Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 12:45 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 5 posts ] 
Author Message
 Post subject: New user questions
PostPosted: Sun Jan 29, 2017 12:36 am 
Offline

Joined: Sun Jan 29, 2017 12:26 am
Posts: 3
Questions. My Yubikeys (4.3.3) are set up slot 1 with Amazon authentication (using the Yubico Authenticator) and slot 2 with my password safe protection. Everything works fine.

1. Can I still put OTP or a static password in either of the slots along with what’s there now without disturbing anything?
2. After having set everything up can I add password protection to the key configuration without disturbing what's there?


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

 Post subject: Re: New user questions
PostPosted: Sun Jan 29, 2017 1:05 am 
Offline
Yubico Team
Yubico Team

Joined: Thu Oct 16, 2014 3:44 pm
Posts: 349
With a YubiKey 4 you shouldn't be storing OATH secrets in the slots, they should be stored in the OATH applet (if you didn't change any of the Yubico Authenticator preferences, they stored your Amazon OATH credential to the OATH applet, not to slot 1). Slot 1 is the Yubico OTP credential that is pre-programmed on all YubiKeys (44-character password beginning with "cccccc").

1) Do, definitely not in slot 2, you programmed the Challenge-Response credential. You can only have one credential per slot. To be clear, the 2 slots are what you can program using the YubiKey Personalization Tool. Slot 1? Maybe. If you want to overwrite the Yubico OTP credential that is pre-programmed there, or if you did in fact store your Amazon credential there, you don't want to try overwriting it with a static password.

2) Yes, you can set a configuration protection access code after the fact with the Personalization Tool. Set it under "Settings", then click "Update Settings", select the configuration slot, and click "Update." Make sure you write the access code down somewhere safe. You will not be able to make changes to that slot in the future if an access code is set and you forget it (there is no way to bypass this or "reset" the YubiKey).


Top
 Profile  
Reply with quote  
 Post subject: Re: New user questions
PostPosted: Sun Jan 29, 2017 4:01 am 
Offline

Joined: Sun Jan 29, 2017 12:26 am
Posts: 3
Ok. I understand. I didn't overwrite the OTP credential as far as I know, just had slot 1 checked when the Authenticator set up Amazon. Thanks very much.


Top
 Profile  
Reply with quote  
 Post subject: Re: New user questions
PostPosted: Sun Jan 29, 2017 7:22 am 
Offline
Yubico Team
Yubico Team

Joined: Thu Oct 16, 2014 3:44 pm
Posts: 349
If you're adding a credential to the YubiKey with Yubico Authenticator and you get a slot 1 and/or slot 2 option, that means the option has been set to "read from slot 1" / "read from slot 2." If you selected slot 1 in this case, yes your Yubico OTP credential has been overwritten. The default setting is to not read from slot 1 or slot 2, so on a YubiKey 4 or YubiKey NEO when you add a credential, it's only adding to the OATH applet.

Pretty easy to tell if the slot 1 credential has been overwritten. Open a text editor and press the button on the 4/NEO. If you don't get a 44-character OTP, the credential is gone.


Top
 Profile  
Reply with quote  
 Post subject: Re: New user questions
PostPosted: Mon Jan 30, 2017 9:29 pm 
Offline

Joined: Sun Jan 29, 2017 12:26 am
Posts: 3
Chris, thanks. I still have the OTP since pressing the key gives me the long code.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 5 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 5 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group