Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 4:53 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 6 posts ] 
Author Message
PostPosted: Wed Aug 26, 2015 8:54 pm 
Offline

Joined: Wed Aug 26, 2015 6:52 pm
Posts: 2
My trusty Nexus 4 is starting to have problems and I see that I will need to replace it soon. Since I have quite a number of OTP entries in the Yubico Authenticator Android app, I was wondering if there was an easy way to transfer these entries to a new phone. Last time I replaced my phone (pre NEO), I had to log in to each service, disable OTP, then re-enable on the new phone, which is totally doable but time consuming. I figured that since the "secret" stuff is all on the Yubikey NEO itself, possibly there was a simple way to transfer all my stuff over?


Last edited by NaturallyAspirated on Wed Aug 26, 2015 10:35 pm, edited 1 time in total.

Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Wed Aug 26, 2015 10:29 pm 
Offline

Joined: Thu Oct 16, 2014 11:51 pm
Posts: 82
Google Authenticator stored the credentials encrypted on the phone.

Yubico Authenticator stores the credentials encrypted on the key.

It should work with any phone (or desktop) running Yubico Authenticator...as long as you remember your pin/password to unlock the key.


Top
 Profile  
Reply with quote  
PostPosted: Wed Aug 26, 2015 10:34 pm 
Offline

Joined: Wed Aug 26, 2015 6:52 pm
Posts: 2
Holy smokes... I never even thought to check that. I had assumed that only a token or decryption key used by the app was on the Yubikey, I didn't realize that the whole deal was on there.

Thanks for the help!


Top
 Profile  
Reply with quote  
PostPosted: Wed Oct 07, 2015 3:46 pm 
Offline

Joined: Tue Sep 01, 2015 3:36 pm
Posts: 9
NaturallyAspirated wrote:
Holy smokes... I never even thought to check that. I had assumed that only a token or decryption key used by the app was on the Yubikey, I didn't realize that the whole deal was on there.



That leads to a very intersting question: what if I want to use two Yubikey Neo's as a backup if I lose one of the two keys?
It would be cool if the Android Authenticator-App could sync the config to more than one Yubikeo Neo.
Any plans?

If not that means one can use only one key at a time. Moving from one key to the other means deleting every single totp-login stored and re-create it with the new key, doesn't it?


Top
 Profile  
Reply with quote  
PostPosted: Wed Oct 07, 2015 4:08 pm 
Offline

Joined: Thu Oct 16, 2014 11:51 pm
Posts: 82
Gunther wrote:
NaturallyAspirated wrote:
Holy smokes... I never even thought to check that. I had assumed that only a token or decryption key used by the app was on the Yubikey, I didn't realize that the whole deal was on there.



That leads to a very intersting question: what if I want to use two Yubikey Neo's as a backup if I lose one of the two keys?
It would be cool if the Android Authenticator-App could sync the config to more than one Yubikeo Neo.
Any plans?

If not that means one can use only one key at a time. Moving from one key to the other means deleting every single totp-login stored and re-create it with the new key, doesn't it?


Speaking of the 6 or 8-digit OTP codes only, used by systems like Google Authenticator or Yubico Authenticator (this does not apply to the yubico-standard-OTP that used a long modhex string)...

So, for HOTP 6- to 8-digit OTPs you cannot, since the shared moving value is a stored counter that cannot be kept in sync between two tokens.

Luckily most systems are implementing TOTP 6- to 8-digit OTPs these days. You can have multiple tokens in that scenario, since the shared moving value is the current time (at authenticating server and at phone/PC which will be in sync regardless).

The trick is that if you want to use multiple tokens with a TOTP credential, you have to capture the secret key before it's pushed into the first token and then erased from your screen. I usually do this by telling the system I want the text value (instead of the 2-D barcode) and then write down that value. Then use the "Add Account Manually" option in Yubico Authenticator twice, once for each key. Then destroy the written-down value.

Brendan


Top
 Profile  
Reply with quote  
PostPosted: Sun Jan 24, 2016 8:47 am 
Offline

Joined: Sun Jan 24, 2016 8:16 am
Posts: 2
brendanhoar wrote:
Gunther wrote:
NaturallyAspirated wrote:
Holy smokes... I never even thought to check that. I had assumed that only a token or decryption key used by the app was on the Yubikey, I didn't realize that the whole deal was on there.



That leads to a very intersting question: what if I want to use two Yubikey Neo's as a backup if I lose one of the two keys?
It would be cool if the Android Authenticator-App could sync the config to more than one Yubikeo Neo.
Any plans?

If not that means one can use only one key at a time. Moving from one key to the other means deleting every single totp-login stored and re-create it with the new key, doesn't it?


Speaking of the 6 or 8-digit OTP codes only, used by systems like Google Authenticator or Yubico Authenticator (this does not apply to the yubico-standard-OTP that used a long modhex string)...

So, for HOTP 6- to 8-digit OTPs you cannot, since the shared moving value is a stored counter that cannot be kept in sync between two tokens.

Luckily most systems are implementing TOTP 6- to 8-digit OTPs these days. You can have multiple tokens in that scenario, since the shared moving value is the current time (at authenticating server and at phone/PC which will be in sync regardless).

The trick is that if you want to use multiple tokens with a TOTP credential, you have to capture the secret key before it's pushed into the first token and then erased from your screen. I usually do this by telling the system I want the text value (instead of the 2-D barcode) and then write down that value. Then use the "Add Account Manually" option in Yubico Authenticator twice, once for each key. Then destroy the written-down value.

Brendan



Hopefully I am posting this write...
You guys seem to be sort of discussing what I am trying to do. I have 2 Yubi key Neo's and want to use 1 as a backup. Trying to use the Yubico Authenticator but when I use the second key there are no credentials. How can I fix that.
Thanks in advance.
BKarson


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 6 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 11 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group