Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 9:16 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 9 posts ] 
Author Message
PostPosted: Tue Oct 21, 2014 2:49 pm 
Offline

Joined: Mon Sep 23, 2013 2:12 pm
Posts: 4
Dear all,

After todays Google U2F news I would really like to replace my old Neo with a new one. However, I have almost a dozen credentials stored via Yubico Authenticator app and it would be a royal pain to add them all manually. This may be a bit unorthodox, but is there a way to export/import Authenticator settings?


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Tue Oct 21, 2014 5:10 pm 
Offline

Joined: Wed May 09, 2012 9:35 pm
Posts: 45
If there was a way, it would defeat the purpose!


Top
 Profile  
Reply with quote  
PostPosted: Tue Oct 21, 2014 9:14 pm 
Offline
Yubico Team
Yubico Team

Joined: Mon Jul 23, 2012 9:59 pm
Posts: 27
Morphlin wrote:
If there was a way, it would defeat the purpose!


That's correct - The YubiKeys were designed not to give up their secrets to anyone.

You might want to consider a gradual transition, using both NEOs with as many sites or services as possible, until your U2F NEO is your primary YubiKey. You can then store your older NEO in a safe location as use it as a backup in the event your primary U2F NEO is lost or stolen.

_________________
-David Maples
Yubico Senior Solutions Engineer
http://www.Yubico.com


Top
 Profile  
Reply with quote  
PostPosted: Wed Oct 22, 2014 9:33 am 
Offline

Joined: Mon Sep 23, 2013 2:12 pm
Posts: 4
Ok, thank you for your replies!

I guess I may have to use two keys for a while anyway before OTP+U2F mode is more widely available.


Top
 Profile  
Reply with quote  
PostPosted: Wed Oct 22, 2014 5:18 pm 
Offline

Joined: Wed Oct 22, 2014 5:16 pm
Posts: 5
When I transitioned from Google Authenticator to using my Neo for OAUTH, it took me less than an hour to transition the 10 or so sites I use - simply log into the site, disable two factor, reenable it, and store the new secret in the Yubikey.

You can also take the opportunity during this process to back-up the secret in a secure location, and/or add it to the second Yubikey for redundancy.


Top
 Profile  
Reply with quote  
PostPosted: Fri Oct 24, 2014 9:15 am 
Offline
User avatar

Joined: Thu Oct 23, 2014 1:22 pm
Posts: 5
pyry wrote:
I guess I may have to use two keys for a while anyway before OTP+U2F mode is more widely available.


Only received my NEO yesterday, but updated to OTP+U2F+CCID and it's working exactly as expected with Yubico Authenticator on my LG G3 phone and U2F enabled on my main Gmail account... very pleased :D

Binky


Top
 Profile  
Reply with quote  
PostPosted: Sat Oct 25, 2014 5:04 pm 
Offline
User avatar

Joined: Thu Mar 20, 2014 12:52 am
Posts: 15
Once he migrates those logins to the new YubiKey, how would he be able to use his old YubiKey as a backup? The new YubiKey uses different private keys and each site would be different, ie the old logins wouldn't work anymore. Right?


Top
 Profile  
Reply with quote  
PostPosted: Sat Nov 01, 2014 11:45 pm 
Offline

Joined: Wed May 09, 2012 9:35 pm
Posts: 45
Right, so when he will add the new OATH seeds to the new Yubikey, he should erase the ones on the old Yubikey and also add the new OATH seeds to the old Yubikey.

I would not use two NEOs but it really is a personal choice.


Top
 Profile  
Reply with quote  
PostPosted: Sun Nov 02, 2014 3:15 am 
Offline

Joined: Sat Mar 22, 2014 4:45 am
Posts: 12
I planned ahead for something like this, just in case something went nutty with my NEO or I eventually got a second one. I just didn't trust it at first, but that faded quickly.

Anyhow, when I set up my authenticator accounts I kept all of my modhex secrets secured offline in the event of badness or weirdness. When my new NEO arrived I just sat down with the desktop app and plugged in my 10 or so accounts over the course of a couple minutes. It really went by fast. I know Google and some other accounts give you burn code sheets to print and keep safe. I keep those squirreled away as well. Then there's also the binder full of paper backups just in case something happens to the digital stuff.

It's not that I'm paranoid, but I kinda am.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 9 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: YahooSeeker [Bot] and 7 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group