Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 1:50 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 2 posts ] 
Author Message
PostPosted: Tue Sep 20, 2016 1:20 am 
Offline

Joined: Tue Sep 20, 2016 1:13 am
Posts: 1
Hey, new to crypto here. First of all, I set up my slot 2 for custom OATH-HOTP password(s) and I am loving it. It would seem that config 1 has OTP set up because pressing the button (short) does generate different passwords with the same leading public identity seed. This may be a silly question, but 'where' is the NFC configuration stored, and what kind of authentication options do I have for NFC? It would seem that, according to the documentation, it is the NDEF programmed, and these can be programmed over slot 1 or 2 without overwriting the other programming in that slot? I would like to use it for my Android login but not if it uses insecure methods such as smartlock. I also don't want to reprogram any NDEF settings that will lock me out of YubicoAuthenticator.. Thanks for your time


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Wed Sep 21, 2016 9:26 pm 
Offline
Yubico Team
Yubico Team

Joined: Thu Oct 16, 2014 3:44 pm
Posts: 349
NDEF settings are really only used to change between slot 1 and slot 2 for the default NFC behavior. You can't actually mess up a credential by using the NDEF programming option in the YubiKey Personalization Tool. Yes, Slot 1 is Yubico OTP by default (LastPass is the most popular consumer use-case here). If you don't need Yubico OTP for anything, you can always delete this credential and program something else here. NFC use possibilities:

*Slot 1 or Slot 2 (Slot 1 is default over NFC, but this can be changed to Slot 2 with NDEF Programming - just be wary that depending on the credential, you generally need something on the Android side that knows what to do with the received text. OATH-HOTP, for example, you'd want YubiClip to grab the text and you can paste it into wherever you need to use it.)
*Yubico Authenticator
*PIV (only seen this work with USB NFC readers on Windows - haven't seen anything over Android that can use this, but I wouldn't be surprised if it exists already)
*OpenPGP (OpenKeyChain)
*U2F (requires Google Authenticator to handle the operation)

The tricky thing is going to be with the first four options listed above, if you use more than one. Android's handling of NFC apps is a bit odd, although I'm not sure what alternative behavior would be preferable. If you haven't set an app to be the default NFC app, you essentially get a popup every time you scan the NEO asking which app you want to use to open. Unfortunately you need to select each time. The alternative would be to set the option for always using an app to perform the action. Obviously this would be a problem because then you can't use the other features. If this option is selected and you decide to add another later, you have to go into Settings > Apps, find that app that is now the NFC default, and clear the default permissions there. This is a general option in Android, but I'm sure there are at least a couple of phone manufacturers that implement their own custom behavior here. I have had HTC for my past couple of phones, and in my experience they don't mess with the default Android behavior for NFC.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group