Client-Side Certs + Yubikey U2F


(Paul) #1

I’ve just tested client-side cert + yubikey U2F on a small test install of openemr. I am very impressed with how it works. My question is, what else security wise is there to worry about?

Hackers would need the client-side cert to access the openemr webapp + a yubikey + know the username and password… How likely are we looking at compromised access to openemr webapp in this scenario? Without the client-side cert, how could a hacker get the openemr login site to appear?

Im just amazed at the direction this project has moved in. Using 2FA is a game changer!


(Paul) #2

The following article has more info on hackers and digital certificates:

From the article:

“Experts at Symantec tracked different strains of malware which have the capability to steal both private keys and digital certificates from Windows certificate stores…”

Wonder if this has happened on linux systems?