Yubico Forum
https://forum.yubico.com/

[QUESTION] OTP Authenticator
https://forum.yubico.com/viewtopic.php?f=26&t=2054
Page 1 of 1

Author:  maara [ Fri Oct 09, 2015 11:09 am ]
Post subject:  [QUESTION] OTP Authenticator

Hi,

I started using the Yubico Authenticator for storing my passwords.
When I tried the osx version, I plugged in my yunikey and was surprised that all the otp's were already there even I added them only on my android phone.....
This leads me to a question - where are these sites/passwords I have manually added to the authenticator, stored? Are they on the usb key or somewhere on yubiko servers and just pulled? How does this works?

Thanks!

Author:  brendanhoar [ Fri Oct 09, 2015 9:57 pm ]
Post subject:  Re: [QUESTION] OTP Authenticator

maara wrote:
When I tried the osx version, I plugged in my yunikey and was surprised that all the otp's were already there even I added them only on my android phone.....
This leads me to a question - where are these sites/passwords I have manually added to the authenticator, stored? Are they on the usb key or somewhere on yubiko servers and just pulled? How does this works?


They are on the key.

The account name and secret-key/seed are stored on the key when you set them up (a counter is initialized for each HOTP account as well). When you query the key with the Yubico Authenticator, you enter the password and it sends the password and the current time to the device, which then uses the password to authenticate as well as the phone/computer current time to initialize the TOTP functionality. Then it generates all of the 6- and 8-digit TOTP/HOTP codes, one for each account/secret-key combination.

Brendan

Author:  maara [ Mon Oct 19, 2015 2:07 pm ]
Post subject:  Re: [QUESTION] OTP Authenticator

Thanks for your explanation!
Are these codes related to any of the two slots? - would reprogramming some of the slots (I am using OTP and OATH in slots 1 and 2) cause that the codes will be deleted?
How to ensure that these codes are safe and will be not touched in any other way than from the OATH app in the phone?

Thank you!

Author:  brendanhoar [ Mon Oct 19, 2015 5:57 pm ]
Post subject:  Re: [QUESTION] OTP Authenticator

maara wrote:
Thanks for your explanation!
Are these codes related to any of the two slots? - would reprogramming some of the slots (I am using OTP and OATH in slots 1 and 2) cause that the codes will be deleted?


They are not related to the two slots (usually). Yubico Authenticator generally uses the smart-card chip in the Neo, not the Yubico chip, and stores the OATH credentials away from the two older-style slot areas.

Recent versions of yubico authenticator (at least on the desktop) have added support for setting/reading the older slot-based storage of up to two HOTP/TOTP OATH credentials (named Slot 1 and Slot 2, I think). If you have been using a NEO with Yubico Authenticator to set up the credentials without setting any non-standard slot-based options, there should be no impact when configuring the slots using yubico's other tools.

maara wrote:
How to ensure that these codes are safe and will be not touched in any other way than from the OATH app in the phone?


Set a password in Yubico Authenticator.

Brendan

Page 1 of 1 All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/