| Yubico Forum https://forum.yubico.com/ |
|
| What kind of NFC authentication is used? https://forum.yubico.com/viewtopic.php?f=26&t=2433 |
Page 1 of 1 |
| Author: | otacon507 [ Tue Sep 20, 2016 1:20 am ] |
| Post subject: | What kind of NFC authentication is used? |
Hey, new to crypto here. First of all, I set up my slot 2 for custom OATH-HOTP password(s) and I am loving it. It would seem that config 1 has OTP set up because pressing the button (short) does generate different passwords with the same leading public identity seed. This may be a silly question, but 'where' is the NFC configuration stored, and what kind of authentication options do I have for NFC? It would seem that, according to the documentation, it is the NDEF programmed, and these can be programmed over slot 1 or 2 without overwriting the other programming in that slot? I would like to use it for my Android login but not if it uses insecure methods such as smartlock. I also don't want to reprogram any NDEF settings that will lock me out of YubicoAuthenticator.. Thanks for your time |
|
| Author: | ChrisHalos [ Wed Sep 21, 2016 9:26 pm ] |
| Post subject: | Re: What kind of NFC authentication is used? |
NDEF settings are really only used to change between slot 1 and slot 2 for the default NFC behavior. You can't actually mess up a credential by using the NDEF programming option in the YubiKey Personalization Tool. Yes, Slot 1 is Yubico OTP by default (LastPass is the most popular consumer use-case here). If you don't need Yubico OTP for anything, you can always delete this credential and program something else here. NFC use possibilities: *Slot 1 or Slot 2 (Slot 1 is default over NFC, but this can be changed to Slot 2 with NDEF Programming - just be wary that depending on the credential, you generally need something on the Android side that knows what to do with the received text. OATH-HOTP, for example, you'd want YubiClip to grab the text and you can paste it into wherever you need to use it.) *Yubico Authenticator *PIV (only seen this work with USB NFC readers on Windows - haven't seen anything over Android that can use this, but I wouldn't be surprised if it exists already) *OpenPGP (OpenKeyChain) *U2F (requires Google Authenticator to handle the operation) The tricky thing is going to be with the first four options listed above, if you use more than one. Android's handling of NFC apps is a bit odd, although I'm not sure what alternative behavior would be preferable. If you haven't set an app to be the default NFC app, you essentially get a popup every time you scan the NEO asking which app you want to use to open. Unfortunately you need to select each time. The alternative would be to set the option for always using an app to perform the action. Obviously this would be a problem because then you can't use the other features. If this option is selected and you decide to add another later, you have to go into Settings > Apps, find that app that is now the NFC default, and clear the default permissions there. This is a general option in Android, but I'm sure there are at least a couple of phone manufacturers that implement their own custom behavior here. I have had HTC for my past couple of phones, and in my experience they don't mess with the default Android behavior for NFC. |
|
| Page 1 of 1 | All times are UTC + 1 hour |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|