Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 12:55 pm

All times are UTC + 1 hour




Post new topic This topic is locked, you cannot edit posts or make further replies.  [ 11 posts ]  Go to page 1, 2  Next
Author Message
PostPosted: Tue Oct 21, 2014 5:02 pm 
Offline

Joined: Tue Oct 21, 2014 4:36 pm
Posts: 1
Hello,
I purchased a YubiKey NEO almost a year ago. I was wondering what the process was to get U2F installed on my NEO?

Thanks


Top
 Profile  
 

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Tue Oct 21, 2014 6:09 pm 
Offline
Yubico Team
Yubico Team

Joined: Thu Oct 16, 2014 3:44 pm
Posts: 349
This document describes in detail how to enable U2F on your YubiKey NEO:

https://www.yubico.com/wp-content/uploa ... ey-NEO.pdf

Paraphrased:

You will need to download the YubiKey NEO Manager, found here:

NEO Manager for Windows: http://yubi.co/NEOMgrWin
NEO Manager for OSX: http://yubi.co/NEOMgrMac
NEO Manager for Linux: http://yubi.co/NEOMrgLux

After installing the YubiKey NEO Manager application, run the program as an administrator and click on the "Change connection mode" button. You will need to select U2F here and press "OK." The application will ask you to remove your device and re-insert. At this point, you should be able to test U2F functionality at http://demo.yubico.com/u2f.

Edit: David is correct, I apologize - U2F is only supported on the newer NEO devices.


Top
 Profile  
 
PostPosted: Tue Oct 21, 2014 6:24 pm 
Offline
Yubico Team
Yubico Team

Joined: Mon Jul 23, 2012 9:59 pm
Posts: 27
You will need a YubiKey NEO with firmware version 3.3 or above to support U2F - that firmware was released at the end of September 2014. Older YubiKey NEOs which do not support U2F will be indicated by the NEO Manager tool, and cannot be upgraded to the newer firmware. The firmware of all YubiKeys is locked down to prevent attacks against the YubiKey directly, like the BadUSB attack.

_________________
-David Maples
Yubico Senior Solutions Engineer
http://www.Yubico.com


Top
 Profile  
 
PostPosted: Tue Oct 21, 2014 9:25 pm 
Offline

Joined: Tue Oct 21, 2014 9:20 pm
Posts: 2
Tried doing this today but the program never asks me to re-insert the key, and never changes from OTP to U2F. Can't even enable CCIP.

This is on Windows 8-64 btw. Have been unable to build the linux version. It was possible to rename the key though. Made no difference it the program was run as administrator, or in compatibility modes.

Trying to run the linux version, and it complains with:

Code:
AttributeError: /usr/bin/python: undefined symbol: ykneomgr_check_version


Top
 Profile  
 
PostPosted: Tue Oct 21, 2014 9:46 pm 
Offline

Joined: Tue Oct 21, 2014 9:20 pm
Posts: 2
Managed to get it to change to U2F on windows. Problem was password protected configurations. Removing the protection solved the issue.

You should change so the program informs the user of this limitation, instead of remaining completely silent.


Top
 Profile  
 
PostPosted: Tue Nov 11, 2014 3:53 pm 
Offline
User avatar

Joined: Tue Nov 11, 2014 3:29 pm
Posts: 5
Location: Plano,TX
David wrote:
You will need a YubiKey NEO with firmware version 3.3 or above to support U2F - that firmware was released at the end of September 2014. Older YubiKey NEOs which do not support U2F will be indicated by the NEO Manager tool, and cannot be upgraded to the newer firmware. The firmware of all YubiKeys is locked down to prevent attacks against the YubiKey directly, like the BadUSB attack.


@David, I understand the firmware is locked down to prevent attacks but YubiCo needs to find a better/safer way to get latest firmware (i.e. sending it to you for update) or at least provide other alternatives like discount on new one. You can't expect everyone to throw away the key and buy a new one every time an update to firmware is released, do you?. It is not like it is cheap you can throw it away, I paid $50+10 for my neo (firmware 3.1.2) and I am sure everyone like me who has neo with firmware < 3.3 is pretty mad because we can't use it as a Google Security Key :evil:. Please provide us a better alternative instead of simply saying buy a new one --- not a good business model for a hardware vendor!


Top
 Profile  
 
PostPosted: Tue Nov 11, 2014 6:41 pm 
Offline

Joined: Tue Mar 05, 2013 12:53 pm
Posts: 17
@aselvan They are happy if you will buy next and next and next key ;-)
Of course you're right. Especially that they said that YubiKey is undestructible and may works almost forever.


Top
 Profile  
 
PostPosted: Thu Nov 27, 2014 4:00 am 
Offline

Joined: Thu Nov 27, 2014 3:43 am
Posts: 1
aselvan wrote:
David wrote:
You will need a YubiKey NEO with firmware version 3.3 or above to support U2F - that firmware was released at the end of September 2014. Older YubiKey NEOs which do not support U2F will be indicated by the NEO Manager tool, and cannot be upgraded to the newer firmware. The firmware of all YubiKeys is locked down to prevent attacks against the YubiKey directly, like the BadUSB attack.


@David, I understand the firmware is locked down to prevent attacks but YubiCo needs to find a better/safer way to get latest firmware (i.e. sending it to you for update) or at least provide other alternatives like discount on new one. You can't expect everyone to throw away the key and buy a new one every time an update to firmware is released, do you?. It is not like it is cheap you can throw it away, I paid $50+10 for my neo (firmware 3.1.2) and I am sure everyone like me who has neo with firmware < 3.3 is pretty mad because we can't use it as a Google Security Key :evil:. Please provide us a better alternative instead of simply saying buy a new one --- not a good business model for a hardware vendor!


+1!

Fully understand the security risks, but VERY disappointed that Yubico is NOT providing a reasonable upgrade path for earlier Neo customers. Certainly made me much more skeptical of Yubico's customer support. Glad I'm not the only person who is quite peeved by Yubico's policies in this regard.


Top
 Profile  
 
PostPosted: Wed Jan 14, 2015 9:49 pm 
Offline

Joined: Thu Sep 03, 2009 5:15 am
Posts: 3
What if we mailed in our current/existing Yubikey falvor for a discount? Yubico, the company, can either re-sell them at discounted prices to those that do not want/need updated hardware or destroy them, and we get a discount towards the updated hardware we need? Fair?

~TechStud
Ontario, Canada


Top
 Profile  
 
PostPosted: Thu Jan 15, 2015 8:21 pm 
Offline

Joined: Tue Nov 18, 2014 9:14 pm
Posts: 95
Location: San Jose, CA
If your yubikey has a serial number that has the known management keys (i.e.: the serial number is larger than 3000000 and not between 2624253 to 2624449 and 2624801 to 2625499), I'll buy it from you for the cost of a new yubikey neo.

Send me a PM if you are interested.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic This topic is locked, you cannot edit posts or make further replies.  [ 11 posts ]  Go to page 1, 2  Next

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 0 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group