[KB3649] Using YubiKeys with ESET Secure Authentication

Solution

ESET Secure Authentication version 2.3.0 and later support authentication using YubiKey hard tokens. Hard tokens can be imported into ESET Secure Authentication using the PSKC file format. The following YubiKey devices have been certified for use with ESET Secure Authentication:

A YubiKey device must first be configured before it can be used with ESET Secure Authentication. Use the YubiKey Personalization Tool (https://www.yubico.com/support/knowledge-base/categories/articles/yubikey-personalization-tools/) to program your secret key and export the configuration file. To do so, follow the steps below:

  1. Launch the YubiKey Personalization Tool and insert the YubiKey into a USB port.
     
  2. Click the Settings tab.
     
  3. Select Log configuration output under Logging Settings and then select PSKC format from the drop-down menu.
     
  4. Click the OATH-HOTP tab and then click Quick.
     
  5. Select Configuration Slot 1 or Configuration Slot 1.
    1. If the selected slot had been used for some other purpose, click Regenerate.
       
  6. Deselect OATH Token Identifier (6 bytes) under OATH-HOTP Parameters (auto-generated).
     
  7. Click Write Configuration under Actions and save the log file.
     
  8. Close the YubiKey Personalization Tool before attempting to use the log file. The log file will not be saved correctly if the tool is not closed. If the data in this file is compromised, ESET Secure Authentication will not be able to fully secure your information.
     
  9. Copy the log file on to your server where ESET Secure Authentication Web Console is installed and import it as detailed in the ESET Secure Authentication Product Manual

NOTE:

Since the generated log file has .csv extension, therefore, after clicking Select file in the Import Hard Tokens window, you have to choose the All files option from the drop-down menu that by default shows XML Files in the browsing window. This way you will be able to locate the generated log file.

  1. Delete the PSKC file after you successfully import it to your server.