Yubico Forum

Try a few times,

it looks like that the Nexus 5 has a very low power reader which may perform poorly especially if you have a phone case.

_________________
-Tom

Interesting. I had the same issue of lots of unable to read errors with my Nexus 5. Didn't realize it was due to the power of the NFC reader though, because it always made the tones as normal when I brought the key near the middle of the phone. I don't use a case.

Sir, as I already wrote I tested it also on the Nexus 7 tablet. And the Sound that both the Nexus 5 and the 7 make are those of a successfull nfc read.

They also make that sound of a successful nfs contact (take a around a second) when I swipe it while in the oath app but not having scanned a QR Code yet - in that case it says "Empy Credentials list.

Numerous attempts of "trying again" were already made yesterday and other NFS Apps like NXP Tag Info Reader work well.

Trying again did not solve this problem here


I also tried uploading the cap file again in case somethin went wrong but no - all clear - looks good. Was this app tested with KitKat?

Another Idea: Does the applet interfer with the openpgp applet on the yubikey?

rgds
c

I can definitely say that it did eventually work on my Nexus 5 with KitKat. The first addition of Google worked on the first try, the second key for Dropbox took a few tries before it stuck.

Hi,

I actually was able to add a credential testwise from http://www.phpgangsta.de/wp-content/uploads/qrcode.png

What I cannot do is - using the "migrate to another device" function from Google. The Scanner gets the QR and Displays the Google Account but I cannot add the credential.

Maybe there is a difference between migrating to a new device and having 2nd factor freshly set up? If so - what are my options?

P.S.
Test QR Code from above is:
Type = URI M=M
otpauth://totp/Blog?secret=secret

Google QR Data is:
Type = URI M=L
otpauth://totp/Google%3username%40gmail.com?secret=thesecret&issuer=Google

Here is an Example of a Google QR that is NOT (!) working


otpauth://totp/Google%3Afu.bar%40gmail. ... uer=Google

It is maybe related to the length of the secret - short secrets seem to work! Is this a BUG?

This works now with the new version avialable on the play store.

KitKat version 0.1.7 on a Nexus 5 or 4.

_________________
-Tom

First of all thank each of you for your comments AND questions. I'm an Infosec professional just learning some of the more intermediate/advanced capabilities Yubikey NEO is capable of, and whatever I learn here I plan on publishing an easy-to-follow How-To on my blog, so I hope whatever items gets cleared up here will benefit others after us.

I'll begin with stating the precise steps I took before I go on with what I'm sure will be a common question:

1) I purchased a YubiKey NEO with LastPass Subscription.

2) I installed the Yubico-recommended Cross Platform Personalization Tools on my Windows 7 machine.

3) After installation, I launched the program, and inserted my new Yubikey NEO into a USB port. I noticed SLOT 1 was taken up by the Lastpass Authentication feature, which worked very well, by the way, right out of the box.

4) I also noticed SLOT 2 was empty. I decided to use this slot for Static Password use. I used the Personalization Tool to make this happen.

5) I now join the many curious users who want to make full use of Yubikey NEO's NFC feature with my Android device. I have a Nexus 7 I'd like to test this with. I downloaded the Yubico Authenticator app from the Google Play store.

6) When I launched the app on my Android device and swiped my NEO token across the back surface of my NFC-enabled tablet, I see an error: "yubiko authenticator applet not installed on NEO."

7) After some Googling around, I found this blog: "Yubikey NEO OATH Applet". Upon further reading, I come to discover it's not enough that I have the Personalization Tool I mentioned in step 2. If I want to use the NFC feature of my Yubikey NEO to work with the Android Yubico Authenticator App, I need to download something else to install onto my Yubikey NEO: The "Yubico Authenticator Applet" (the same one mentioned in the error earlier). And if I'm not mistaken, this applet is also called ykneo-oath?

8) Here's where it gets more complicated. According to the blog post linked to earlier, there is a checklist at a forum post--in fact, this very forum post --that we can follow to help us out, but it's going to take some muddling through to understand what is going on here.

So now, before I continue, here's my first question: As I already mentioned, I'm already using both slots on my Yubikey NEO device. SLOT 1: Pre-configured for Lastpass. SLOT 2: Static Pass, which I'm now using to secure one of my more sensitive accounts.

If a user in a similar situation (both slots in use already) were to complete the steps listed here to configure NFC, would this wipe out either of these two slots? Or does this process re-program an entirely separate area on my Yubikey NEO? Is it safe to proceed, or do I need to back up my configuration somehow?

Thanks!

Adding the applet to your NEO will not erase either of the configuration slots. Unfortunately, it is currently not for the faint of heart. It requires successfully setting up a computer to be able to communicate with the NEO as a smartcard and upload the app using some specialized utilities.

If you want to give it a try, the checklist at the first page of this thread is what you want to try to follow.

Thank you!

I understand it looks difficult to interpret. To be honest, it seemed a little daunting, even to me, but I'm thinking I might write a How-To article, or perhaps even a video showing how it's done. My hope is that at least this will help out others curious about how to make this work.

Another matter I wanted to ask about: Is the NFC configuration space limited to just one function? In other words, Yubikey NEO owners who follow this checklist will be able to use their Yubikey with the Android Yubikey Authenticator App, but does this mean this is *all* it can be used for?

I ask this because from all the material I've reviewed, one huge benefit of using the Yubikey NEO this way is that unlike Google's Android Authenticator app, all One-Time-Password (OTP) account information is stored on the Yubikey NEO itself, not on the mobile device.

So it stands to reason that there's some capacity or storage space reserved for NFC use. So, maybe that storage space can be used to store other things (like a password to authenticate with other systems or devices, or some other authentication method). Is this possible, or would going through this checklist mean that I'd be forced to use the same static NFC signature that this generates to authenticate with other systems?

------

Also: Is it the case that when a new OTP account is added to the Yubikey NEO, the NFC-enabled phone/tablet is what's actually writing new info to the Yubikey? If so, then it seems that with each new OTP account added (say, I add a new dropbox or facebook account), the mobile device overwrites (or "updates") the Yubikey NEO through the device's NFC signal... is this understanding correct?