Yubico Forum

I can't seem to program the slot that I have YubiTOTP loaded in as the default NDEF slot. I've tried using static text, swapping slots, etc.

This would help in bypassing the manual method of activating the YubiTOTP for Android app (or widget, which defaults to the user-selected slot) to query the YK Neo. (Problem with the widget is that you have to touch it, then READ the OTP and type it in. YutiTOTP app lets you copy to the clipboard only if you run it as a full-screen app. )

Now you have a handy dandy YubiCLIP app which will just copy the NDEF OTP to the clipboard on detection. But it only seems to work with the default NDEF slot. => I can't program the TOTP slot for NDEF in the Personalization tool, so an automatic "copy to clipboard" action on touching the YK Neo to the NFC reader isn't possible with my own org's OTP. [1]

Seems that if you could combine the YubiCLIP and YubiTOTP functionality, declaring which slot to query, then touching the Neo to the NFC reader would let someone quickly auth. (Given: Android has a bug that if you paste the clipboard to a field with text, it inserts a space. You have to paste the OTP in FIRST, then tap to the beginning of the field to type in your PIN. Minor annoyance.)

Unfortunately, this stops me from using my Neo as a regular OTP tool at work. I'd like to also program the non-NDEF slot for our HOTP token, but need it to get into these forums.

Any suggestions or help as to my steps to enable this are faulty.

[1] Before anyone argues that this would make authentication automatic for an unauthorized user, know that in my TOTP implementation, a PIN is required. Most applications require user/passwd/otp for two-step auth. The default Neo key appears to unlock LastPass without any other auth, so let's not beat down the use case with paranoia.

right now is not doable there are some technical challenges to make it "usable".

However we have some consideration around it and something may come out on this regard in the near future.

_________________
-Tom

That's encouraging news, Tom. Thanks. I'm happy to Beta test, since our last (2nd) group order at my office, there've been 1-2 smaller group orders. The appeal of the Nano has been growing, and interest in the Neo use case for mobiles gains more mindshare every day. There's a LOT of mobile use here, and our major internal tools now use LinOTP OATH (HOTP or TOTP) to auth.

Am I going about it wrong? Should I be able to program a HOTP token in the NDEF slot, and read only the token? (I thought I'd dismissed that before. )

Hi,

I am not sure i get you. If you want to store HOTP credential on the NEO and then emit them via NFC yes, you can do that by selecting the right configuration slot in the NDEF programming tools.

i.e.

i configure HOTP on my slot 2 of my Yubikey and then:

_________________
-Tom

Ah-ha-ha. Previously my org's HOTP tokens wouldn't work with the Yubico Yubikey Neo Demo app, only your custom token was read. I gave up on that. ... YubiTOTP was a work around that would display or copy-to-clipboard our TOTP token on detection.

Now Yubico's Yubiclip app for Android will read my org's HOTP token (SHA-1, 6-digit) to the clipboard, which is part of the equation I've wanted. (Still work to be done. We have users who may want to DISPLAY the token, for transcription to a PC, shared terminal, etc. Some users might want the choice of "use" like your Demo app offers. )

Our organization will be at AUScert 2014 (Brisbane) this spring, giving a presentation on setting up open source two-factor auth in the enterprise, soup to nuts, with live demonstrations using tools including Yubikeys. Please look us up.

Now if only the Neo could support 4K GPG keys....