Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 8:41 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 5 posts ] 
Author Message
PostPosted: Sat Mar 01, 2014 5:31 pm 
Offline

Joined: Tue Oct 15, 2013 5:01 pm
Posts: 8
I can't seem to program the slot that I have YubiTOTP loaded in as the default NDEF slot. I've tried using static text, swapping slots, etc.

This would help in bypassing the manual method of activating the YubiTOTP for Android app (or widget, which defaults to the user-selected slot) to query the YK Neo. (Problem with the widget is that you have to touch it, then READ the OTP and type it in. YutiTOTP app lets you copy to the clipboard only if you run it as a full-screen app. :( )

Now you have a handy dandy YubiCLIP app which will just copy the NDEF OTP to the clipboard on detection. But it only seems to work with the default NDEF slot. => I can't program the TOTP slot for NDEF in the Personalization tool, so an automatic "copy to clipboard" action on touching the YK Neo to the NFC reader isn't possible with my own org's OTP. [1]

Seems that if you could combine the YubiCLIP and YubiTOTP functionality, declaring which slot to query, then touching the Neo to the NFC reader would let someone quickly auth. (Given: Android has a bug that if you paste the clipboard to a field with text, it inserts a space. You have to paste the OTP in FIRST, then tap to the beginning of the field to type in your PIN. Minor annoyance.)

Unfortunately, this stops me from using my Neo as a regular OTP tool at work. I'd like to also program the non-NDEF slot for our HOTP token, but need it to get into these forums. :(

Any suggestions or help as to my steps to enable this are faulty.

[1] Before anyone argues that this would make authentication automatic for an unauthorized user, know that in my TOTP implementation, a PIN is required. Most applications require user/passwd/otp for two-step auth. The default Neo key appears to unlock LastPass without any other auth, so let's not beat down the use case with paranoia.


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Mon Mar 03, 2014 9:46 am 
Offline
Site Admin
Site Admin

Joined: Wed Nov 14, 2012 2:59 pm
Posts: 666
right now is not doable there are some technical challenges to make it "usable".

However we have some consideration around it and something may come out on this regard in the near future.

_________________
-Tom


Top
 Profile  
Reply with quote  
PostPosted: Tue Mar 04, 2014 10:02 pm 
Offline

Joined: Tue Oct 15, 2013 5:01 pm
Posts: 8
Tom wrote:
right now is not doable there are some technical challenges to make it "usable".

However we have some consideration around it and something may come out on this regard in the near future.

That's encouraging news, Tom. Thanks. I'm happy to Beta test, since our last (2nd) group order at my office, there've been 1-2 smaller group orders. The appeal of the Nano has been growing, and interest in the Neo use case for mobiles gains more mindshare every day. There's a LOT of mobile use here, and our major internal tools now use LinOTP OATH (HOTP or TOTP) to auth.

Am I going about it wrong? Should I be able to program a HOTP token in the NDEF slot, and read only the token? (I thought I'd dismissed that before. :? )


Top
 Profile  
Reply with quote  
PostPosted: Wed Mar 05, 2014 8:59 am 
Offline
Site Admin
Site Admin

Joined: Wed Nov 14, 2012 2:59 pm
Posts: 666
Hi,

I am not sure i get you. If you want to store HOTP credential on the NEO and then emit them via NFC yes, you can do that by selecting the right configuration slot in the NDEF programming tools.

i.e.

i configure HOTP on my slot 2 of my Yubikey and then:

Attachment:
Capture.PNG
Capture.PNG [ 8.44 KiB | Viewed 3880 times ]

_________________
-Tom


Top
 Profile  
Reply with quote  
PostPosted: Fri Mar 07, 2014 10:32 pm 
Offline

Joined: Tue Oct 15, 2013 5:01 pm
Posts: 8
Tom wrote:
Hi,

I am not sure i get you. If you want to store HOTP credential on the NEO and then emit them via NFC yes, you can do that by selecting the right configuration slot in the NDEF programming tools.

Ah-ha-ha. :!: 8-) Previously my org's HOTP tokens wouldn't work with the Yubico Yubikey Neo Demo app, only your custom token was read. I gave up on that. ... YubiTOTP was a work around that would display or copy-to-clipboard our TOTP token on detection.

Now Yubico's Yubiclip app for Android will read my org's HOTP token (SHA-1, 6-digit) to the clipboard, which is part of the equation I've wanted. (Still work to be done. We have users who may want to DISPLAY the token, for transcription to a PC, shared terminal, etc. Some users might want the choice of "use" like your Demo app offers. :| )

Our organization will be at AUScert 2014 (Brisbane) this spring, giving a presentation on setting up open source two-factor auth in the enterprise, soup to nuts, with live demonstrations using tools including Yubikeys. Please look us up.

Now if only the Neo could support 4K GPG keys.... :roll:


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 5 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 9 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group