
by iarenaza (subscriber, #4812)
[Link]
Posted Sep 25, 2017 11:16 UTC (Mon)
by nix (subscriber, #2304)
[Link]
Likewise, only I have extra rules:
- two yubikeys, in case I lose one: one at home, hidden, the other on my keyring. The one on my keyring is obviously equivalent to physical access to my house, so I can do things like log in to home servers as root with it. Spare key in wallet not on keyring because if your keyring is plugged into a USB port you might well leave it behind by mistake
- authentication to home systems via OTP, communicating with a home-run yubiserver (it's not that I don't trust the yubicloud, it's just that if my net connection goes down I still want to be able to log in.)
- authentication to systems I run that are *not* home systems via HMAC-SHA1 challenge-response mode, as you do for everything: the benefit of this is principally that you don't need a connection to the auth server; the downside is that it dumps the next expected response in local storage: not to be done where $HOME is on NFS, at least not storing the response in the default place
- other authentication (disk decryption, etc) mostly via challenges to the HMAC-SHA1.
- plus a bit of U2F here and there (very rare in my usage).
I have never managed to get PGP token storage or PIV SSH key storage working. They all break for good the first time you use the key for anything else, and I use it for a *lot*.
Posted Sep 24, 2017 17:27 UTC (Sun)
by flussence (guest, #85566)
[Link]
GitLab 10.0 Released
https://www.yubico.com/products/yubikey-hardware/compare-...
https://shop.nitrokey.com/shop/product/nitrokey-fido-u2f-20
https://www.amazon.com/fido-token/s?ie=UTF8&page=1&...
GitLab 10.0 Released
GitLab 10.0 Released
GitLab 10.0 Released
https://developers.yubico.com/U2F/
Firefox and U2F support
GitLab 10.0 Released
GitLab 10.0 Released