Requirements: Yubikey Neo, NFC enabled android device, Yubico Authenticator App, and the Base32 secret for your account (explained below).
Description:It wasn't clear to me that the Yubico Authenticator, desktop or mobile, supports programming the accounts with just the Base32 secrets. Like many folks, I went hog wild setting up 2-factor authentication for my accounts, but I was used to being able to use the text key in the event that I had to re-seed an authenticator. The Yubico Authenticator seems to require that we use QR codes for programming our accounts, and these instructions will show you how to do that if you just have your secret key.
It looks like Google made this ridiculously easy on us. Usually if you go to set up 2-factor authentication, Google (and other providers) pop up a QR code. Most providers also have a "Can't read this QR code?" link right below or beside the image. Clicking that will give you some random fruity string of letters and numbers. This is your secret for seeding the random numbers, and you should keep these safe. I happened to have a bunch of these stored offline, and I just needed a QR code to get the settings into my Neo.
Procedure:Grab your Base32 secret code. It's the random text from when you set up your account. The authenticator is programmed with a Key URI. Lucky for us, Google has a great document on how these are structured:
https://code.google.com/p/google-authen ... yUriFormat. The URI should look something like this:
Quote:
otpauth://totp/[Label]:[User@Domain.tld]?secret=[Secret Stuff]&issuer=[Issuer]
Or, filled in:
Quote:
otpauth://totp/Google:SomeDude@gmail.com?secret=blahblahblahblahblah&issuer=Google
Now that we have that built, you can use Google's Chart API to build you a happy QR Code from this URI. You basically just put this URI inside of this special URL:
Quote:
http://chart.apis.google.com/chart?cht=qr&chs=300x300&chl=[URI]&chld=H|0
Or, filled in:
Quote:
http://chart.apis.google.com/chart?cht=qr&chs=300x300&chl=otpauth://totp/Google:SomeDude@gmail.com?secret=blahblahblahblahblah&issuer=Google&chld=H|0
Pasting that last URL into your address bar will draw you a QR code with bogus credentials, but the Yubico Authenticator will store it in your Neo and produce numeric codes. (You can use the desktop app to delete accounts from your Neo). Just be sure to replace the details with your actual account information, and it'll make you a real code.
Also, it looks like you can play around with the account name part of your string. For example, if someone managed to get my Neo and figure out what to do with it, I may not want them to know that 123456 is the current code for billybob at doublewide dot com. There are plenty of other reasonable cases where someone might change the account name part, so have fun with it.
Anyways, I hope someone finds this useful.
-Aggraxis
Login
FAQ
Search
