I started using a VeriSign Identity Protection Device back in 2008 to add another layer of security to the PayPal login process. Similar to the type of security required. There's still the other possibility where one of the sites stores your credential ID locally and gets compromised. Symantec VIP, the VIP stands for Validation & IP Protection, is one of the technologies that the company got when it acquired VeriSign. Lancashire County Council two factor authentication solution is the Symantec Soft Token VIP. If someone has access to your phone, they can already swipe to your other credentialId's. I've thought of a couple possibilities for why this might be ok.Īn attacker who can spoof the MFA codes would still need to know your username/password on each of the websites, but it seems like, for relatively low cost, this potential risk could be further mitigated by having the app generate/track multiple CredentialID's which would be linked to the device+website, instead of just the device. Unless I'm missing something, that means if someone is able to steal my credentialId from one of the sites, they can now spoof my MFA codes on any of them. It also seems this value is used to seed the OTP, which I verified by using the same 6-digit code to log in to both websites. the SMS security key), or stay logged in to PayPal in a second browser (not browser window, really a second browser app, otherwise the logins may interfere) until you are sure that the login also works with your OTP app.I recently discovered multiple unrelated websites that use Symantic VIP Access ask you to enter the "Credential ID" at the top of the app.
![symantec vip access app symantec vip access app](https://i2.wp.com/www.bayareatechpros.com/wp-content/uploads/2015/09/Add-PayPal-VIP-Access-Key.png)
Use python-vipaccess and this description at your own risk. PayPal may change their security key mechanisms at any point in time. I can only say that these steps worked at my end. Step 6: Log in to PayPal, go to Security > Security Keys and go through the steps for activating Symantec VIP Access.ĭISCLAIMER: I do not claim that this works for everyone. Step 5: Use your favourite OTP app to scan that barcode. Step 4: Run qrencode as described to turn this string into a QR code in your terminal. Step 3: Run the tool as described in the python-vipaccess README to generate an "otpauth://." string on the command line. If you decide for Python, read the Dependencies section, too.
#SYMANTEC VIP ACCESS APP INSTALL#
Step 2: Select one of the two methods to install and run the app. This is where python-vipaccess comes into play. and the secret is unique (for whatever reason).
#SYMANTEC VIP ACCESS APP SERIAL#
VIP Access uses a standard OTP algorithm, but the way of generating the serial no.
![symantec vip access app symantec vip access app](https://softwarereviews.s3.amazonaws.com/production/logos/offerings/4198/original/7cc1e939-1f45-4ad3-af48-df2bc997ab8asymantec_logo.png)
I used " qrencode" (available for macOS via Homebrew: brew install qrencode) that the author of python-vipaccess recommends.Īnd you need to know the steps for activating the Symantec VIP Access key in the PayPal security settings, as I will not repeat them here. You also need to have access to one of the QR code generation tools (there are many).
![symantec vip access app symantec vip access app](https://cdn.androidblip.com/icns/66/1/com_verisign_mvip_main____201574.png)
![symantec vip access app symantec vip access app](https://portals.clevelandclinic.org/portals/67/Images/VIP%20Logo%20Small.png)
#SYMANTEC VIP ACCESS APP HOW TO#
So here is how to get an OTP token for your faviourite OTP app using python-vipaccess.īut first, be aware that you need to be familiar with using the command line and either Python or Docker. Every other one-time password (OTP) app on the planet can manage arbitrary lists of OTP tokens. The problem with VIP Access is that it can only manage one single PayPal account. I found an inofficial way of creating working security keys without having to use the Symantec VIP Access app.