Yubico Forum

I had previously configured the second configuration slot on my 2.2.3 Yubikey to use a static password.

I am now trying to get it to support manual update mode. I changed the setting and tried to write a new password to conf #2. The password takes, but holding the button down for more than 8 seconds results in it flashing rapidly for one second then going solid green again.

I also tried switching conf #2 to be OATH then back to static with the same result.

What do I have to do to get that bit flipped?

Seems like the manual update flag has not been set or that the time the button is pressed is too short (8 - 15 seconds). When it works, the LED should go over to slow flashing. Make a short tap and the new code will be emitted.

What tool or API have you been using ?

Remember that this function only works in static mode and that only one of the configurations can have this flag set.

Best regards,

JakobE
Hardware- and firmware guy @ Yubico

I am using the latest version yubikey that supports two configs and includes RFID.

I have never touched the first config, it is still using the original Yubico OTP setup.

I initialized the second config with a static password shortly after I got the key.

A few days ago I heard about the manual update mode and wanted to try it out.

I ran the Mac OSX personalization tool, went to the settings tab, and checkmarked the manual update checkbox.

I went to the Static Password tab and changed the password and wrote the configuration.

I then held down the button on the key for ten seconds. It gave me the fast flash rather than a slow flash.

I've tried rewriting the second config slot multiple times but it never seems to pick up the fact that I checkmarked the manual update feature.

I am also having the same issue, it doesn't seem to want to write that setting.
i tried setting static to conf 1 and 2 with manual mode.

Also having the same issue:

Application Version: 3.0.0
Firmware: 2.2.1
OS: MacOSX

Configuration slot 1: Yubico OTP
Configuration slot 2: Static Password

Symptoms:

1 Hold down button for about 12 seconds
2 See rapid flash for about 3 seconds (longer than the typical 1 second rapid flash when you hold it for a time the key doesn't like)
3 Enter new password
4 try holding quick touch to commit. OTP output
5 retry steps 1-3 then hold down for 10 seconds
6 reenter password
7 try quick touch to commit: OTP output
8 ... several other variations.

no luck

Update:

After personalizing with the unix/linux command-line personalization tool I am able to get it to flash slowly. (It seems that the MacOS tool just must not set the flag)

However, I'm unable to figure out the sequence for updating the password. Once it starts flashing slowly what is the procedure?

What I tried was:
- Type in a password
- quick tap.

That didn't work. Then I tried.
- Type in a password
- hold for 10 sec

That didn't work
- Type in new password
- hold for 10 sec
- type in new password again
- quick tap

That didn't work
- Type in new password
- hold for 10 sec
- type in new password again
- hold for 10 sec

That didn't work.

I cant find any reference to what the correct procedure is.

PS: at some point in all of this 2 'N's got prepended to the static password. My attempt at replacing the password was "abcdefg" which of course doesn't contain any 'n's or 'N's.

Sorry - I missed this post. Let's see if we can re-create what the problem is. The procedure is maybe a bit too awkward...

1. A properly configured key shall yield static passwords like this when the button is tapped:

irhlrvujvlhdrgjlgienlkrbrdulvkbt
irhlrvujvlhdrgjlgienlkrbrdulvkbt
irhlrvujvlhdrgjlgienlkrbrdulvkbt

2. In order to change the password, press and hold the Yubikey button for 8-15 seconds - not less, not more. The Yubikey LED shall now start to flash slowly. If it flashes quickly a short burst, the Yubikey is either not properly configured or the button has been pressed too short or too long.

3. Now tap the button to confirm the password change. A new password is randomized internally in the Yubikey and the new one is sent out.

gcrdlkeknklclvcliuviggvugerghrbe

4. Tapping the button again shall emit the new one, such as

gcrdlkeknklclvcliuviggvugerghrbe
gcrdlkeknklclvcliuviggvugerghrbe


Please update me if this resolved the issue.

Regards,

JakobE
Hardware- and firmware guy @ Yubico

When using this technique to have the Yubikey generate a new static password, what parameters are used to generate the new static password?

Right now I have a static password set that is X characters long and it needs to be exactly that long. If I ask the Yubikey to generate a new one, will it generate one that is the same length (X) as the existing static password? Will it pick an arbitrary length?

In my Yubikey utility there's no radio tabs or fields that seem to allow the Yubikey to know a parameter for the static password, I use an external password generator to generate the password and then enter it into the password field and hit program.

Is there anything I'm missing?