Yubico Forum

I think I remember reading before about someone not liking the static password, but I would tend to agree. I know the static password can be set to 64 characters, but why is it that only the first 6 characters are the only ones that seem to change in terms of upper case? All of the rest of the 58 letters are always in lower case. Is that some kind of limitation of Yubikey?

In my opinion there should be a larger mix of upper and lower case letters... not just within the first 6 characters, and even then only 2 of them are ever in upper case. Plus the special character used, is always the ! and its always the first digit.

I also think there should be more special symbols/characters used through the entire password. Even adding some periods (.) would be fine.

But this is just my opinion.

That's the only thing I dislike about the Yubikey, it's weird static password creation.

This is the type of password I would want: /WdQ@zWtN2z<Q>zM4cZh&BxA;w)m#5bJqY?L;tC(N$7nUySg&f?EaJtCr$7A5&J#

Agree on that. It would be feasible to have this randomized over the whole string. As the capital letters and numbers are used in the first bytes, they shoud be in the latter.


The limitation is done to maintain compatibility for different keyboard layouts (IIRC). It would be nice if a longer password could be stored in the next version of the keys. Maybe there are improvements in the future: viewtopic.php?p=2242#p2242

bye, p0lar

I also agree on that.

From New Member:
Can the static password contain symbols like #$%^~?
I prefer to include symbols with my password.
I want to load a pre-existing static password with symbols + alpha numeric characters, upper and lower case.
In other words: I would like to manually enter a pre-existing password I already use.
Have it stored for Key entry. I would only use this Yubi key for a specific password.

I just want a simple mechanism to bypass the keyboard since entering a key like this is bothersome,
and sometimes I can not just cut and paste.

I still plan on using other Yubi keys for LastPass etc.

Is the maximum number of characters 64 with a static password?

Thanks

YubiKey 2.X has two configuration slots. When the YubiKey 2.X is shipped, it's first configuration slot is factory programmed for OTP mode (which works with online Yubico OTP validation server) and the second configuration slot is left blank i.e. not programmed. The two configuration slots of the YubiKey work independently and each can be independently reconfigured into OTP or static password mode.

If you touch and hold the YubiKey button between 1-3 seconds before releasing, the first configuration slot will emit the password (based on slot 1 configuration). And if you touch and hold the YubiKey button about 4-5 seconds before releasing, the second configuration slot will emit the password (based on slot 2 configuration). In case if you happen to touch and hold it longer for more than 5 seconds, the touch button indicator will flash rapidly without emitting any password.

You can use the latest Yubico configuration utility to reprogram the second configuration slot of your YubiKey. That will allow you to use your first configuration slot with Yubico servers and the second slot for your other purposes ( requiring static password configuration) .The latest Yubico configuration utility and the user guide can be downloaded from the following link:

http://www.yubico.com/personalization-tool

Please remember to select the second slot when reconfiguring your YubiKey.

YubiKey 2.x can be reprogrammed for two types of static password modes, first is long static password mode and other is scan code mode.

1) Long static password mode:

The latest YubiKey 2.x provides an interesting feature called "Strong password policy" where we can program the YubiKey to generate very long static passwords (up to 64 characters) with upper, lower case letters, numbers and an "!" special character. We need to use the new Yubico configuration utility to utilize this feature.

For using this feature follow the steps given below:


1) Select the "Create a static YubiKey configuration (password mode)" from the Select task screen
2) Choose either "Basic" or "Advanced" mode and select the appropriate number of characters
3) Provide the appropriate values for corresponding parameters (You can also generate random values for these parameters by either selecting Randomize or Fixed value and clicking on "Single rand" button)
4) From the "Specify output parameters" screen, select the options provided under the "Strong password policy" and program the second configuration slot of your YubiKey.


Selecting all the options of the "Strong password policy" will result in the generation of a similar static password as given below:

!2VUr4jlkkcrdfkvvetgebluutccubjieblkruculrijglgejdn

Please also note that the static password emitted from the YubiKey when configured in "Basic", "Advanced" and "Fixed input" static YubiKey configuration mode cannot be set by the user. The Static password is generated as a result of an encryption function involving the AES key and YubiKey parameters. This password can be of up to 64 characters.

2) Scan code mode:

You can use the "Scan code mode" feature available under the static YubiKey configuration of the YubiKey configuration utility to program the YubiKey 2.0 to emit your own password (of up to 16 characters in YubiKey 2.1.2 and up to 38 characters in YubiKey 2.2) containing alphanumeric characters.

For programming the YubiKey for "Scan code mode", follow the steps given below:


1) Select the "Create a static YubiKey configuration (password mode)" from the Select task screen
2) Select the "Scan code mode" option
3) In the same screen enter your desired password in the "Scan code input" field
4) From the "Specify output parameters" screen, select the appropriate parameters (All parameters are optional) and reprogram the second configuration slot of your YubiKey

Once your YubiKey is configured in static password mode, you can use it with applications requiring static password configuration.

We hope this helps!

Thank you for the time used in reply. The response really did help me. I'm starting to get "a feel" for the Yubi key now.
I have three of them just for personal use.
I have programmed two to open my desktop, and some other devices I use. I have to keep the password backed up on
Drop box and other locations, however it works for me. However each Yubi key has a "unique" static password and
I have not been able to configure them both to have the same static password.

I have not yet been able to program the same static key on two or more Yubi keys.

Can this be done in any mode? I suspect not, at this time.
The second choice of using the scan code mode with only alphanumeric characters sounds like it should work however
I didn't get it to on the first try. Then again, the device does not remember much except the formula to generate the
same password every time for static mode. I has not remembered the key but regenerates it each time (from what I understand)
from reading things here and there.

This yubico device is becoming more useful to me. Thanks for the help. I think it is really important to keep the "static key" backed up
on another device than the one you use it to log into. Or else it would be easy to become locked out. I have it backed up on Drop box
and another regular usb memory device. I now use the yubi key to log into my desktop,

Again thank you for the reply above to my question previously.

Thanks.

YubiKey 2.x can be reprogrammed for two types of static password modes, first is long static password mode and other is scan code mode. And in both modes two YubiKeys can be reprogrammed to emit the same static password.

1) Long static password mode:

The latest YubiKey 2.x provides an interesting feature called "Strong password policy" where we can program the YubiKey to generate very long static passwords with upper, lower case letters, numbers and an "!" special character. We need to use the new Yubico configuration utility to utilize this feature.

For using this feature and reprogramming two YubiKeys with the same long static password follow the steps given below:

1. Insert the first YubiKey to the USB port and start the YubiKey Configuration Utility
2. Select the "Create a static YubiKey configuration (password mode)" from the Select task screen
3. Choose "Advanced" mode and select the appropriate number of characters
4. Select "Use a public identity" and from the "Public ID string update scheme" select "Fixed value" and click on "Single rand" button. Copy the value which is populated in the "Public ID string" and click on Next
5. Select "Use a private identity" and from the "Private ID string update scheme" select "Fixed value" and click on "Single rand" button. Copy the value which is populated in the "ID string" and click on Next
6. From the "Key update scheme" select "Fixed value" and click on "Single rand" button. Copy the value which is populated in the "Key (128) bits" and click on Next
7. From the "Specify output parameters" screen, select the options provided under the "Strong password policy" and remember which options are selected
8. From the "Specify configuration protection" screen, select the appropriate option
9. From the Programming screen, select "Write to configuration 2 (YubiKey 2 only)" and click on Run
10. Now, insert the another YubiKey
11. Select the "Create a static YubiKey configuration (password mode)" from the Select task screen
12. Choose "Advanced" mode and select the appropriate number of characters
13. Select "Use a public identity" and from the "Public ID string update scheme" select "Fixed value" and provide the value which was copied while reprogramming the first YubiKey and click on Next
14. Select "Use a private identity" and from the "Private ID string update scheme" select "Fixed value" and provide the value which was copied while reprogramming the first YubiKey and click on Next
15. From the "Key update scheme" select "Fixed value" and provide the value which was copied while reprogramming the first YubiKey and click on Next
16. From the "Specify output parameters" screen, select the options provided under the "Strong password policy" which were selected while reprogramming the first YubiKey
17. From the "Specify configuration protection" screen, select the appropriate option
18. From the Programming screen, select "Write to configuration 2 (YubiKey 2 only)" and click on Run


Please also note that the static password emitted from the YubiKey when configured in "Advanced" static YubiKey configuration mode cannot be set by the user. The Static password is generated as a result of an encryption function involving the AES key and YubiKey parameters.

Alternately, you can also enable the logging of the various parameters used for reprogramming the YubiKey in a log file. To enable logging, select the "Review or change program settings" from the "Global settings" from the "Select task" screen and click on next. Now, from the "Programming settings" screen, select "Ask for log output file name if not set" and "Include secrets (UID + key) in output file".

2) Scan code mode:

You can use the "Scan code mode" feature available under the static YubiKey configuration of the YubiKey configuration utility to program the YubiKey 2.0 to emit your own password (of up to 16 characters in YubiKey 2.1.2 and up to 38 characters in YubiKey 2.2) containing alphanumeric characters.

For reprogramming two YubiKeys with the same Scan code mode static password follow the steps given below:


1. Insert the first YubiKey to the USB port and start the YubiKey Configuration Utility
2. Select the "Create a static YubiKey configuration (password mode)" from the Select task screen
3. Select the "Scan code mode" option
4. In the same screen enter your desired password in the "Scan code input" field and remember this password
5. From the "Specify output parameters" screen, select the appropriate parameters (All parameters are optional)
6. From the "Specify configuration protection" screen, select the appropriate option
7. From the Programming screen, select "Write to configuration 2 (YubiKey 2 only)" and click on Run
8. Now, insert the another YubiKey
9. Select the "Create a static YubiKey configuration (password mode)" from the Select task screen
10. Select the "Scan code mode" option
11. In the same screen enter the same password that you have used while reprogramming the first YubiKey in the "Scan code input" field
12. From the "Specify configuration protection" screen, select the appropriate option
13. From the Programming screen, select "Write to configuration 2 (YubiKey 2 only)" and click on Run

We hope this helps!