ZeroTrust with Yubi Keys
Hi,
I have a zero trust tunnel setup to my home with various applications. The method to login is that it emails me a code I enter.. This works great, but I need to setup a way to get access that's secure in case I don't have access to my emails.
This scenario happened to me recently... I needed access to my iCloud as I had smashed my iPhone and Apple wouldn't let me have a new phone that day unless I could disable the "Find my iPhone" feature. I don't know any of my passwords as I use a password manager and so couldn't get access to my emails as my phone was shashed and and thus couldn't get past Zero Trust tog t to my password manager which I won't put public facing.
So, as I carry my YubiKeys everywhere I would like to setup a second method where I can use my YubiKeys a secondary option which would allow me in without email access but also keeping email me a code as an option in case I forgot my Yubikeys (good secure methods for both scenarios).
So is it possible to setup Yubikeys as another options because I cannot see how to get it working. Everything I read tells me to add MFA but this doesn't work. It still presents me with a form to add my email address but doesn't email me anything.
Thanks for your help.
3 Replies
sorry but what is an idp?
okay external identity provider.... but isn't my yubikey exactly that? it verifies against their servers
hello?
Cloudflare does not offer a build in way to use Yuibikeys to verify, which is why you need an external IDP for it.
If I used an IDP I'd still need to login there so just adding an extra step without fixing the issue. So I suppose, what's the most secure way of logging in to Zero Trust if you have no access to your emails? Password only? I worry about using that with Brute Force. I know CF will have protection for that I just don't see it as amazingly secure.
thats a better option then. So can you recommend a good one? preferrably free?
okay i'll check those out, thank you!