YubiKey¶
The YubiKey¶
An YubiKey is a security token which serves as a second authentication factor.
pwSafe uses YubiKey's HMAC-SHA1 challenge response mode. When the key is initialized, a random secret is stored in it. The password you enter is used as the challenge and the resulting response is used as the safe password.
pwSafe's usage of the YubiKey is fully compatible with Password Safe's. This means safes created with Password Safe can be accessed with pwSafe normally.
Enabling YubiKey Support¶
Before using the YubiKey, you'll need to activate pwSafe's YubiKey support optional feature. To do that:
Connect the YubiKey to your Mac. Click on the "Use YubiKey" checkbox Click either on "Buy for price" or "Restore Purchase" buttons
Using the YubiKey¶
If you already have an YubiKey enabled safe, just make sure to check the "Use YubiKey" checkbox before entering the password. When you click ok, you'll have 15 seconds to touch your YubiKey, so that it calculates the actual safe encryption key.
If you are creating a new safe or changing a safe password, you'll also check the "Use YubiKey" checkbox and press ok. Before doing that, you'll also have the option to create a new YubiKey secret. If you choose this option, your YubiKey's second configuration slot will be erased and a new secret will be stored in it. This means that you won't be able to use that YubiKey to access any service you might have configured to use its second configuration slot, including any other safes, unless you have a backup key.
Backing Up¶
By selection the 'Safe' - 'Prepare YubiKey...' menu item, you'll be able to initialize another YubiKey with the same secret of the current safe. It's highly recommended that you have a backup YubiKey, otherwise loosing or damaging your only one will prevent you from ever accessing your passwords again.
