Yubico Forum

I specifically have tried doing it at the time of writing my challenge-response, tried using the update part, any time I add a code, close the pt and open it again, go to write something else or change something it goes right through without failing due to a missing required key.

I just read the help info and it says:



So why, after setting a code, can I wipe slot 2 and fill it with gibberish, thus crippling my ability to use it? Assuming I were an attacker finding the Yubikey and wanting to deny access to something or somewhere without stealing the device?

I want nobody but me being able to mess around with my Yubikey, I thought that is the whole point of the code?

I find the lack of official responses, answering people's questions and making things clear etc, very disturbing. I love Yubikeys but my experience from Yubico on your official forum is tainting how I feel about Yubico.

_________________
My GnuPG (PGP) Key ID: 614D98E6

If you're adding an access code without writing a new credential, you MUST click "Update Settings...", select the configuration slot you want to protect, and then click "Update". You'll receive a notification that the update was performed. This functionality has been the same for many years without issue.

Again, this is a community forum, not an "ask Yubico and get an answer" forum. If you need help from support, create a support ticket at yubi.co/support. We respond quite quickly during business hours.

Thanks for this.

This almost answers the very same question have; specifically how to simply "protect config" WITHOUT writing-to (i.e. altering) either Slot1 or Slot2 credentials.

However, this follow-on question deals w/ the "mechanics" of actually performing this task this using the Yubikey Personalization Tool (YPT) screen(s).

It would appear that this task should be performed from either the "Yubico OTP" or "OATH-HOTP" screens by UN-CHECKING the boxes associated w/ those particular parameters BEFORE executing "Write Configuration"

Conversely, it appears that this ability would NOT work from either the "Static Password" or "Challenge-Response" screens simply because those screens do NOT provide a way to "Uncheck" alteration of the "credential" parameters.

Am I understanding it correctly ?

Someone from Yubico told me in a ticket that this is not possible, the other day:

"This is the expected behavior. The access code is only written to the YubiKey at the time of configuration programming." I was specifically documenting how I used the update settings feature and the protection was not activated and I could overwrite my slots. That was their response.

_________________
My GnuPG (PGP) Key ID: 614D98E6