| |
| This application is a simple demonstration of two-factor authentication using theYubiKey device from Yubico. When activated the YubiKey emits a unique one-time password (OTP) whose first 12 characters are always the same and constitute the individual key's unique ID.The OTP is first validated against Yubico's validation server. If it fails validation the application will report the error. If it is good, the application will proceed to check if the key ID is already in the user table. If it is not in the user table, you will be prompted for your name, a login name, and a password. If it is already in the user table you will have to enter your user name and your password in order to log in. Your own password is stored in the user table as a hash, and password validation is done by hashing the offered password and comparing the result with the stored hash.There's more information at the APEXtras blog about our motivation for evaluating the YubiKey, and we also give full technical details including PL/SQL code. |
|