TransWikia.com

2FA Using A USB Key

Ask Ubuntu Asked by KilianAlias on December 15, 2021

I would like to have a USB that would unlock my PC when I plug it in. I know questions have been asked about this before, but I have found no working solution. lib-pam has been deprecated and is no longer maintained. You can add a PPA to have it installed but it has not been updated in years. Is there any solution?

One Answer

The easiest way to achieve what you describe without knowing if you need to unlock the screen or decrypt your disk is to program a USB key (Yubikey) to automatically type your unlock password when the button is pressed. This way you can have long secure random passwords for both your LUKS encrypted disk and your screen lock password. This approach will work without changing any software in your computer because Yubikey can simulate a USB keyboard to type. However this is not very secure because anyone with access to your key can copy the password by connecting it to a computer. The right way to do it requires changing software to implement a cryptographic protocol between the host and the key. New operating systems will support FIDO U2F, Webauthn or similar standards to achieve what you describe in a real secure way. But you can use the automatically type password now if you get a Yubikey and you use the personalization tool available in Ubuntu Software.

Answered by nultrino on December 15, 2021

Add your own answers!

Ask a Question

Get help from others!

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP