Multi Factor Authentication with YubiKey Token

Step-by-Step Guide
 

The YubiKey is a hardware authentication device manufactured by Yubico. Think of it as a tiny ‘safe’ that can store logon information securely and independently from any computer. It comes in various form factors ranging from a token big enough to be attached to a keyring to the smallest models that are so small they hardly protrude from a device once inserted in the USB port. YubiKey does not require a battery nor extra software to be installed on the host device. Just plug it into a USB port or use NFC and you’re ready to go.

How can you enhance u.trust LAN Crypt with MFA?

u.trust LAN Crypt is a client-side encryption solution that provides file-level encryption. Its powerful key and policy management functionality supports data using different keys for business, personal and shared data. Keys assigned to a particular user are encrypted using standardized private key cryptography. Only a user in control of the private key can access those keys. Hence protection of the private key is paramount. The YubiKey token is an ideal solution for safekeeping private keys. When used, two separate authentication factors are required – knowledge and possession –thus strengthening the general level of security.


Enable Protection

Step1: Define what Data to Protect

In the u.trust LAN Crypt Admin console, define what data to protect and which key to use. A single rule can be sufficient to get all your data encrypted. Define additional rules with different keys if you plan to share data in specified folders. That’s all you need for now. If you are not happy with the result, you can always come back later and fine-tune the protected locations and keys to suit your needs.

Step 2: Assign Keys to Users

Next, assign the policies and associated encryption keys to the users. Each user receives their own personal copy, encrypted with their own personal key. Personal keys are essential for protection against unauthorized access to data. For this reason, access to these keys must be particularly well secured. This ensures that only legitimate users can access encrypted data.


Enroll YubiKey Token

Step 3: Enroll YubiKey Token

YubiKey tokens are a perfect option for keeping personal keys safe. In order to leverage this functionality in u.trust LAN Crypt, the token must first be registered and provisioned. Options include either central management, where tokens are provisioned with the personal keys directly by the issuing authority (e.g. PKI), or a self-service option, in which the user transfers their previously issued personal key to the YubiKey token for better protection.


Activate Multi Factor Authentication

Step 4: Windows and Mac

Once initialized, the use of the YubiKey token is straightforward. Plug the token into your system and you’re all set. No need to install additional software or make any changes to your configuration. Once connected, u.trust LAN Crypt will automatically detect the token and make use of it for decryption of the user’s profile and encryption keys.

Step 5: Multi Factor Authentication

Access to the personal key from now on requires two factors. First the user has to hold the physical YubiKey token. Secondly, he also needs to know the tokens’ end user PIN. This PIN is required to access the personal key. Once the PIN has been provided successfully, u.trust LAN Crypt can perform private key operations and decrypt the user’s keys. The use of YubiKey token adds two factors to the u.trust LAN Crypt authentication – knowledge and possession.

¿En qué podemos ayudarle?

Hable con uno de nuestros especialistas y descubra cómo Utimaco puede ayudarle hoy mismo.
Ha seleccionado dos tipos diferentes de Download, por lo que necesita presentar formularios diferentes que puede seleccionar a través de las dos pestañas.

Su(s) solicitud(es) de Download:

    Al enviar el siguiente formulario, recibirá enlaces a las descargas seleccionadas.

    Su(s) solicitud(es) de Download:

      Para este tipo de documentos, es necesario verificar su dirección de correo electrónico. Recibirá los enlaces a las Download seleccionadas por correo electrónico después de enviar el siguiente formulario.

      Descargas de Utimaco

      Visite nuestra sección de descargas y seleccione recursos como folletos, fichas técnicas, libros blancos y mucho más. Puede ver y guardar casi todos ellos directamente (pulsando el botón de descarga).

      Para algunos documentos, es necesario verificar su dirección de correo electrónico. El botón contiene un icono de correo electrónico.

      Download via e-mail

      Al hacer clic en dicho botón se abre un formulario en línea que le rogamos rellene y envíe. Puede recopilar varias descargas de este tipo y recibir los enlaces por correo electrónico simplemente enviando un formulario para todas ellas. Su colección actual está vacía.