Yubico Forum
https://forum.yubico.com/

New key, swapped slots, wrote to slot 2, now config is gone
https://forum.yubico.com/viewtopic.php?f=26&t=1765
Page 1 of 1

Author:  chmac [ Sat Feb 28, 2015 8:51 pm ]
Post subject:  New key, swapped slots, wrote to slot 2, now config is gone

I got a Yubikey neo a few weeks ago. Today I finally got around to migrating my second slot from my standard yubikey.

I started by swapping the configuration slots (new yubikey, slot 2 empty). Then I tested the result by pressing the button. As soon as I pressed it, the yubikey immediately output the yubico one time password. OK, so the slot swapping doesn't work if slot 2 is empty. Now I program a static password on slot 2. I test again by pressing the button. It now immediately outputs the static password, without any delay. I am unable to long press for the static password and short press for the yubico OTP.

How can I fix it? At the moment I can't access the yubikey's OTP. :-(

Author:  ChrisHalos [ Sat Feb 28, 2015 10:03 pm ]
Post subject:  Re: New key, swapped slots, wrote to slot 2, now config is g

Hello Callum -

I responded to your support case, but wanted to answer on here as well, as it may prove useful to someone else in the future.

From the behavior you reported, I assume the Static Password was programmed over Yubico OTP, and now the Personalization Tool will report either "Slot 1 configured" or "Slot 2 configured." If this is the case, you probably overwrote the default Yubico OTP programming that was in Configuration Slot 1 by default. If this is the case, you shouldn't run into any issues unless you use Yubico OTP to log into Salesforce (it's the only service I'm aware of that DOESN'T allow user-programmed Yubico OTP). You'll just need to reprogram Yubico OTP using the Personalization Tool.

The instructions for programming Yubico OTP can be found here - https://www.yubico.com/products/service ... ey-upload/

The PDF file linked on that webpage walks you through the entire process. Make sure you complete through the "Upload to Yubico" portion of the instructions, as this is required for the Yubico OTP to authenticate to the YubiCloud. From your report, I'd guess Slot 1 contains Static Password and Slot 2 is blank (or vise versa). You'll want to program Yubico OTP into the empty slot, and then you have the option to swap Configuration Slots if necessary to return to your earlier setup. Swapping Configuration Slots is done through the Personalization Tool (Settings > Update Settings, select one of the Configuration Slots, and click "Swap").

If you happen to swap Configuration Slots when only one Slot is programmed, it will work, but as there is only one Slot configured, short press (~ 1 second) is the only option. Attempting to long press (~ 3-4 seconds) will result in the only programmed Slot's output being send after about ~ 1 second.

Hope this helps!

Best Regards,
Chris
Yubico Support

Author:  chmac [ Sun Mar 01, 2015 2:15 pm ]
Post subject:  Re: New key, swapped slots, wrote to slot 2, now config is g

Aha, sounds like I overwrote the config in slot 2 without realising. Thanks for the super fast response, awesome customer service. I'll create a new key and upload it to the yubico servers.

The level of customisation with the tool is fantastic. Would be great if the tool warned before overwriting an existing config, and even better if it could warn what type the existing config is. But now I've learned my lesson, I'll know not to make the same mistake in the future. :-)

Page 1 of 1 All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/