![]() ![]() We appreciate your patience waiting as we come to the line to help you enable this protection on your new device. They will then enable the feature on your new phone. Although i'd argue complaining to their customers is likely to have a bigger impact. After a representative disables Symantec VIP from your old device, you will need to provide them with the 8 digit number that follows SYMC on the Symantec VIP app. The only other option is to complain to Symantec. However from a security / marketing perspective its arguably better - if someone steals your phone you'll probably notice, if someone cloned your token you might not.ĭo I have any better alternatives than (futilely) asking administrators of systems that use Symantec VIP Access to switch to something that doesn't suck? Symantec doesn't support any way to backup its secret - their documented work-around for a lost, broken, or replaced smartphone is to contact technical support at for each system with which I've registered my "credential ID". It is worth noting sites can optionally integrate push based notification (where the app asks Symantec to ask your phone to generate a token for it) or QR based authentication (where a QR code is presented which your phone uses when generating the token). I doubt Symantec would allow the same code to be used twice (the system requires the service to send the code to Symantec for validation) - but a malicious service could easy enough not validate you with Symantec themselves. 2FA does not necessarily fully negate the risks of password reuse. If I use Symantec VIP Access for both SiteA and SiteB, doesn't this effectively give SiteA TOTP tokens that it can use to impersonate me on SiteB? First-time Registration of Symantec VIP Digital Token After entering the Credential ID associated with your token, you will then need to enter two subsequent. Is this analysis of Symantec VIP Access correct? If so, do I have any better alternatives than (futilely) asking administrators of systems that use Symantec VIP Access to switch to something that doesn't suck? I'm not sure how the crypto works, but if I use Symantec VIP Access for both SiteA and SiteB, doesn't this effectively give SiteA TOTP tokens that it can use to impersonate me on SiteB? Also, Symantec doesn't support any way to backup its secret - their documented work-around for a lost, broken, or replaced smartphone is to contact technical support at for each system with which I've registered my "credential ID". This software seems to generate a single secret, then I register the "credential ID" with other systems to allow them to recognize my TOTP stream. However, I've encountered a few systems that support only Symantec's "VIP Access" program. This system allows me to have separate TOTP streams for each site and allows me to backup my seeds (by printing the QR codes used to set them up). I'm most accustomed to using Google Authenticator / FreeOTP for my 2FA needs. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |