macOS Sierra Secure Login with YubiKey 4

Mar 23, 2017 20:10 · 196 words · 1 minute read yubikey macos sierra

I recently bought a YubiKey 4 and one of the first things I wanted to try out was securing the login to my MacBook Pro.

macOS Sierra re-introduced native support for smart cards, making it easier to set up and use them with macOS.

Following the setup guide for macOS Sierra provided by Yubico took less than 5 minutes (protip: you can brew cask install yubikey-piv-manager).

It has some limitations – you can’t require the YubiKey to be present, and when present you can only set a simple 6-8 digit numeric passcode.

What this amounts to is that you can have a very long password for when the YubiKey is not present, and a much shorter, quicker to enter passcode when it is.

It works when logging in after logging out and when unlocking the screen but not from a restart or cold boot, which is only a slight annoyance since I don’t restart my computer that often.

My next step will be to try YubiKey PAM, which does allow you to require the YubiKey (althogh if you do this make sure get a second YubiKey for a backup) and will hopefully work from a restart.

© Copyright 2018 Joseph Earl

Search