<\/div>\n<\/aside>\n","upvoteCount":0,"datePublished":"2019-10-06T20:01:46.000Z","url":"https://community.spiceworks.com/t/yubikeys-for-our-blue-collars/733305/2","author":{"@type":"Person","name":"pbrain","url":"https://community.spiceworks.com/u/pbrain"}},{"@type":"Answer","text":"
We use Yubikeys here in IT.<\/p>\n
We haven’t rolled out to everyone as we need to rebuild our Cert chains soon anyway.<\/p>\n
Works great. You will have to make sure you roll out the driver first or stuff will act weird.<\/p>","upvoteCount":1,"datePublished":"2019-10-07T00:41:25.000Z","url":"https://community.spiceworks.com/t/yubikeys-for-our-blue-collars/733305/3","author":{"@type":"Person","name":"justin1250","url":"https://community.spiceworks.com/u/justin1250"}},{"@type":"Answer","text":"
I know lots of folk like these things and that the federal government use them but we only have a couple and none of them are much use. If staff can’t recall passwords etc are they really going to look after these?<\/p>","upvoteCount":0,"datePublished":"2019-10-07T10:29:18.000Z","url":"https://community.spiceworks.com/t/yubikeys-for-our-blue-collars/733305/4","author":{"@type":"Person","name":"culesflatlander","url":"https://community.spiceworks.com/u/culesflatlander"}},{"@type":"Answer","text":"\n\n
<\/div>\n
CulesFlatlander:<\/div>\n
\nI know lots of folk like these things and that the federal government use them but we only have a couple and none of them are much use. If staff can’t recall passwords etc are they really going to look after these?<\/p>\n<\/blockquote>\n<\/aside>\n
I think accountability is key. We issue similar keys for access to our manufacturing equipment. When issued, they are informed that the loss of the device would incur a $50 deduction on their paycheck.<\/p>\n
It is amazing how they guard them when there is a penalty (for replacement and administration) attached to it.<\/p>","upvoteCount":1,"datePublished":"2019-10-07T10:41:06.000Z","url":"https://community.spiceworks.com/t/yubikeys-for-our-blue-collars/733305/5","author":{"@type":"Person","name":"pbrain","url":"https://community.spiceworks.com/u/pbrain"}},{"@type":"Answer","text":"
Sufficiently long, memorable pass phrases (follow NIST on this) and a hardware token (Yubikey) as a second factor is a solid access control measure.<\/p>","upvoteCount":2,"datePublished":"2019-10-07T12:06:35.000Z","url":"https://community.spiceworks.com/t/yubikeys-for-our-blue-collars/733305/6","author":{"@type":"Person","name":"johnnelson3","url":"https://community.spiceworks.com/u/johnnelson3"}},{"@type":"Answer","text":"\n\n
<\/div>\n
John4865:<\/div>\n
\nSufficiently long, memorable pass phrases (follow NIST on this) and a hardware token (Yubikey) as a second factor is a solid access control measure.<\/p>\n<\/blockquote>\n<\/aside>\n
This i’d be happy with - but it seems to me, the OP is looking to replace passwords with yubikey’s not add 2FA - OP, can you clarify?<\/p>","upvoteCount":2,"datePublished":"2019-10-07T12:28:14.000Z","url":"https://community.spiceworks.com/t/yubikeys-for-our-blue-collars/733305/7","author":{"@type":"Person","name":"Kenny8416","url":"https://community.spiceworks.com/u/Kenny8416"}},{"@type":"Answer","text":"\n\n
<\/div>\n
Juanoflo:<\/div>\n
\n<\/blockquote>\nWhen issued, they are informed that the loss of the device would incur a $50 deduction on their paycheck.<\/p>\n<\/blockquote>\n<\/aside>\n
Super illegal in many jurisdictions.<\/p>\n
(Actually deducting it, threatening it may or may not be).<\/p>","upvoteCount":0,"datePublished":"2019-10-07T13:42:19.000Z","url":"https://community.spiceworks.com/t/yubikeys-for-our-blue-collars/733305/8","author":{"@type":"Person","name":"johnmeredith3839","url":"https://community.spiceworks.com/u/johnmeredith3839"}},{"@type":"Answer","text":"\n\n
<\/div>\n
John2995:<\/div>\n
\n\n\n
<\/div>\n
Juanoflo:<\/div>\n
\n<\/blockquote>\nWhen issued, they are informed that the loss of the device would incur a $50 deduction on their paycheck.<\/p>\n<\/blockquote>\n<\/aside>\n
Super illegal in many jurisdictions.<\/p>\n
(Actually deducting it, threatening it may or may not be).<\/p>\n<\/blockquote>\n<\/aside>\n
It is considered a “tool”. And the deduction is only charged if the employee loses/misplaces or fails to return the device upon termination. Federal law allows the deduction of the reasonable cost of tools form employee’s paycheck.<\/p>","upvoteCount":1,"datePublished":"2019-10-07T13:52:07.000Z","url":"https://community.spiceworks.com/t/yubikeys-for-our-blue-collars/733305/9","author":{"@type":"Person","name":"pbrain","url":"https://community.spiceworks.com/u/pbrain"}},{"@type":"Answer","text":"\n\n
<\/div>\n
Kenny8416:<\/div>\n
\n\n\n
<\/div>\n
John4865:<\/div>\n
\nSufficiently long, memorable pass phrases (follow NIST on this) and a hardware token (Yubikey) as a second factor is a solid access control measure.<\/p>\n<\/blockquote>\n<\/aside>\n
This i’d be happy with - but it seems to me, the OP is looking to replace passwords with yubikey’s not add 2FA - OP, can you clarify?<\/p>\n<\/blockquote>\n<\/aside>\n
Fair point. I was assuming that OP wanted to get away from expiring passwords.<\/p>","upvoteCount":0,"datePublished":"2019-10-07T14:25:58.000Z","url":"https://community.spiceworks.com/t/yubikeys-for-our-blue-collars/733305/10","author":{"@type":"Person","name":"johnnelson3","url":"https://community.spiceworks.com/u/johnnelson3"}}]}}
liestru
October 6, 2019, 7:45pm
1
Hi,
Many of our blue collars need to be able to logon on computers that belong to our active directory domain. Since they only logon now and then, their passwords expire, they forgot it or lock themselves causing too many password reset tickets on our helpdesk.
I am thinking of rolling out Yuibkeys using PIV SmartCart logon on W10 machines.Only found one other question about this in this forum.
Since we have like a thousand blue collars, I will first do a POC of course, but in the meantime, are there any other admins that have deployed this already and are happy with it?
Kind regards
19 Spice ups
pbrain
October 6, 2019, 8:01pm
2
I’ve started looking into this for our mfg floor employees.
This is what I got so far:
justin1250
October 7, 2019, 12:41am
3
We use Yubikeys here in IT.
We haven’t rolled out to everyone as we need to rebuild our Cert chains soon anyway.
Works great. You will have to make sure you roll out the driver first or stuff will act weird.
1 Spice up
I know lots of folk like these things and that the federal government use them but we only have a couple and none of them are much use. If staff can’t recall passwords etc are they really going to look after these?
pbrain
October 7, 2019, 10:41am
5
I think accountability is key. We issue similar keys for access to our manufacturing equipment. When issued, they are informed that the loss of the device would incur a $50 deduction on their paycheck.
It is amazing how they guard them when there is a penalty (for replacement and administration) attached to it.
1 Spice up
Sufficiently long, memorable pass phrases (follow NIST on this) and a hardware token (Yubikey) as a second factor is a solid access control measure.
2 Spice ups
Kenny8416
October 7, 2019, 12:28pm
7
This i’d be happy with - but it seems to me, the OP is looking to replace passwords with yubikey’s not add 2FA - OP, can you clarify?
2 Spice ups
Super illegal in many jurisdictions.
(Actually deducting it, threatening it may or may not be).
pbrain
October 7, 2019, 1:52pm
9
It is considered a “tool”. And the deduction is only charged if the employee loses/misplaces or fails to return the device upon termination. Federal law allows the deduction of the reasonable cost of tools form employee’s paycheck.
1 Spice up
Fair point. I was assuming that OP wanted to get away from expiring passwords.
