![]() ![]() TOTP credentials are usually 32 letters, often represented as a QR code. VIP credentials start with 4 letters and then 8 digits. When you initialise Symantec VIP, it generates a new random credential, but not one compatible with TOTP. To add a new credential to a TOTP app we therefore need a compatible credential. The 6 digit codes that get generated by authenticator apps are created based on 2 factors: the current time (obviously) and a credential. The instructions provided by Dan are pretty straightforward, but I hit a missing dependency that was required to make it work on my RPi 2B. Symantec VIP is actually just a layer over TOTP and thanks to a clever bit of work by Dan Lesnki (in turn forked from Cyrozap’s project) it’s possible to do away with the Symantec VIP application and use a “standard” TOTP app, such as Google Authenticator or Authy. So, what’s the problem? I resent having a “special” Symantec app on all my devices because, ultimately this is just a layer over the standard Time-based One Time Password (TOTP), as used by Google Microsoft, Facebook and countless others. (Why pseudo-two-factor? Because the code is generated from a secret, it’s really just a fancy password.) ![]() This is an example of pseudo-two-factor authentication: I have my password, something I know, as the first factor and something I have, the app that generates the code, as the second factor. When logging in to the system, I have to run the app to get the 6 digit code and then type it in, along with a username and password. For those that haven’t come across this before the app displays a 6 digit numeric code that changes every 30 seconds. Enter this security code along with your password to add strong authentication to your favorite websites.Occasionally, I need to log in to a system that requires the use of a Symantec VIP code. Scan a QR Code at participating organizations such as Google, Facebook, Amazon, and more to generate a security code every 30 seconds to securely sign in. You can generate a security code even if you do not have a network or mobile connection. The strong authentication method you use depends on the method implemented by your participating organization. Note: Fingerprint authentication requires that your mobile device is fingerprint capable and that you have registered a fingerprint on the device.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |