Updated to 1.14
and compatible with ImpressCMS 220.127.116.11
The main function of this module is to protect your account in the event that your regular password is compromised, for example, because you logged in over an open wireless network and someone was packet sniffing. It will not protect you against any other security risk.
The Yubikey module prevents user accounts from being hijacked if their password is compromised by mandating 2-factor authentication with a Yubikey hardware token. To login to a Yubikey-enabled account you are required to provide both i) your regular account password, and ii) a one-time password from a Yubikey associated with your account. As its name suggests, a one-time password is only good for one session, as soon as you login it becomes useless.
Sadly, Yubikeys are not free (US$25) but they are pretty much the cheapest hardware token around and have been positively reviewed. Unlike RSA tokens, you can flash in a new encryption key if you are feeling paranoid, and there are also a few open-source Yubikey validation server projects available if you feel the need to set up your own. Yubikeys can be used with a variety of other software and services including Truecrypt, Password Safe, Google Apps (paid edition) and LastPass.http://yubico.com/yubikey