Registration/2FA/ProCon

From bwHPC Wiki
< Registration‎ | 2FA
Revision as of 15:50, 26 January 2024 by M Janczyk (talk | contribs) (Created page with "= Pros and Cons of the different Solutions = This section briefly describes the differences between the above solutions. == Mobile App == This sections describes the pros a...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Pros and Cons of the different Solutions

This section briefly describes the differences between the above solutions.

Mobile App

This sections describes the pros and cons of an app on your mobile device (phone or tablet).

Pros:

  • Can be used at no extra cost if you have a mobile device.
  • When using your cell phone, you always have the second factor at your fingertips.

Cons:

  • You need a mobile device.
  • If your device is lost or damaged, you will lose your second factor. (Some services offer cloud synchronization, but you usually need an account and Google Authenticator does not encrypt your TOTP secret keys when storing them in the cloud.)

Yubico OTP

This sections describes the pros and cons of Yubico OTP. For Yubico OTP to work, you need a Yubikey with Yubico OTP support.

Pros:

  • You do not need a mobile device. All you need is a USB port.
  • Simple and fast: The Yubikeys are preconfigured for Yubico OTP. All you need to do is touch the metal plate on the device when prompted.

Cons:

  • You have to spend money on a Yubikey.
  • If you lose the device, you will lose the second factor (it is recommended to buy at least two Yubikeys).
  • If you do not have your Yubikey with you, you cannot log in to the clusters.
  • In bwHPC, the Yubicloud is used to synchronize the Yubico OTP keys (third-party provider).

Yubikey OATH TOTP

This sections describes the pros and cons of Yubikey OATH TOTP. For Yubikey OATH TOTP to work, you need a Yubikey with OATH TOTP support. This solution is similar to the one for mobile apps, but an external pin generator is used.

Pros:

  • You do not need a mobile device. All you need is a USB port.
  • You can use multiple devices such as phones and tablets (via USB, Lightning or NFC) or even your computer(s).
  • Since the TOTP is calculated on the Yubikey and the computer/mobile device is only used for displaying the TOTP and time synchronization, you can use the same device you use for login.

Cons:

  • You have to spend money on a Yubikey.
  • If you lose the device, you will lose the second factor (it is recommended to buy at least two Yubikeys).
  • If you do not have your Yubikey with you, you cannot log in to the clusters.