Yubico Forum https://forum.yubico.com/ |
|
[QUESTION] Yubikey Intercepted during transport https://forum.yubico.com/viewtopic.php?f=35&t=2760 |
Page 1 of 1 |
Author: | wires [ Sat Oct 21, 2017 11:58 am ] |
Post subject: | [QUESTION] Yubikey Intercepted during transport |
I ordered a Yubikey and it clearly has been used before arriving at my mailbox. Q1. What are the security implications of this? Q2. Is it possible to completely factory reset the key, ideally even giving it a new serial number? |
Author: | ChrisHalos [ Sun Oct 22, 2017 8:45 pm ] |
Post subject: | Re: [QUESTION] Yubikey Intercepted during transport |
First, the obvious answer is "return it." Amazon purchase? I've seen this many times, Amazon fulfillment doesn't always send returned devices to us, some making their way back into stock. How do I reset my YubiKey to factory defaults? This is not possible. The only credential that comes pre-programmed on the YubiKey is Yubico OTP in slot 1 (Note: not available on the FIDO U2F Security Key). This credential is counter-based, so it cannot be restored if deleted. If a YubiKey changes ownership, there is no security concern for the second owner with regards to the factory programmed Yubico OTP credential, as once an OTP is generated and authenticated (you can do this on demo.yubico.com), then any previously generated OTPs are invalidated. Additional Tips: U2F No changes can be made to the U2F function of the YubiKey / Security Key. The U2F credentials can only be removed from the service-side, not the client-side. For more information, refer to Yubico’s U2F Key Generation page on developers.yubico.com. Slot 1 / Slot 2 Credentials in slot 1 and slot 2 can simply be deleted using the YubiKey Personalization Tool. Note: If a configuration protection access code was set on either slot, the credential for that slot cannot be removed or replaced - there is no way to bypass a configuration protection access code other than providing the current access code when attempting to make changes to that slot. OATH / Yubico Authenticator Either delete all credentials manually through the Yubico Authenticator interface (and remove the password if one is set using File menu > Set/Change password) or reset the OATH applet from the Yubico Authenticator app. PIV Follow the reset instructions on Yubico’s website using either Yubico PIV Tool or YubiKey PIV Manager. OpenPGP Follow the reset instructions on Yubico’s website. Note: The “Prerequisites” section can be ignored on any modern YubiKey (any YubiKey 4, YubiKey 4 Nano; YubiKey 4C, YubiKey 4C Nano, YubiKey NEO or YubiKey NEO-n sold since May 2015). |
Page 1 of 1 | All times are UTC + 1 hour |
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |