I haven't considered Yubikey but I was considering this:
I'm not sure if these USB virtual keyboards are the best option as some internet cafes won't let you plug in USB devices or you don't have the rights to install it (I know they say it doesn't require drivers but some machines are locked down good)
From what I have read it sounds like I need to have two passwords for one login...one for Roundcube (with OTP) and one for IMAP access. I think the key to this is to ONLY allow the IMAP password to be used with IMAP and for the Roundcube password (with OTP) to ONLY have access to Roundcube. That way if the Roundcube password gets recorded/keylogged then they can't use it with IMAP. Is this possible? (ie: bind/enforce a particular password to one type of service)
Another option, is it possible to have my main account and use it with IMAP but have a SECOND set of login credentials that I only use for Roundcube but can access my mailbox of the the other account?
I'm still battling with this!
On 06/05/2014 00:06, Professa Dementia wrote:
On 5/5/2014 3:30 PM, Benjamin Podszun wrote:
On Monday, May 5, 2014 11:49:52 PM CEST, SIW wrote:
I'm beginning to wonder if I am going about this all wrong :-) No offense: I'm thinking the same thing. ;-)
Would it not be easier/better to leave all IMAP/SMTP access in place (for all users) and then just use "one time throw away passwords" for logging in from an internet cafe with Roundcube? Have you considered Yubikey?
https://www.yubico.com/products/yubikey-hardware/yubikey/
The USB device looks like a keyboard when plugged in. Plug it in, type in your login, highlight the password field, then press the button on the Yubikey. It "types" in the OTP. Click the login button.
It run on many OS's, including Linux where it interfaces with PAM. A simple PAM config change installs it.
https://www.yubico.com/applications/computer-login/linux/
You can even (and I do recommend that you) use it with two factor, so you enter a normal password, plus the OTP (something that you know, plus something that you have). This would take a small change to Roundcube, which is beyond scope for this list.
Dem