Man
Professional
- Messages
- 3,035
- Reaction score
- 559
- Points
- 113
Business information security is becoming increasingly important. We previously wrote about what can happen if your data falls into the wrong hands.
This post is more for information security specialists. If you don’t have one, we recommend at least outsourcing it.
In data storage tools such as KeePassXC and VeraCrypt, in addition to a password and key file, information can also be protected with a hardware key – a token. Some people may even find this more convenient. A token is a USB device that can be used to set up multi-factor authentication, securely connect to a server via SSH, and log into an OS account without a password.
Their areas of application are approximately the same as those of key files:
access control,
increasing the security of confidential corporate information,
and control over how employees work with devices.
But if key files are more about protecting local data, then the token goes beyond this and allows you to control accounts in online services, such as Google and MS Office, as well as sign and encrypt data using GPG. The range of token applications is wide, every manager who cares about security will find his own use for hardware keys.
Let's consider working with hardware keys using an example - Yubikey.
This is the simplest and most popular solution. Yubikey supports a large number of services. Now it is difficult to buy Yubikey due to shortages and increased prices, but you can still find them. One of the latest models is called Yubikey 5 NFC.
Here is a simple example of using a hardware key for authentication when logging into the Windows operating system:
You will need the token itself and the program from the official website. Install the program according to the instructions. During setup, the program will generate a key that can be entered in case of loss of Yubikey, you need to remember it or write down the password database. After completing the setup, you can log in to your account only with the key connected.
Yibikey can also be added when creating a KeePassXC password database in the Database Credentials → Add additional protection → Challenge-Response section. If you use a regular password in combination with a key file and a hardware key, it will be extremely difficult to hack your password database or crypto container.
But if you can't buy enough hardware keys and use Linux, you can make a semblance of such a key yourself from any flash drive using the pam_usb function.
Linux will remember the flash drive and will perform actions on behalf of the administrator or log in only when you simultaneously enter the password and the USB device is connected. This will protect you from unauthorized access from the outside.
Projects implementing this function are on GitHub, here is one of them. And if you have a system administrator on staff who knows Python and understands Linux, he can relatively easily write a similar program himself.
This is not the same as Yubikey with its built-in encryption and one-time password generation, but for a limited budget, such a homemade authorization token will be a cool solution.
Pay attention to your security, and your data will not leak anywhere. This is important today.
This post is more for information security specialists. If you don’t have one, we recommend at least outsourcing it.
In data storage tools such as KeePassXC and VeraCrypt, in addition to a password and key file, information can also be protected with a hardware key – a token. Some people may even find this more convenient. A token is a USB device that can be used to set up multi-factor authentication, securely connect to a server via SSH, and log into an OS account without a password.
Their areas of application are approximately the same as those of key files:
access control,increasing the security of confidential corporate information,and control over how employees work with devices.But if key files are more about protecting local data, then the token goes beyond this and allows you to control accounts in online services, such as Google and MS Office, as well as sign and encrypt data using GPG. The range of token applications is wide, every manager who cares about security will find his own use for hardware keys.
Let's consider working with hardware keys using an example - Yubikey.
This is the simplest and most popular solution. Yubikey supports a large number of services. Now it is difficult to buy Yubikey due to shortages and increased prices, but you can still find them. One of the latest models is called Yubikey 5 NFC.
Here is a simple example of using a hardware key for authentication when logging into the Windows operating system:
You will need the token itself and the program from the official website. Install the program according to the instructions. During setup, the program will generate a key that can be entered in case of loss of Yubikey, you need to remember it or write down the password database. After completing the setup, you can log in to your account only with the key connected.
Yibikey can also be added when creating a KeePassXC password database in the Database Credentials → Add additional protection → Challenge-Response section. If you use a regular password in combination with a key file and a hardware key, it will be extremely difficult to hack your password database or crypto container.
But if you can't buy enough hardware keys and use Linux, you can make a semblance of such a key yourself from any flash drive using the pam_usb function.
Linux will remember the flash drive and will perform actions on behalf of the administrator or log in only when you simultaneously enter the password and the USB device is connected. This will protect you from unauthorized access from the outside.Projects implementing this function are on GitHub, here is one of them. And if you have a system administrator on staff who knows Python and understands Linux, he can relatively easily write a similar program himself.
This is not the same as Yubikey with its built-in encryption and one-time password generation, but for a limited budget, such a homemade authorization token will be a cool solution.
Pay attention to your security, and your data will not leak anywhere. This is important today.
