Security

Various links, hints etc in the security, privacy area

Web security

 

OATH-TOTP for Linux desktop login

Start with installing correct pam module:

sudo apt-get install libpam-google-authenticator

and then create an authentication token:

google-authenticator

and edit corresponding display manager pam file:

✔ ~ 
23:15 $ sudo vim /etc/pam.d/lightdm

adding a google authentication just after common password:

23:29 $ cat /etc/pam.d/lightdm
#%PAM-1.0
auth    requisite       pam_nologin.so
auth    sufficient      pam_succeed_if.so user ingroup nopasswdlogin
@include common-auth
auth    optional        pam_gnome_keyring.so
auth    optional        pam_kwallet.so
@include common-account
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
#session required        pam_loginuid.so
session required        pam_limits.so
@include common-session
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
session optional        pam_gnome_keyring.so auto_start
session optional        pam_kwallet.so auto_start
session required        pam_env.so readenv=1
session required        pam_env.so readenv=1 user_readenv=1 envfile=/etc/default/locale
@include common-password
auth required pam_google_authenticator.so nullok

Unfortunately, for some reasony google authentication was crashing with default kdm available for Ubuntu 14.04 Trusty. Since new release should be available in maximum two months - I have decided to give up idea of debugging it and swith to light temporarily.

List of security related frameworks

Multi factor authentication

List of hotp ready applications

Sailfish OS

Android

U2F supported services list

OpenPGP Yubikey 4

  • https://www.sidorenko.io/post/2014/11/yubikey-or-openpgp-smartcards-for-newbies/

 

OpenGPG applet installation for Yubico NEO

Some links for start

It is very likely that you will experience following error during any operation on your Yubico NEO key:

gpg: sending command `SCD PASSWD' to agent failed: ec=6.131

which means that your key is locked and you have to install latest opengpg-applet from here: https://github.com/Yubico/ykneo-openpgp which involves installation also gpshell and Global Platform libraries from here: https://sourceforge.net/projects/globalplatform/. Full information about building and installing applet can be found here:

Prebuild cap file can be also found here: https://developers.yubico.com/ykneo-openpgp/Releases/.

However, in my case it did not help and I have contacted support but also raised help question on the forum: http://forum.yubico.com/viewtopic.php?f=26&t=2242