Yubico Forum

Hi,

I do not have Neo yet, but I have read the instructions on how to use it here.

The suggestion there is to set up a second key as a backup, but is there a way to keep any information that could be used to set up a backup-key at a later time?

The thoughts behind my question:
- It's not not the cheapest solution to invest into two keys now just to have a backup if needed anytime in the future.
- If I invest in a second keys that is not used but stored anywhere it aging although.
- Buying a second key know means to have a sparepart with the firmware from today
- If I could store anything (for example the secret key) that allows me to generate a neo that could replace the first one at a later time, I could wait if the first one will be broken or lost sometime. Then I could order an unaged new Neo with up-to-date firmware and the only issue might be that I can't get hands on my passwords for some days.

Regeards
FS1

You post is vague and does not specify what algorithm/protocol are you referring to.

In any case yes you can save the secret and store it later on a Yubikey you'll buy in the future.

That's because I don't use a yubikey yet

But anyway your response is helpful to me as I'm now knowing that there fallback-strategies in case of a broken or lost yubikey.

I guess my thoughts are that this is really more of a passwordsafe question than a Yubikey question. And I experimented with this a bit myself since I have a neo and a couple of the older keys that I keep as a backup.

Really with passwordsafe, the critical thing to keep track of is what PasswordSafe calls the "Yubikey Secret Key", which is 20 hex bytes of apparently random data. If you know those 20 bytes of data, then you have the ability to re-create a key.

With the Yubikey personalization tool, one can select "challenge-response", and then click on "HMAC-SHA1". This lets you enter the "Secret Key", which you can then write to a new Yubikey, and you should be good to go again.