Yubico Forum https://forum.yubico.com/ |
|
VIP on a NEO https://forum.yubico.com/viewtopic.php?f=26&t=1617 |
Page 1 of 2 |
Author: | darco [ Fri Nov 21, 2014 6:17 pm ] |
Post subject: | VIP on a NEO |
Hypothetically... If I were to post instructions on how anyone could get a unique HOTP (not TOTP) VIPAccess credential onto slot 2 of a YubiKey NEO, would that upset Symantec or Yubico? |
Author: | brendanhoar [ Fri Nov 21, 2014 6:39 pm ] |
Post subject: | Re: VIP on a NEO |
darco wrote: Hypothetically... If I were to post instructions on how anyone could get a unique HOTP (not TOTP) VIPAccess credential onto slot 2 of a YubiKey NEO, would that upset Symantec or Yubico? I sure hope not. One less key to carry would be nice. B |
Author: | DavidW [ Fri Nov 21, 2014 8:39 pm ] |
Post subject: | Re: VIP on a NEO |
It's a shame that Yubico have not produced a VIP Yubikey in any format other than Standard. I'd be interested in an official "Neo VIP", which I know has been discussed before. I guess there must be a per device fee to Symantec, otherwise there would be no reason not to put a VIP credential in slot 2 of new Neo and Neo-n devices that the user has the option of replacing with something else if they have no use for VIP. You'd have to get hold of the secret of an existing VIP credential to VIP enable an existing Neo. I'm not sure how the VIP Access app for Android works - is the secret held on the device or is each OTP requested from a Symantec server? If the app holds its own secret, I guess it's possible to get hold of that secret by installing the VIP Access app on a rooted Android device or device simulator. It may be that the install has to go on an unrooted device that you then root, as many apps with a security function refuse to install on an rooted device. If this is what is being thought of, it doesn't feel like a particularly 'clean' route to get hold of a VIP secret. Yubico - there is still interest in an official "Neo VIP". As it is, I have a Neo and a VIP on my credential keyring, when I'd prefer one device. |
Author: | darco [ Fri Nov 21, 2014 9:44 pm ] |
Post subject: | Re: VIP on a NEO |
Just extracting the key from an android device won't do you any good because that credential would be configured as a TOTP credential, and if you want your yubikey neo to act like a yubikey vip then you need a HOTP credential. (You could, however, use the Yubikey OATH app with the TOTP credential, but then you need the Yubico Authenticator app) Anyway, don't be too concerned about the feasibility: I'm using my NEO as a HOTP VIP credential right now and it works beautifully. What I'm wondering is if me posting how I did it (maybe even making a tool to make it super easy to set up) is going to upset Symantec or Yubico. I don't want to burn any bridges. |
Author: | SkullKill [ Wed Feb 11, 2015 6:54 am ] |
Post subject: | Re: VIP on a NEO |
i can confirm that Symantec VIP access works fine on Yubico Authenticator app using TOTP. it works really well. |
Author: | WWW [ Sun Feb 22, 2015 6:15 am ] |
Post subject: | Re: VIP on a NEO |
SkullKill wrote: i can confirm that Symantec VIP access works fine on Yubico Authenticator app using TOTP. it works really well. Can you please share your method? I would really appreciate it |
Author: | WWW [ Sun Feb 22, 2015 6:15 am ] |
Post subject: | Re: VIP on a NEO |
darco wrote: Hypothetically... If I were to post instructions on how anyone could get a unique HOTP (not TOTP) VIPAccess credential onto slot 2 of a YubiKey NEO, would that upset Symantec or Yubico? Can you also please share (feel free to post it here or PM me) your method? I would really appreciate it |
Author: | WWW [ Wed Mar 18, 2015 3:57 am ] |
Post subject: | Re: VIP on a NEO |
I figured out how to use Yubikey NEO with paypal/eBay. Just use this to generate token and setup in NEO like you would do for any other TOTP token. https://github.com/cyrozap/python-vipaccess |
Author: | djinn [ Tue Jun 30, 2015 1:30 am ] |
Post subject: | Re: VIP on a NEO |
I don't suppose anybody figured out how to get this working as HOTP and is willing to share? |
Author: | spble [ Sun Sep 27, 2015 3:33 pm ] |
Post subject: | Re: VIP on a NEO |
WWW wrote: Thanks WWW, I managed to get this working with PayPal (which uses Symantec VIP) For those who aren't too sure how this is to be done, you simply install the vipaccess program and run it. PIP is the best way to do this (google how to install python's pip packages for your OS) It will output a URL which contains a new "Serial Number" and secret, then show you a QR code of this. You simply set it up the same way you would for any normal google authenticator type app, but you specify your own serial number. |
Page 1 of 2 | All times are UTC + 1 hour |
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |