I received today a new toy: a Yubikey from Yubico. It is a small USB key which contains multiples security protocols. The most famous is FIDO U2F.
Let’s see how it works: on websites supporting the Two-Factor authentication and the FIDO U2F protocol, you can use a Yubikey to connect to your account. The list of supported websites is not really insane but contains the most popular websites.
So I started to play with the Yubikey by using it to connect to my Mac. But the manipulation went wrong. I was out of my own computer, I cannot connect to my two accounts.
Here is how I solved this issue.
Recovering access to MacOS X after a loss or destruction of the Yubikey (or a wrong manipulation)
Note: this procedure will ask you the disk password many times. Enter the password of an admin user.
The goal is to modify your two files used to the connection process:
First, you have to go to the recovery mode by pressing
CMD+R when the MacBook is starting up. Then open a terminal and type:
# List your disks $ diskutil list # Try to find a disk called `Macintosh HD` and get the identifier # Mount it (mine is `disk1s1`) $ diskutil mount disk1s1 # Go there $ cd /Volumes/Macintosh\ HD/ # Modify your `authorization` file $ vim etc/pam.d/authorization # Remove or comment the line `auth required /usr/local/lib/security/pam_yubico.so mode=challenge-response` # Save and close # Modifiy you `screensaver` file $ vim etc/pam.d/screensaver # Remove or comment the line `auth required /usr/local/lib/security/pam_yubico.so mode=challenge-response` # Save and close