How do I use VIP YubiKey authentication?
The VIP enabled YubiKey (https://www.yubico.com/blog/yubikey-vip/) has two configuration slots. When the VIP enabled YubiKey is shipped, its first configuration slot is factory programmed for Symantec VIP credentials. The second configuration slot is programmed with a standard Yubico OTP that is dormant in the second identity slot, and can be activated using the YubiKey Personalization Tool. The two configuration slots of the YubiKey work independently, and each can be independently reconfigured into OTP or static password mode.
If you touch and hold the YubiKey touch-button between 1-3 seconds before releasing, the first configuration slot will emit the password (based on slot 1 configuration). If you touch and hold the YubiKey button about 4-5 seconds before releasing, the second configuration slot will emit the password (based on slot 2 configuration). If you happen to touch and hold it for longer than 5 seconds, the touch-button indicator will flash rapidly without emitting any password.
As the second configuration slot of the YubiKey is left blank, you can program it to the YubiKey OTP mode, upload the AES Key to the online validation server and configure it to work with LastPass.
To program the second slot to work with the online Yubico OTP validation server, please do the following:
- First, download and install the latest Cross Platform Personalization Tool for Windows from the Yubico Website at: https://www.yubico.com/products/services-software/download/yubikey-personalization-tools/. There are a number of different installers for various operating systems – pick the installer for your operating system.
- Once the tool has been installed, insert your VIP YubiKey in a USB port on your computer and launch the YubiKey Personalization Tool.
- In the Personalization Menu, open the Settings menu by selecting the Update Settings hyperlink on the main page or the Settings option from the menu at the top.
- In the Settings menu, click Update Settings in the lower-right navigation.
- The Update YubiKey Settings menu should be displayed. If this is not the case, confirm you have a VIP YubiKey with a firmware version of 2.3.0 or later.
- Locate the "Configuration Slot" section and select Configuration Slot 2.
- Locate the option "Dormant" and ensure the box is not checked.
- Locate the "Configuration Protection" section, and open the menu “YubiKey(s) unprotected – Keep it that way”.
- From this menu, select the option YubiKey(s) protected – Keep it that way.
- This will activate the Current Access Code field in the "Configuration Protection" section.
- Enter your VIP YubiKey’s current access code, which will be 00000 followed by the YubiKey’s serial number (in Decimal format) as reported by the Personalization tool.
- If your Serial Number is “1234567”, then your Current Access Code will be “00 00 01 23 45 67”
- Click Update to activate your VIP YubiKey’s second slot with the Yubico OTP configuration.
Yubico also has a portal for uploading the AES Key. For more information, please visit https://upload.yubico.com/.