![]() Now, if only all my financial institutions would get with the program. If you ever lose the Yubikey, make sure you know the answers to your allegedly secret questions.Įqually of course, you’re downloading and running random shit from the Intertubes, but … Or you can enable Push Notifications and secure access with just one simple tap on your screen. If available, users can perform this action through their organization's VIP Self-Service or My VIP portal. Of course, you can kiss Schwab’s tech support goodbye, because you’re on your own. In this release of VIP Access you can generate a one-time use 6-digit security codes on your watch, and adopt the code as the second factor to access sensitive networks and applications. If the VIP Access app is installed onto a new device, or the app was uninstalled and reinstalled, reach out to the vendor or organization of the resource being accessed to remove the old credential and register the new credential to the user. That spits out a file containing the ID and secret, from which you create a QR code for the Yubikey Authenticator app: qrencode -t UTF8 'otpauth://totp/VIP%20Access:SYMCidnumbers?secret=longsecretgibberish&issuer=Symantec&algorithm=SHA1&digits=6'įire up the app, wave the Yubikey behind the phone, scan the QR code, wave the Yubikey again to store it, sign in to the Schwab site, turn on 2FA, enter the ID & current TOTP value from the Yubikey Authenticator, and It Just Works™. The only difficulty comes from Symantec’s proprietary protocol creating the token linking an ID with a secret value to generate the TOTP codes, which is how they monetize an open standard.įortunately, Cyrozap reverse-engineered the Symantec protocol, dlenski mechanized it with a Python script, and it works perfectly: python3 -m venv symkey-env This has a list of all your authenticators so far. Click on 'Manage two-factor authentication'. com password manager is free for personal use and can be used. Select the little person icon on top right. App Store is a service mark of Apple Inc. I really appreciate that response to what is, I think, a fair and relevant question.A Yubikey 5 NFC turns out to be perfectly compatible with any website using Symantec’s (no longer available) hardware key and VIP Access (definitely a misnomer) app to generate TOTP access codes, because the sites use bog-standard TOTP. I found how to add a new phone, if you still have login access on desktop: - Log in to your etrade account on desktop. If not, is it a good idea to use this product at all, considering it could result in being locked out of everything? The number of accounts that rely on VIP Access to log in is growing, and while I am a huge supporter of MFA, this seems to be a major, even catastrophic flaw, if I understand things properly.ĮDIT: Thank you for the downvote, whoever did that. Is there any equivalent to exporting a key or something such that the new install/device will generate the same tokens as the old install? Are there any authenticator apps that do this that anyone is aware of? If my phone dies and I no longer have access to the old install I could be locked out of all of my accounts. This creates a terrible chicken-and-egg problem, in the sense that I could re-register the new VIP Access installation with my accounts, but in order to do that I may have to authenticate using the old app to simply get to the point I can register a new token. If my computer were to die, I could reinstall my cryptocurrency wallet on the new system, reconstitute the key with this text, and have access to my currency. Something has been bothering me a lot, and that is the idea that if my phone breaks, or I simply upgrade to a new phone, there doesn't appear to be any way to re-install VIP Access on the new device in a way in which the tokens being generated on the new device will work with my accounts.įirst, is this absolutely true? Second, why is it true? My cryptocurrency wallet allows me to print out a physical backup of the wallet, from which the key can be reconstituted by entering a series of text.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |