Just had to whip out a quick blog post about my experience installing the dead-simple Yubikey plugin for WordPress. It really is as easy as the Installation page states:
- Buy a Yubikey
- Create a Yubico ID & API Key (This URL is wrong, I’ve posted the right one below)
- Unzip plugin into your /wp-content/plugins/ directory.
- Enter Key ID on the Users -> Profile and Personal options page.
- Enter Yubico ID & API key on the Settings -> Yubikey options page.
Id/key confused ? Well the Key ID is the first 12 chars from the output Your Yubikey generates, they don’t change, the Yubico ID and API Key is used when communicating with the Yubico authentication server.
I only had one issue, but it was minor. After installing the plugin per the directions above, my login screen had a message stating that Yubikey authentication was disabled because I was missing the PHP Curl and Hash modules. A quick ‘sudo apt-get install php5-curl phg5-mhash; sudo /etc/init.d/apache2 restart’ later, and I was good to go!
Finally, the updated URL for generating a Yubico API key. You need to complete step 1 first, however, because you’ll need to provide an OTP and an e-mail address to generate the API key.