Habee oo isticmaal YubiKey Secure Login ee Koontada Maxalliga ah gudaha Windows 10

Isticmaalayaashu waxay isticmaali karaan furayaasha amniga qalabka, oo ay soo saartay shirkadda Iswiidhishka ee Yubico si ay u gasho akoon maxalli ah Windows 10(Windows 10) . Shirkaddu waxay dhawaan soo saartay nuqulkii ugu horreeyay ee xasilloon ee Yubico Login ee codsiga Windows(Login for Windows application) . In this post, waxaan ku tusi doonaa sida loo rakibo oo loo habeeyo YubiKey si loogu isticmaalo Windows 10 PCs.

YubiKey waa qalab xaqiijinta qalabka taageera furaha hal mar ah, sireeynta-guud ee furaha iyo sugida, iyo Universal Factor 2nd (U2F)(Universal 2nd Factor (U2F)) iyo FIDO2 borotokool ay soo saartay FIDO Alliance . Waxay u ogolaataa isticmaalayaasha inay si badbaado leh u galaan akoonadooda iyagoo soo saaraya furaha sirta ah ee hal mar ah ama isticmaalaya FIDO-ku-salaysan furaha dadweynaha/lamaanayaasha gaarka ah ee uu soo saaray qalabku. YubiKey waxa kale oo ay ogolaataa in lagu kaydiyo ereyada sirta ah ee static si loogu isticmaalo goobaha aan taageerin ereyada sirta ah ee hal mar ah. Facebook waxay u isticmaashaa YubiKey aqoonsiga shaqaalaha, Google -na waxay u taageertaa shaqaalaha iyo isticmaalayaasha labadaba. Qaar ka mid ah maamulayaasha sirta ah ayaa taageera YubiKey .Yubico sidoo kale waxay soo saartaa Furaha Amniga(Security Key) , qalab la mid ah YubiKey , laakiin diiradda saaraya aqoonsiga furaha dadweynaha.

YubiKey waxay u ogolaataa isticmaalayaasha inay saxeexaan, sireeyaan, oo ay kala saaraan fariimaha iyaga oo aan soo bandhigin furayaasha gaarka ah ee aduunka ka baxsan. Sifadan waxa hore loogu heli jiray isticmaalayaasha Mac iyo Linux .

To configure/set up YubiKey on Windows 10, you’ll need the following:

  1. Qalabka USB YubiKey .
  2. Yubico Login software ee Windows.
  3. YubiKey software software.

Dhammaantood waxa laga heli karaa yubico.com oo ku hoos jira tab Product s. Sidoo kale, waa inaad ogaataa in app-ka YubiKey aanu taageersanayn akoonnada Windows -ka ee ay maamusho Azure Active Directory ( AAD ) ama Hagaha(Directory) Active (AD) iyo sidoo kale Xisaabaadka Microsoft .

(YubiKey)Qalabka xaqiijinta qalabka YubiKey

Kahor intaadan rakibin Yubico Login ee software Windows , samee qoraal ku qor magacaaga isticmaale ee Windows iyo eraygaaga sirta ah ee koontada deegaanka. Qofka rakibaya software-ka waa inuu haystaa magaca isticmaalaha iyo furaha Windows ee akoonkiisa. (Windows)Kuwaas la'aantood, waxba lama habeyn karo, xisaabtuna waa mid aan la heli karin. Dabeecada caadiga ah ee bixiyaha aqoonsiga Windows waa inuu xasuusto galitaankaagii u dambeeyay, markaa ma aha inaad ku qorto magaca isticmaalaha.

Sababtan awgeed, dad badan ayaa laga yaabaa inaysan xasuusan magaca isticmaalaha. Si kastaba ha noqotee, markaad rakibto qalabka oo aad dib u bilowdo, bixiyaha cusub ee Yubico ayaa la raray, si labada admins iyo isticmaalayaasha dhamaadka ay dhab ahaantii ku qoraan magaca isticmaalaha. Sababahan dartood, ma aha maamulaha oo kaliya, laakiin sidoo kale qof kasta oo akoonkiisa lagu habeynayo Yubico Login for Windows waa inuu hubiyo inay geli karaan iyaga oo isticmaalaya magaca isticmaale ee Windows iyo erayga sirta ah ee koontada maxalliga ah KA HOR inta maamuluhu rakibin aaladda oo uu dejiyo dhamaadka - xisaabaadka isticmaalayaasha.

Waxa kale oo lagama maarmaan ah in la ogaado, marka Yubico Login ee Windows la habeeyey, waxaa jira:

  • Ma jiro Tilmaamaha Furaha Windows
  • Ma jiro hab dib loogu dejiyo furaha sirta ah
  • Maya Remember Previous User/Login shaqada.

Intaa waxaa dheer, galitaanka tooska ah ee Windows kuma habboona Yubico Login ee Windows . Haddii isticmaale koontada loo dejiyay gelitaan toos ah uusan dib u xasuusan erayga sirta ah ee asalka ahaa marka Yubico Login ee qaabeynta Windows uu hirgalo , koontada lama geli karo. Si badheedh ah wax uga qabto(Address) arrintan adigoo:

  • In dadka isticmaala ay dejiyaan furaha sirta ah ka hor inta aysan joojin soo gelista tooska ah.
  • Dhammaan isticmaalayaashu ha xaqiijiyaan inay ku geli karaan akoonadooda iyaga oo wata magaca isticmaalaha iyo erayga sirta ah ee cusub ka hor intaadan isticmaalin Yubico Login for Windows si aad u habayso akoonadooda.

Oggolaanshaha maamulaha ayaa loo baahan yahay si loo rakibo software-ka.

Rakibaadda YubiKey

Marka hore, xaqiiji magacaaga isticmaale Marka aad ku rakibto Yubico (PowerShell)Login (Command Prompt)for(Yubico Login) Windows oo(Windows) dib loo bilaabo , waxaad u baahan doontaa inaad(Start) geliso tan marka lagu daro eraygaaga sirta ah si aad u gasho.

whoami

U(Take) fiirso wax soo saarka buuxa, kaas oo ah qaabka DESKTOP-1JJQRDF\jdoe , halkaasoo  jdoe  uu yahay magaca isticmaalaha.

  1. Halkan(Download) kala soo deg Yubico Login(Yubico Login) ee software Windows ka(here) .
  2. Ku socodsii rakibaha adiga oo laba jeer gujinaya soo dejinta.
  3. Aqbal heshiiska shatiga isticmaalaha.
  4. Wizard-ka rakibaadda, sheeg meesha galka aad ku socoto ama aqbal meesha caadiga ah.
  5. Dib u bilow mishiinka lagu rakibay software-ka. Dib u bilaabashada ka dib, bixiyaha aqoonsiga Yubico ayaa soo bandhigaya shaashadda soo gelida ee u kicisa YubiKey(YubiKey) .

Sababtoo ah YubiKey weli lama bixin, waa inaad beddeshaa isticmaalaha oo aad gelisaa ereyga sirta ah ee koontada Windows -ka ee deegaankaaga , laakiin sidoo kale magacaaga isticmaale ee xisaabtaas. Haddii loo baahdo, waxaa laga yaabaa inaad u bedesho Koontada Microsoft una beddelato Koontada Maxalliga ah .

Kadib markaad gasho, ka raadi "Configuration Login" oo leh astaanta cagaaran. (Shayga runtii lagu calaamadiyay Yubico Login ee Windows waa rakibaha kaliya, maaha codsiga.)

Habaynta YubiKey

Oggolaanshaha maamulaha(Administrator) ayaa loo baahan yahay si loo habeeyo software-ka.
Kaliya akoonnada la taageero ayaa lagu habeyn karaa Yubico Login ee Windows . Haddii aad bilowdo saaxir qaabeynta, oo koontada aad raadineyso aan la soo bandhigin, lama taageero oo sidaas darteed looma heli karo qaabeynta.

Inta lagu jiro habka qaabeynta, waxyaabaha soo socda ayaa loo baahan doonaa;

  • Furayaasha Aasaasiga ah iyo Kaabta(Primary and Backup Keys) : Isticmaal YubiKey ka duwan diiwaangelin kasta. Haddii aad configuring furayaasha gurmad, user kasta waa in uu leeyahay hal YubiKey ee aasaasiga ah iyo kan labaad ee furaha gurmad.
  • Koodhka Soo kabashada(Recovery Code) : Koodhka soo kabashada waa habka ugu dambeeya ee lagu xaqiijiyo isticmaalaha haddii dhammaan YubiKeys ay lumeen. Koodhadhka soo kabashada(Recovery) waxaa lagu meelayn karaa isticmaalayaasha aad sheegtay; si kastaba ha ahaatee, koodhka soo kabashada ayaa la isticmaali karaa oo kaliya haddii magaca isticmaalaha iyo erayga sirta ah ee xisaabta sidoo kale la heli karo. Ikhtiyaarka lagu abuurayo koodka soo kabashada ayaa la soo bandhigay inta lagu jiro habka qaabeynta.

Talaabada 1: Gudaha menu Start ee Windows , dooro Yubico > Qaabaynta Soo gal(Login Configuration) .

Talaabada 2: Wadahadalka Xakamaynta Koontada Isticmaalaha(User Account Control) ayaa soo muuqda. Haddii aad tan ka waddo akoon aan Maamule ahayn, waxaa lagu weydiin doonaa aqoonsiga maamulaha deegaanka. Bogga Soo-dhaweyntu waxa uu soo bandhigayaa saaxir bixinta Isku xidhka Soo galitaanka Yubico(Yubico Login Configuration) :

Qalabka xaqiijinta qalabka YubiKey

Tallaabada 3: Guji Next . Bogga ugu talagalka ah ee Isku xidhka Login Windows Yubico (Yubico Windows Login Configuration)ayaa(Default) soo muuqda.

Talaabada 4: Shayada la isku habayn karo waa:

Afyare(Slots) : Dooro booska halka lagu kaydin doono sirta ka jawaab celinta. Dhammaan YubiKeys-ka aan la habeynin waxay ku yimaadaan horay loo sii raray iyagoo wata aqoonsiga booska 1, markaa haddii aad isticmaalayso Yubico Login for Windows si aad u habayso YubiKeys horay loogu isticmaalay gelitaanka akoonnada kale, ha ku beddelin booska 1.

Challenge/Response Secret : Shaygani waxa uu awood kuu siinayaa in aad qeexdo sida sirta loo habayn doono iyo halka lagu kaydin doono. Doorashadu waa:

  • Isticmaal sirta jirta haddii la habeeyey – dhali haddaan la habeynin(Use existing secret if configured – generate if not configured) : Sirta jirta ee furaha waxaa loo isticmaali doonaa booska la cayimay. Haddii qalabku aanu lahayn sir jira, habka bixinta ayaa dhalin doona sir cusub.
  • Samee sir cusub oo random ah, xitaa haddii sirta hadda la habeeyay(Generate new, random secret, even if a secret is currently configured) : Siro cusub ayaa la soo saari doonaa oo lagu barnaamijayn doonaa booska, iyadoo lagu beddelayo sir kasta oo hore loo habeeyey.
  • Gacanta ku geli sirta sirta ah(Manually input secret)Isticmaalayaasha horumarsan(For advanced users) : Inta lagu jiro habka bixinta, codsigu wuxuu kugu dhiirigelin doonaa inaad gacanta ku geliso sirta HMAC-SHA1 (20 bytes - 40 xaraf hex-encoded).

Samee Koodhka Soo kabashada(Generate Recovery Code) : Isticmaale kasta oo la bixiyo, kood soo kabashada cusub ayaa la soo saari doonaa. Koodhkan soo kabashada ayaa awood u siinaya isticmaalaha ugu dambeeya inuu galo nidaamka haddii ay lumiyeen YubiKey.
Fiiro gaar ah: Haddii aad dooratid inaad kaydiso koodka soo kabashada markaad siinayso isticmaale furaha labaad, kood kasta oo soo kabasho hore wuxuu noqonayaa mid aan sax ahayn, oo kaliya koodhka soo kabashada cusub ayaa shaqayn doona.

U samee Aaladaha kaabta ee Isticmaale Kasta(Create Backup Device for Each User) : Isticmaal doorashadan si aad nidaamka bixinta u diiwaan geliso laba fure isticmaale kasta, YubiKey aasaasiga ah iyo kaydka YubiKey . Haddii aadan rabin inaad siiso koodka soo kabashada isticmaaleyaashaada, waa dhaqan wanaagsan in la siiyo isticmaale kasta YubiKey gurmad ah . Macluumaad intaas ka badan, tixraac qaybta Koowaad(Primary) iyo kaabta(Backup Keys)  ee kore.

Tallaabada 5: Guji Next , si aad u dooratid isticmaalayaasha si ay u bixiyaan. Xulo Xisaabaadka Isticmaalaha(Select User Accounts) bogga (Haddii aysan jirin xisaabaadka isticmaale maxalli ah oo ay taageerto Yubico Login for Windows , liisku wuu madhnaan doonaa) ayaa soo muuqda.

Talaabada 6: Dooro xisaabaadka isticmaalaha in la bixiyo inta lagu guda jiro hadda socda ee Yubico Login for Windows adiga oo dooranaya sanduuqa ku xiga username, ka dibna riix Next . Bogga Isticmaalaha Isku Habaynta(Configuring User) ayaa soo muuqda.

Tallaabada 7: Magaca isticmaalaha ee lagu muujiyay goobta Isticmaalaha Isku-habaynta(Configuring User) ee kor ku xusan waa isticmaalaha kan YubiKey hadda loo habeynayo. Sida username kasta oo la soo bandhigay, geedi socodka ku dhiirigelinayaan in aad geliso YubiKey ah si ay u diiwaan user in.

Talaabada 8: Sug for Device(Wait for Device) bogga waxaa lagu muujiyay halka YubiKey la geliyey la ogaanayo iyo ka hor inta aan la diiwaan gelin user username waa in Configuring User garoonka sare ee bogga. Haddii aad dooratay U samee Aaladda kaabta ee Isticmaale kasta(Create Backup Device for Each User) bogga Defaults , Configuring User field ayaa sidoo kale muujin doona midka YubiKeys ee la diiwaan geliyo, Primary ama Backup .

Tallaabada 9: Haddii aad habaysay habka bixinta si aad u isticmaasho sir gacanta lagu cayimay, goobta sirta 40-god ee hex-ga ayaa la soo bandhigay. Geli sirta oo guji Next .

Talaabada 10: Bogga Aaladda Programming(Programming Device) -ka waxa uu soo bandhigayaa horumarka barnaamijka YubiKey kasta . Bogga Xaqiijinta Qalabka(Device Confirmation) ee hoos ku qoran wuxuu muujinayaa faahfaahinta YubiKey ee lagu ogaaday habka bixinta, oo ay ku jiraan lambarka taxan ee aaladda (haddii la heli karo) iyo heerka qaabeynta ee hal-wakhti-Password(One-Time Password) ( OTP ). Haddii ay jiraan khilaafyo u dhexeeya waxa aad dejisay sida khaladaadka iyo waxa suurtogalka ah ee la ogaaday YubiKey , calaamad digniin ah ayaa la soo bandhigay. Haddii wax walba ay wanaagsan yihiin in la tago, calaamad sax ah ayaa la tusi doonaa. Haddii xariiqda xaaladdu muujiso calaamad khalad ah, khaladku waa la sifeynayaa, tilmaamaha hagaajintiisa ayaa lagu soo bandhigay shaashadda.

Tallaabada 11: Marka barnaamijka la dhammeeyo koontada isticmaalaha, xisaabtaas lama geli karo iyada oo aan la helin YubiKey u dhigma . Waxaa lagugu dhiirigelinayaa inaad ka saarto YubiKey oo hadda la habeeyay, iyo habka bixinta si toos ah u socdaa koontada isticmaale ee soo socota / isku darka YubiKey .

Tallaabada 12: Ka dib oo dhan, YubiKeys ee koontada isticmaale ee la cayimay ayaa la siiyay:

  • Haddii Generate Code-ka soo kabashada(Generate Recovery Code)  lagu doortay bogga Defaults , bogga Code-ka soo kabashada(Recovery Code) ayaa la soo bandhigay.
  • Haddii  Aasaaska Koodhka Soo-kabashada(Generate Recovery Code)  aan la dooran, habka bixinta ayaa si toos ah u socon doonta koontada isticmaalaha xiga.
  • Habka bixinta wuxuu u guuraa  Dhamaystiran(Finished)  ka dib markii la sameeyo akoonkii isticmaale ee ugu dambeeyay.

Koodhka soo kabashada waa xadhig dheer. (Si loo baabi'iyo dhibaatooyinka uu keeno isticmaalaha ugu dambeeya ee ku khaldaaya nambarka 1 ee xarafka yar ee L iyo 0 ee xarafka O, koodhka soo kabashada wuxuu ku qoran yahay Base32 , kaas oo daaweeya xarfaha alfanumeric ee u eg inay isku mid yihiin.)

Bogga Koodhka Soo kabashada(Recovery Code) ayaa la soo bandhigay ka dib markii dhammaan YubiKeys ee xisaabta isticmaale ee cayiman la habeeyey.

Talaabada 13: Bogga Koodhka Soo-kabashada(Recovery Code) , samee oo deji koodka soo kabashada isticmaalaha la doortay. Marka tan la sameeyo, koobi(Copy)  iyo  Badbaadinta(Save) badhamada dhanka midig ee goobta code-ka soo kabashada ayaa diyaar ah.

Talaabada 14: Koobi koodhka soo kabashada oo ka badbaadi in lala wadaago isticmaalaha oo ilaali haddii isticmaaluhu lumiyo.

Xusuusin(Note) : Hubi inaad kaydiso koodhka soo kabashada wakhtigan hawsha. Markaad u sii gudubto shaashadda xigta, suurtogal maaha inaad soo celiso koodka.

Talaabada 15: Si aad ugu guurto koontada isticmaale ee soo socota bogga Xulashada Isticmaalayaasha(Select Users) , dhagsii Next . Markaad habayso isticmaaleha ugu dambeeya, habka bixinta ayaa soo bandhigaya bogga Dhammaaday(Finished) .

Tallaabada 16: Sii isticmaale kasta koodka soo kabashada. Isticmaalayaasha ugu dambeeya waa in ay kaydiyaan koodka soo kabashada meel ammaan ah oo la heli karo marka aysan geli karin.

YubiKey Isticmaalka Khibradda

Marka koontada isticmaalaha maxaliga ah loo habeeyey inay u baahato YubiKey , isticmaaluhu waxa xaqiijiya Bixiyaha Aqoonsiga Yubico(Yubico Credential Provider) halkii uu ka ahaan lahaa Bixiyaha Aqoonsiga Windows ee caadiga ah . Isticmaalaha waxa lagu dhiiri galinayaa in uu geliyo YubiKey . Kadibna shaashadda Login Yubico(Yubico Login) ayaa la soo bandhigay. Isticmaaluhu wuxuu galayaa isticmaalkooda iyo erayga sirta ah.

Fiiro gaar(Note) ah : Looma baahna in la riixo badhanka qalabka USB YubiKey(YubiKey USB) si aad u gasho. Mararka qaarkood, riixitaanka badhanka ayaa sababta login inuu ku guuldareysto.

Marka dhamaadka-user galo in, waa in ay geliso YubiKey saxda ah dekedda USB ah oo ku saabsan nidaamka ay. Haddii dhamaadka-user galo ay username iyo erayga sirta ah oo aan gelin YubiKey saxda ah , xaqiijinta fashilmi doonaa, iyo user waxaa lagu soo bandhigi doonaa fariin qalad ah.

Haddii xisaabta user dhamaadka ah loo habeeyey Yubico Login for Windows , iyo haddii code a soo kabashada la soo saaray, iyo user a lumin YubiKey (-yada), waxay isticmaali karaan code soo kabashada si loo xaqiijiyo. Isticmaalaha ugu dambeeya wuxuu ku furayaa kombuyuutarkooda magaciisa isticmaale, koodhka soo kabashada, iyo erayga sirta ah.

Ilaa YubiKey cusub la habeeyo, isticmaala dhamaadka-user waa in ay galaan code kabashada mar kasta oo ay galaan.

Haddii Yubico Login ee Windows uusan ogaanin in YubiKey la geliyey, waxay u badan tahay inay sabab u tahay furaha oo aan lahayn habka OTP -ga, ama aadan gelin YubiKey , laakiin beddelkeeda Key Security(Security Key) , kaas oo aan ku habboonayn codsigan. Isticmaal arjiga Maareeyaha YubiKey(YubiKey Manager)  si aad u hubiso in dhammaan YubiKeys ee la bixinayo ay leeyihiin interface -ka OTP .

Muhiim(Important) : Hababka galitaanka beddelka ah ee ay taageerto Windows ma saameyn doonto. Sidaa darteed, waa inaad xaddidaa hababka gelitaanka gudaha iyo fog ee dheeraadka ah ee xisaabaadka isticmaale ee aad ku ilaalinayso Yubico Login for Windows si aad u hubiso inaadan uga tagin wax 'albaab danbe' ah.

Haddii aad isku daydo YubiKey, noo sheeg khibradaada qaybta faallooyinka ee hoose.(If you try out YubiKey, let us know your experience in the comments section below.)



Alexis Walker

About the author

Ganacsi ahaan, waxay ku saabsan tahay abuurista qiimaha macaamiishaada iyo macaamiishaada. Waxaan diiradda saarayaa bixinta tilmaamo tallaabo-tallaabo ah oo ka caawinaya akhristayaashayda inay sida ugu badan uga faa'iidaystaan ​​qalabkooda iyo software-kooda, anigoo isticmaalaya Microsoft Office. Xirfadahayga waxaa ka mid ah kiiboodhka iyo rakibida darawalada, iyo sidoo kale taageerada Microsoft Office. Sannadaha aan khibrad u leeyahay warshadaha, waxaan kaa caawin karaa inaad daboosho baahi kasta oo hardware ama software ah oo aad u baahan tahay.


Related posts