2

I have two factor authentication setup for login on my laptop using a Yubikey setup for U2F. Now, while I love the security, it is a pain to use the key while sitting at home. Is there a way for my laptop to detect that I am at home and only required a password?

I have looked at possibly using a RADIUS server with the RADIUS pam module, but I believe that would require me to type in another username and password which doesn't improve the usability. Other than that, I have not found any ways of achieving my goal.

Improve this question
2
  • 1
    Get inspiration from how it's done for phones. If you have an AP at home, disable 2FA when you're connected to it; if you have an NFC reader, use an NFC sticker; if you have a GPS attached use the coordinates, etc. Commented Aug 19, 2016 at 3:36
  • That is not a bad idea, but I fear I am going to need to write my own pam module to detect when I am connected to a certain AP. Either my google-foo is lacking and a module that can do that is already out there or no one has written it yet. Commented Aug 19, 2016 at 6:25

1 Answer 1

Reset to default
0

I think the Sato's first and second proposals are good ways here, but the first one is maybe the easiest but requires a pam module (Yodal) and its maintenance to work. Sato Katsura's answer in comments about using AP for disabling 2FA

Get inspiration from how it's done for phones. If you have an AP at home, disable 2FA when you're connected to it;

Alternative approaches

Sato's idea in comments about NFC sticker with NFC reader to ease login at home

if you have an NFC reader, use an NFC sticker;

Sato's idea about GPS which I think is most inaccurate here, and consumes also much battery, and also requires the use of smartphone

if you have a GPS attached use the coordinates, etc.

Discussion about the question

To disable 2FA even at home can compromise security. In the strictest security sense, I think 2FA login should not be disabled even at home. Simple is just effective.

  • What are the amount of false negatives in each step in security?
  • How does the complexity of the system and the maintenance of the pam module for AP affect the security?
Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.