5Group’s Apps

More than a year ago we had announced Yubiii and said it’s really close to a public preview release. So we thought a brief explanation is necessary. For those who are not familiar, Yubiii is aimed to allow Windows Log On, Computer Unlock, and other features to be enhanced with YubiKey OTP strong authentication abilities. Later on, after a discussion with YubiKey CEO, Stina Ehrensvard, we renamed the product to ybWin.

Closed Beta 1 was send to Yubico support and test team for review, which they did providing us with a good overview plus detailed observations and recommendations. Thank you for that!

The product reached Public Beta 2, which however was not actually released to the public.

The reason for that was the issues with password-protected Windows Screensaver implementation. Then a completely different approach was started to target this, which didn’t succeed either. So we had two choices – to release the Beta 2 with disabled support for password-protected Windows Screensavers, or to continue looking to a solution. Obviously, we choose the latter. However, the “public” Beta 2 release brought some nice features as support for multiple Yubikey per user (with some limitations):

The original idea was that the product (ybWin) is going to be aimed on the consumer market, i.e. individual users but enthusiasts, who can handle AES private keys properly, and what’s more – understand the importance of the information they are dealing with. Although the product offered some administrative features as the possibility to alter almost all of the settings remotely (via Administrative Template), then some key Enterprise application aspects were actually missing:

• Domain Administrator is not able to setup/revoke user Yubikeys remotely;
• Even the local administrator is not able to change local users’ settings;
• There is no fail-safe way to access user profile in case of lost/stolen Yubikey;
• There is not (yet) available centralized management application/console;
• The management of AES private keys should be done by administrators;
• The same Yubikey can be registered to several users simultaneously;
• Users can have only one active Yubikey at a time, so no fail-safe Yubikey;
• There is no support for modern OS-es as Windows 7 and Server 2008.

Thus a decision was made to postpone the public release until some of the issues were resolved, or rejected. As of today, we can not name the exact date of when such release will be available. It is quite possible that a stripped in version pops up, aimed at the single-user environment, providing two-factor authentication functionality for older OS-es as Windows 2000 and Windows XP. It is also possible that we split ybWin into two separate products.

Stay with us for more news on the subject.

Today we’ll introduce our latest project (codename Yubiii) which is still under development, but really close to a public preview release. It’s aimed to allow Windows Log On, Computer Unlock, and other features to be enhanced with YubiKey OTP strong authentication abilities. Hardened security at Enterprise level, or even at home is a well desired goal since recent few years for both technicians and senior managers. Now, by using YubiKey OTP and Two-factor Authentication, we got an access key to the Computer assets which drives this goal to more achievable level than ever.

Next, we are going to show you the administrative tool which was used to configure and link a YubiKey to my Windows User account. This tool (codename GineConsole) will be part of Yubico Tools, together with Yubiii itself. There are several options on About tab as well; remember this is a preview sneak-peak, and User Interface will probably be updated, if not for sure. Anyway, I think it looks nice even now.

Oh! Probably you have noticed it but I am going to say it anyway – all settings will be made fully manageable through Administrative Template (Domain admins are welcome!) Enjoy!