9/17/2023 0 Comments Vip security token![]() ![]() Scroll down to locate your credential ID. However, users don’t always want to go through the trouble of reporting a lost token and may feel embarrassed to do so. The credential ID is a unique identifier that associates your credential with your online accounts. Generally, it is easier for users to use their own VIP credential than to go through the several steps to obtain a temporary security code. ![]() To begin, scan a QR code and security codes will be generated for that website every thirty seconds. Although i'd argue complaining to their customers is likely to have a bigger impact. Your favorite websites offer secured authentication compatible with VIP. The only other option is to complain to Symantec. However from a security / marketing perspective its arguably better - if someone steals your phone you'll probably notice, if someone cloned your token you might not.ĭo I have any better alternatives than (futilely) asking administrators of systems that use Symantec VIP Access to switch to something that doesn't suck? Symantec doesn't support any way to backup its secret - their documented work-around for a lost, broken, or replaced smartphone is to contact technical support at for each system with which I've registered my "credential ID". Mobile Device or desktop computer or hand-held security token issued by Bank. It is worth noting sites can optionally integrate push based notification (where the app asks Symantec to ask your phone to generate a token for it) or QR based authentication (where a QR code is presented which your phone uses when generating the token). You may not register a VIP Access App installation or Access Token to your. I doubt Symantec would allow the same code to be used twice (the system requires the service to send the code to Symantec for validation) - but a malicious service could easy enough not validate you with Symantec themselves. 2FA does not necessarily fully negate the risks of password reuse. If I use Symantec VIP Access for both SiteA and SiteB, doesn't this effectively give SiteA TOTP tokens that it can use to impersonate me on SiteB? Is this analysis of Symantec VIP Access correct? If so, do I have any better alternatives than (futilely) asking administrators of systems that use Symantec VIP Access to switch to something that doesn't suck? ![]() I'm not sure how the crypto works, but if I use Symantec VIP Access for both SiteA and SiteB, doesn't this effectively give SiteA TOTP tokens that it can use to impersonate me on SiteB? Also, Symantec doesn't support any way to backup its secret - their documented work-around for a lost, broken, or replaced smartphone is to contact technical support at for each system with which I've registered my "credential ID". This software seems to generate a single secret, then I register the "credential ID" with other systems to allow them to recognize my TOTP stream. However, I've encountered a few systems that support only Symantec's "VIP Access" program. This system allows me to have separate TOTP streams for each site and allows me to backup my seeds (by printing the QR codes used to set them up). I'm most accustomed to using Google Authenticator / FreeOTP for my 2FA needs. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |