be Smart.
be Secure.
Phone: 800-441-6612

Using YubiKey for Secure Login Authentication to LuxSci

LuxSci supports a range of options for securing your access to the web interface.  These include Two-factor authentication (via email, SMS, or via integration with DuoSecurity), Social Logins (e.g. using your facebook, LinkedIn, Google+, Yahoo, Twitter, MSN, etc. account as your login), OpenID, and IP access restrictions (so you can limit access to your computer or region or country).

What many don’t know is that you can also use YubiKey (by yubico), a very popular secure hardware token that plugs into your computer’s USB port (or uses NFC in some cases so you don’t have to plug it in) and allows you to verify your identity via its presence.

At LuxSci, you can use your YubiKey as your login to WebMail or for two-factor authentication.  This capability is not new, it has been possible for years, but it is not as well known as it should be.

How to enable YubiKey Logins for LuxSci

  1. Login to LuxSci normally using your username and password
  2. Go to your Account > Security > Social Login/OpenID configuration page
  3. Click on “Add a Social Login or OpenID”.
  4. Choose “OpenID” from the dialog box
  5. You will get a pop-up window asking you for your “OpenID” address
  6. EntertheOpenID address foryourYubikey
    1. This will be:
  7. Authenticate yourself with your YubiKey
  8. Done — you can now login to LuxSci using just your YubiKey.

How to Login with your YubiKey?

  1. Go to
  2. Click on “Social Login/OpenID”
  3. Choose “OpenID”
  4. Enter your your YubiKey OpenID if it is not already pre-filled
  5. Authenticate with your YubiKey
  6. You are in!

How to Turn Off Username/Password Logins?

For added security, you can disable use of your username/password as a means of logging in to your LuxSci WebMail account — so the only valid login scheme is use of your YubiKey.  To do this,

  1. Return to your Account > Security > Social Login/OpenID configuration page in LuxSci.
  2. Check the box “Restrict Web Interface logins to the use of Social/OpenID logins only.”
  3. Press “Update”

Once you do this, you will only be able to login to WebMail using one of the Verified OpenIDs / Social Logins that you have here enabled.  This setting does not affect access via POP, IMAP, SMTP, FTP, or ActiveSync…. only WebMail.

What about YubiKey for Two Factor Authentication?

YubiKey is especially popular for being a second factor for logging in to accounts.  E.g. you enter your username and password, and then you validate yourself via your YubiKey and you are in.  This is better it doesn’t permit someone access just because they grabbed your YubiKey!

LuxSci supports two factor authentication with YubiKey via integration with DuoSecurity.  If you have not yet done so:

  1. Get your account with DuoSecurity (Its FREE for up to 10 people, and inexpensive for more).
  2. Login to  yourDuoSecurity account
    1. Choose “Integrations”
    2. Create a “+ New Integration”
    3. Select integration type of “Web SDK”
    4. Call the Integration Name “LuxSci” (or whatever you like) and press “Create Integration”
    5. Copy the Integration key, Secret key, and API hostname
  3. Login to LuxSci as an account administrator
    1. Go to “Account > Advanced Administration > Security > Duo Security Two Factor
    2. Enter the keys and hostname
    3. Set the Status or “Required” or “Optional” (for if all users in your account must use it, or if they can self select use of Duo).
    4. If you chose “Optional”, then go to your “Account > Security > Two-Factor Authentication” page and select “DuoSecurity” as your Two Factor authentication method of choice.

This enables Duo Security for Two Factor Authentication at LuxSci.  Once you have your YubiKey, you can login to your Duo Security account and add this as a valid authenticator:

  1. Login to DuoSecurity
  2. Click on “Devices”  Then “Hardware tokens”
    1. Click “+ Import Hardware tokens”
    2. Choose “YubiKey AES” as the device type
    3. Enter the “CSV token data” as per the instructions on the page (you will need your YubiKey serial number ,private identity, and secret key.
    4. Press “Import Hardware Tokens”
  3. Click on Users
  4. Click on the user login in question
  5. Click on “+ Add Hardware Token”
    1. Associate the newly added YubiKey with this user as a valid authentication device.

That’s it!

We really do recommend using DuoSecurity for business class two factor authentication for many reasons including:

  • Centralized user management
  • Support for Apps on many phones
  • Multiple types of authentication: e.g. SMS, phone call, push to app, and hardware tokens.  You can have multiple enabled so that you have backup options (e.g. if your phone is destroyed).
  • Administrators can define override codes to let someone in “just in case”.
  • Great logging and reporting of use (which is very good for compliance).

Leave a Comment

You must be logged in to post a comment.

• Access Anywhere
• Fast and Robust
• Super Secure
• Tons of Features
• Customizable
• Mobile Friendly

Send and receive email from your favorite programs, including:

 Microsoft Outlook
 Mozilla Thunderbird
 Apple Mail
 Windows Mail

... Virtually any program that supports POP, IMAP, or SMTP

Keep your email, contacts, and calendars in sync:

 Apple iPhone and iPad
 Android Devices
 Windows Phone

... Any device with Exchange ActiveSync (EAS) support

Relay your server's mail through LuxSci via smarthost:

• Resolve issues with ISP sending limits and restrictions
• Improve deliverability with better IP reputation and IP masking
• Take advantage of Email Archival and HIPAA Compliance
• Even setup smarthosting from Google Apps!

Free web site hosting with any email account:

• Start with up to 10 web sites and MySQL databases
• DNS services for one domain included
• Tons of features and fully HIPAA capable

LuxSci's focus on security and privacy:

• Read The Case for Email Security
• Read Mitigating Security & Privacy Threats
• Review our Privacy Policy

The most accurate, flexible, and trusted filters in the business:

• Premium protection with Intel Security Saas
• Realtime virus database guards against the latest threats
• Seven-day quarantine lets you put eyes on every filtered email
• Supplement with our Basic Spam Filter for even more features

End-to-end secure email encryption — to anyone, from anyone:

• No setup required — encryption is automatic and easy to use
• Secure outbound email with TLS, PGP, S/MIME, or Escrow
• Free inbound encryption via our SecureSend portal
• Independent of your recipient's level of email security
• Widely compatible and fully HIPAA Compliant

Add an extra layer of security with an SSL Certificate:

• Secure your web site
• Debrand LuxSci WebMail with your own secure domain
• Access secure email services via your own secure domain

Encrypt your service traffic via secure tunnel:

• Add another layer of security to your SSL connections
• WebMail, POP, IMAP, SMTP, web/database access
• SecureForm posts, SecureLine Escrow, SecureSend access
• Restrict your account to VPN access only

Secure long-term message archival:

• Immutable, tamperproof email retention with audit trails
• No system requirements — minimal setup, even less upkeep
• Realtime archival of all inbound and outbound messages
• Works anywhere — even with non-LuxSci email hosting

Free data backups included with all email hosting accounts:

• Automatic backups of all email, WebAides, web/database data
• Seven daily backups and up to four weekly backups
• Unlimited restores included at no additional cost
• Custom backup schedules for dedicated servers

Automate your email management:

• Save messages to specific folders or to LuxSci WebAides
• Advanced text scanning with regular expressions
• Tag messages, alter subject lines, or add custom headers
• Filter by message charset, type, TLS status, DKIM status
• Chain filters together for even more complex actions

• Bulk add and edit users, aliases and more
• Control sharing and access globally or on a granular level
• Delegate user roles through permissions
• Configure account-wide taglines, sending restrictions, and more
• Remotely administer account via SOAP API

Share, collaborate, organize, synchronize:

• Calendars, Contacts, Documents, Notes, Widgets, Workspaces
• Fine-grained access control and security
• Access anywhere via secure web portal or smartphone
• Save over solutions like Microsoft Exchange

Free folder sharing for all email hosting accounts:

• Share mail folders with other users in your account
• Subscribe to only the folders you want to see
• Set read-only or read-write access control
• View all personal and shared folders via unified web interface

Color code and label your email messages:

• Define and assign multiple IMAP keywords to each message
• Filter, search, and sort by tags
• Compatible and synchronizes with any IMAP email client
• Also usable with WebAide entries