Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 1:40 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 6 posts ] 
Author Message
PostPosted: Mon Feb 15, 2016 10:08 pm 
Offline

Joined: Mon Feb 15, 2016 9:35 pm
Posts: 9
Hey guys

So I just got my Yubikey NEO and configured some basic stuff.
Got the random key thing on slot1 and a static passcode on the second.

I use these to get on GitHub and the static for all other applications that don't support the Yubikey directly.
Also, I tried the NFC feature together with the Yubiclip app.

On my smartphone I can log into github by using the google authenticator app when I tap it on the key.
I suspect this uses the functionality on slot 1. (since I always got a random key in Yubiclip too)

I there any possible way I can also use the static passcode at the same time?
Otherwise I couldn't login into facebook and other application where I would use a static key.

I'm sorry if this is a chaotic post but I'm looking into this for a while now.


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Wed Feb 17, 2016 2:00 am 
Offline
Yubico Team
Yubico Team

Joined: Thu Oct 16, 2014 3:44 pm
Posts: 349
viewtopic.php?f=26&t=2093&p=8004&hilit=NDEF#p8004

The behavior changes depending on what application is open at the time on your phone. If Yubico Authenticator is open, tapping the NEO will use Yubico Authenticator. By default, tapping the NEO when you are outside of Yubico Authenticator should open a browser window and authenticate your Yubico OTP (because the default NDEF settings are to send Slot 1, not Slot 2, which is blank by default). You can change the NDEF settings to slot 2 by using the Personalization Tool (Tools > NDEF Programming). You can also install the YubiClip app, available on the Google Play Store. This will capture the incoming NDEF string to the clipboard and allow you to paste it into any text field on your phone.


Top
 Profile  
Reply with quote  
PostPosted: Wed Feb 17, 2016 5:58 pm 
Offline

Joined: Mon Feb 15, 2016 9:35 pm
Posts: 9
ChrisHalos wrote:
http://forum.yubico.com/viewtopic.php?f=26&t=2093&p=8004&hilit=NDEF#p8004

The behavior changes depending on what application is open at the time on your phone. If Yubico Authenticator is open, tapping the NEO will use Yubico Authenticator. By default, tapping the NEO when you are outside of Yubico Authenticator should open a browser window and authenticate your Yubico OTP (because the default NDEF settings are to send Slot 1, not Slot 2, which is blank by default). You can change the NDEF settings to slot 2 by using the Personalization Tool (Tools > NDEF Programming). You can also install the YubiClip app, available on the Google Play Store. This will capture the incoming NDEF string to the clipboard and allow you to paste it into any text field on your phone.


Alright but long story short, I can only make the the NFC emmit 1 of the 2 configurations.
So there isn't any way I can emmit both without altering the NDEF Programming each time.

If this is the case then I guess my question is solved. (even though I'm a bit disappointed :( )


Top
 Profile  
Reply with quote  
PostPosted: Wed Feb 17, 2016 6:16 pm 
Offline
Yubico Team
Yubico Team

Joined: Thu Oct 16, 2014 3:44 pm
Posts: 349
No, there is no internal battery in the YubiKey NEO (any of our devices, for that matter, at the time of this post). We obviously differentiate between Slot 1 and Slot 2 over USB by short press and long press. The YubiKey doesn't receive power from the phone so the button cannot be used; hence, only one of the configuration slots can be used without reprogramming using the Personalization Tool.

Over NFC:

* You can use only 1 of the 2 configuration slots

* You can use Yubico Authenticator with the YubiOATH applet

* You can use the PIV applet for smart card login to a computer, using an USB/NFC reader (obviously requires domain environment, PKI environment set up)

* You can use the OpenPGP applet with OpenKeychain

* You can use U2F with Google Authenticator

Basically, the 1 of 2 configuration slots is the only real limitation over NFC.


Top
 Profile  
Reply with quote  
PostPosted: Mon Feb 22, 2016 11:15 pm 
Offline

Joined: Mon Mar 02, 2015 9:39 pm
Posts: 27
Quote:
You can use the PIV applet for smart card login to a computer, using an USB/NFC reader (obviously requires domain environment, PKI environment set up)


A naive question: since Yubikey is a USB device, why would I use a USB/NFC reader rather than just plugging the Yubikey itself into the available USB slot?

The main advantage of NFC seems to be its ability to communicate with devices (such as Android phones) that do not offer (easy access to) USB ports. But there is no Android application that can reach PIV applet via NFC. :-(

For OpenPGP indeed OpenKeychain works very nicely.


Top
 Profile  
Reply with quote  
PostPosted: Tue Feb 23, 2016 1:30 am 
Offline
Yubico Team
Yubico Team

Joined: Thu Oct 16, 2014 3:44 pm
Posts: 349
@ Uri - Of course if you have access to a USB port, it doesn't make sense to use it over NFC. We had a customer ask if it was possible to use an NFC reader to log into a Windows PC with PIV. I confirmed it worked (domain joined, Windows 10). I'm not sure what their use case was, but I imagine it had to do with limited USB port access for employees.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 6 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: Heise IT-Markt [Crawler] and 9 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group