Comments (8)
No, as the credentials themselves are stored on the actual YubiKey, you
would have to load each credential onto both keys to achieve this. An
alternative way to keep backups is to save the QR code (or textual secret)
in a safe location for each credential, so that you can re-add each
credential onto a new YubiKey if the primary one is lost or damaged.
On Oct 17, 2015 9:49 PM, "Carl Boettiger" [email protected] wrote:
Is there any way to configure this app such that a second Yubico key could
be used to retrieve the authentication codes if the original key is stolen
or destroyed?—
Reply to this email directly or view it on GitHub
#22.
from yubioath-android.
Thanks for the reply. Not entirely sure how one would load each credential onto both keys; is that something this app could facilitate in future, or will that always require the computer-based toolkit? I'm a bit worried that if I did lose my primary key that I might not manage to load the stored credential manually. Could the App at least assist in caching the QR/textual secret, or would that a pose technical or security weakness?
For sites with U2F support it is always straight forward to add multiple keys; but many major services (looking at you AWS) still don't support U2F (or other Yubikey authentication). Seems like the regular google authenticator app might be preferable to the risk of losing my yubikey.
from yubioath-android.
Just store the QR/secret somewhere, like where you store your passwords. I store mine in LastPass. Then they can be added manually onto other keys (or into Google Authenticator again, come to that)
from yubioath-android.
As Dain said, if you don't have a second NEO to make a backup initially, you can simply take a screenshot of the QR code from your account, or there is an option under the QR code to display the secret key. Just copy this text and save it in a safe place. You can always add this same credential to another NEO later by selecting "Add account manually". The ideal solution is to have a second NEO as a backup, in which case, you would do the following for each account:
(1) Get to the page with QR code
(2) Go to the Yubico Authenticator for Android app, tap the top right, and select "Scan account QR code"
(3) Aim your phone's camera at the QR code in your account
(4) Hold the NEO to the NFC antenna when prompted - you will get "Credential added"
(5) Tap on the top right of the Yubico Authenticator for Android app and select "Scan account QR code"
(6) Aim your phone's camera at the QR code in your account
(7) Hold the 2nd NEO to the NFC antenna when prompted - you will get "Credential added"
(8) Use the current 6 digit OATH code showing in the Yubico Authenticator for Android app and enter this code into your account to confirm the code is correct.
Now both NEOs have the same credential.
from yubioath-android.
A slightly different approach, but is there a way to retrieve the secrets from the Yubikey? I have already added a few service's OATH secrets to the 'key but didn't make a backup at the time. (my bad!) I'm guessing there isn't a way, but just wanted to confirm.
from yubioath-android.
@ChrisHalos Thanks very much for these directions, that works like a charm using two neo keys. It would be great to have this documented somewhere obvious.
During the setup when the website asks you to confirm the pin, I was always worried that I wouldn't be able to enter the pin from two different keys. In retrospect I suppose it should have been clear that since I was storing the same credential on both keys that this would work, but this stuff gets confusing easily.
@evaryont Sounds like you'd have to start again by removing and re-adding those services, though clearly I'm not the expert on this.
from yubioath-android.
- You can load TOTP (time-index) secrets into as many keys as you want, but you must capture the secret somewhere you believe is safe (e.g. LastPass notes or a pinpad-equipped hardware-encrypted usb drive).
- Secrets cannot be extracted from the yubikey. So, record them first. Either record the image, convert the image to text and extract the secret, or use the optional text code that some services provide. Then load that into each key.
- HOTP (counter-index) secrets can only be used in a single key, because the counter is also incremented in the key...but those are much more rare these days. Almost all services use TOTP instead.
from yubioath-android.
Closing this as it isn't really an issue.
from yubioath-android.
Related Issues (20)
- Error in communication HOT 3
- support for otpauth-migration://offline HOT 2
- No prompt for device permissions
- Feature Request: Support Yubico Authenticator on Chromebooks with USB-C HOT 1
- Yubico Authenticator not recognizing Yubikey 5C Nano on Chromebook Android HOT 3
- Yubikey 5C Nano not working on Samsung S7 HOT 4
- "Error in Yubikey Communication" in both my primary and backup keys HOT 6
- camera dependency not yet available, please try again later. HOT 6
- Yubioath available on "cleanapk"? HOT 1
- NFC Error in YubiKey communication HOT 13
- oops
- Devices without NFC shouldn't prompt to tap YubiKey HOT 1
- Feature request: Configurable password & list cache time HOT 1
- Yubico
- cccccbcctctbjdggntnhkbdrhfbfgekgglvtvelehhnr
- Yubico Authenticator is no longer on the Play Store HOT 5
- So what's the status of this app? HOT 4
- Request feature OATH password timeout custom setting, clear list accounts from dialog HOT 1
- Feature Request: Sync and/or transfer accounts HOT 3
- Themed icon HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from yubioath-android.