16 March 2013

Locking your Mac with YubiKey and TokenLock

Sometimes I need to securely "lock" my Mac at work - and one geeky way is the combination of a YubiKey (an awesome tiny USB crypto device) and TokenLock (a *very* useful Mac-OS utility).

These two allow for:

  • locking the Mac if the Yubikey is removed
  • unlocking it, if the Yubikey is inserted again


Configure Yubikey


Start the YubiKey personalisation tool and edit the following settings:


Yubikey-Serial-Nr-Readout.jpg




Now write that configuration to "configuration slot 2" of your Yubikey.

Configure TokenLock


Second, you need to configure TokenLock to accept the Yubikey only, if it has the correct serial number.

Enter the TokenLock settings dialog:

TokenLock-Check-Serial-Nr-Setting.jpg

Great. You're nearly done, one little thing…

Make your Yubikey your primary USB device for TokenLock


Select the USB tab and make sure, your Yubikey is marked "Has serial number".

Select a USB Device.jpg

You're done!

Btw: The guys from Map-Pin software provide GREAT support for TokenLock - which can monitor
bluetooth devices to lock/unlock your Mac… give it a try :-)
Labels: , ,