Yubico Forum :: View topic - [S!] An easy way to move Android app data to a new phone?

Gunther wrote:

NaturallyAspirated wrote:

Holy smokes... I never even thought to check that. I had assumed that only a token or decryption key used by the app was on the Yubikey, I didn't realize that the whole deal was on there.

That leads to a very intersting question: what if I want to use two Yubikey Neo's as a backup if I lose one of the two keys?
It would be cool if the Android Authenticator-App could sync the config to more than one Yubikeo Neo.
Any plans?

If not that means one can use only one key at a time. Moving from one key to the other means deleting every single totp-login stored and re-create it with the new key, doesn't it?

Speaking of the 6 or 8-digit OTP codes only, used by systems like Google Authenticator or Yubico Authenticator (this does not apply to the yubico-standard-OTP that used a long modhex string)...

So, for HOTP 6- to 8-digit OTPs you cannot, since the shared moving value is a stored counter that cannot be kept in sync between two tokens.

Luckily most systems are implementing TOTP 6- to 8-digit OTPs these days. You can have multiple tokens in that scenario, since the shared moving value is the current time (at authenticating server and at phone/PC which will be in sync regardless).

The trick is that if you want to use multiple tokens with a TOTP credential, you have to capture the secret key before it's pushed into the first token and then erased from your screen. I usually do this by telling the system I want the text value (instead of the 2-D barcode) and then write down that value. Then use the "Add Account Manually" option in Yubico Authenticator twice, once for each key. Then destroy the written-down value.

Brendan

Author:	NaturallyAspirated [ Wed Aug 26, 2015 8:54 pm ]
Post subject:	[S!] An easy way to move Android app data to a new phone?
My trusty Nexus 4 is starting to have problems and I see that I will need to replace it soon. Since I have quite a number of OTP entries in the Yubico Authenticator Android app, I was wondering if there was an easy way to transfer these entries to a new phone. Last time I replaced my phone (pre NEO), I had to log in to each service, disable OTP, then re-enable on the new phone, which is totally doable but time consuming. I figured that since the "secret" stuff is all on the Yubikey NEO itself, possibly there was a simple way to transfer all my stuff over?

Author:	brendanhoar [ Wed Aug 26, 2015 10:29 pm ]
Post subject:	Re: [Q?] An easy way to move Android app data to a new phone
Google Authenticator stored the credentials encrypted on the phone. Yubico Authenticator stores the credentials encrypted on the key. It should work with any phone (or desktop) running Yubico Authenticator...as long as you remember your pin/password to unlock the key.

Author:	NaturallyAspirated [ Wed Aug 26, 2015 10:34 pm ]
Post subject:	Re: [Q?] An easy way to move Android app data to a new phone
Holy smokes... I never even thought to check that. I had assumed that only a token or decryption key used by the app was on the Yubikey, I didn't realize that the whole deal was on there. Thanks for the help!

Author:	Gunther [ Wed Oct 07, 2015 3:46 pm ]
Post subject:	How to move Authenticator's Info to a new Yubikey Neo?
NaturallyAspirated wrote: Holy smokes... I never even thought to check that. I had assumed that only a token or decryption key used by the app was on the Yubikey, I didn't realize that the whole deal was on there. That leads to a very intersting question: what if I want to use two Yubikey Neo's as a backup if I lose one of the two keys? It would be cool if the Android Authenticator-App could sync the config to more than one Yubikeo Neo. Any plans? If not that means one can use only one key at a time. Moving from one key to the other means deleting every single totp-login stored and re-create it with the new key, doesn't it?

Author:	brendanhoar [ Wed Oct 07, 2015 4:08 pm ]
Post subject:	Re: How to move Authenticator's Info to a new Yubikey Neo?
Gunther wrote: NaturallyAspirated wrote: Holy smokes... I never even thought to check that. I had assumed that only a token or decryption key used by the app was on the Yubikey, I didn't realize that the whole deal was on there. That leads to a very intersting question: what if I want to use two Yubikey Neo's as a backup if I lose one of the two keys? It would be cool if the Android Authenticator-App could sync the config to more than one Yubikeo Neo. Any plans? If not that means one can use only one key at a time. Moving from one key to the other means deleting every single totp-login stored and re-create it with the new key, doesn't it? Speaking of the 6 or 8-digit OTP codes only, used by systems like Google Authenticator or Yubico Authenticator (this does not apply to the yubico-standard-OTP that used a long modhex string)... So, for HOTP 6- to 8-digit OTPs you cannot, since the shared moving value is a stored counter that cannot be kept in sync between two tokens. Luckily most systems are implementing TOTP 6- to 8-digit OTPs these days. You can have multiple tokens in that scenario, since the shared moving value is the current time (at authenticating server and at phone/PC which will be in sync regardless). The trick is that if you want to use multiple tokens with a TOTP credential, you have to capture the secret key before it's pushed into the first token and then erased from your screen. I usually do this by telling the system I want the text value (instead of the 2-D barcode) and then write down that value. Then use the "Add Account Manually" option in Yubico Authenticator twice, once for each key. Then destroy the written-down value. Brendan

Yubico Forum https://forum.yubico.com/

[S!] An easy way to move Android app data to a new phone? https://forum.yubico.com/viewtopic.php?f=26&t=2016	Page 1 of 1

Author:	bkarson777 [ Sun Jan 24, 2016 8:47 am ]
Post subject:	Re: How to move Authenticator's Info to a new Yubikey Neo?
brendanhoar wrote: Gunther wrote: NaturallyAspirated wrote: Holy smokes... I never even thought to check that. I had assumed that only a token or decryption key used by the app was on the Yubikey, I didn't realize that the whole deal was on there. That leads to a very intersting question: what if I want to use two Yubikey Neo's as a backup if I lose one of the two keys? It would be cool if the Android Authenticator-App could sync the config to more than one Yubikeo Neo. Any plans? If not that means one can use only one key at a time. Moving from one key to the other means deleting every single totp-login stored and re-create it with the new key, doesn't it? Speaking of the 6 or 8-digit OTP codes only, used by systems like Google Authenticator or Yubico Authenticator (this does not apply to the yubico-standard-OTP that used a long modhex string)... So, for HOTP 6- to 8-digit OTPs you cannot, since the shared moving value is a stored counter that cannot be kept in sync between two tokens. Luckily most systems are implementing TOTP 6- to 8-digit OTPs these days. You can have multiple tokens in that scenario, since the shared moving value is the current time (at authenticating server and at phone/PC which will be in sync regardless). The trick is that if you want to use multiple tokens with a TOTP credential, you have to capture the secret key before it's pushed into the first token and then erased from your screen. I usually do this by telling the system I want the text value (instead of the 2-D barcode) and then write down that value. Then use the "Add Account Manually" option in Yubico Authenticator twice, once for each key. Then destroy the written-down value. Brendan Hopefully I am posting this write... You guys seem to be sort of discussing what I am trying to do. I have 2 Yubi key Neo's and want to use 1 as a backup. Trying to use the Yubico Authenticator but when I use the second key there are no credentials. How can I fix that. Thanks in advance. BKarson

Page 1 of 1	All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/