DO Ideas 2

Yubikey Two Factor Auth

In addition to running the Google authenticator it would be nifty to also use yubikey which is gaining allot of acceptance with tools like lastpass etc check out the tokens at https://www.yubico.com/

  • Jason
  • Sep 11 2018
  • Will not implement
  • Sep 11, 2018

    Admin Response

    Yubikey is definitely very cool and we've been playing with them internally. Unfortunately it's not a great alternative for a public service as each customer would need to have one and there is better support for easily running Google Authenticator for the two factor auth system. Thanks, Moisey
  • Attach files
  • Fang commented
    September 11, 2018 18:08

    Consider this a vote in favor of U2F support. Quite a lot devices offer it already, now it's time for support to catch up.

  • Sergio Oliveira commented
    September 11, 2018 18:08

    I also think that it's time to revisit this decision. Yubikey is has become a a major hardware to help in account authentication.

  • NickM commented
    September 11, 2018 18:08

    I'd also like to see DO support yubikey!

  • Matt commented
    September 11, 2018 18:08

    Just another vote for supporting Yubikeys. Thanks for your great work DO devs!

  • Frank Reiter commented
    September 11, 2018 18:08

    I think it is time to revisit this. As others have pointed out, there has been adoption by some huge companies both for employee and for customer use. It will be particularly common among the kinds of people that are Digital Ocean customers.

    U2F is not only more convenient, it is also far stronger than something like authenticator against some kinds of attacks, for example fishing.

  • Travis Beck commented
    September 11, 2018 18:08

    Github, Gmail, and Facebook all support both Google Auth and Yubikey.... Digital Ocean can't? Would be awesome to have a hardware token :/

  • Wyatt Johnson commented
    September 11, 2018 18:08

    I really like how github + google have implemented yubikey support. They still have 2-factor (google auth) as default, but offer the yubikey as a convenience "security key" which can be used in place of the google auth method. Just my 2 cents.

  • Chris Poupart commented
    September 11, 2018 18:08

    Given the increasing popularity of FIDO U2F Authentication, including on sites like Google, Dropbox, LastPass, and GitHub, I think that it is time for Digital Ocean to revisit the idea of Yubikey as a valid authentication option. Or rather, if you implemented Universal 2 Factor Authentication, then you would support Yubikeys and every other FIDO U2F device out there.

    To be honest, Digital Ocean is probably the last service that I use (that supports 2-factor auth) that I use Google Authenticator with.

  • jokaro commented
    September 11, 2018 18:08

    Well couldnt you offer multiple authentication methods just like lastpass?