We have an outstanding feature request ( issue #58) to do so for Fortitoken. It should be possible to reimplement other proprietary 2FA apps in a similar way. Oathtool -v -b -totp HBRXYG6HH64VPFLMTSV57GSGGK6QY6I6 #. Oathtool -b -totp HBRXYG6HH64VPFLMTSV57GSGGK6QY6I6 # output one code You can use oathtool to generate the same OTP codesĪs would be produced by the official VIP Access apps: You will need the ID to register this credential: SYDC94595813 This credential expires on this date: T21:38:53.998Z Otpauth://totp/VIP%20Access:SYDC94595813?secret=HBRXYG6HH64VPFLMTSV57GSGGK6QY6I6&digits =6&algorithm =SHA1ℑ=https%3A%2F%%2Fdlenski%2Fpython-vipaccess%2Fmaster%2Fvipaccess.png.=30 Then take the otpauth:// URL from the output and load it into any TOTP authenticator app (perhaps via QR code), and register the credential ID with whatever company is telling you to use Symantec VIP Access for 2FA:įetching provisioning response from Symantec server.Ĭhecking token against Symantec server. If you need to use Symantec VIP Access but don't want to use the proprietary app, simply run python-vipaccess as follows to provision and test a new soft-token. I'm now the maintainer of python-vipaccess, which will allow you to provision a Symantec VIP Access soft-token using a simple command line tool. Happily, we’ve known how to do this since ~2014, when the Symantec VIP Access provisioning process was first studied and reimplemented in Python. This means that if you can intercept the TOTP secret/key from the HTTPS-based provisioning process, you can use it with a standard TOTP-based authenticator app. Symantec VIP Access turns out to be entirely based on standard TOTP. The Symantec VIP Access app is a rather commonly-deployed example of such: many companies require their employees to use it for 2FA for access to VPNs and other corporate systems. Parent article: TOTP authentication with free softwareīehind the scenes, many proprietary/closed-source authenticator apps are actually based on TOTP. Looks like I have to run an app off my phone or PC as others have noted if I want to escape from using SMS as a second factor. Substituting open/standard TOTP authenticators for proprietary apps ThereAreNoGurus wrote: Fri 12:33 am I just tried registering my Schwab Symantec VIP Access Credential ID (its a hardware token) with Fidelity and it didnt work.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |