What does HackerNews think of python-vipaccess?

Symantec VIP is TOTP under the hood.

https://github.com/dlenski/python-vipaccess

Fortunately you can undo these steps for $BANK1 and use your TOTP authenticator of choice: https://github.com/dlenski/python-vipaccess

e: I think you added a reference to this as I was writing my comment :)

Personally, I don't, I explicitly and intentionally keep my Email, Password Manager and 2FA providers all distinct and separate. (This was very useful for extracting the TOTP secret out of the Symantec VIP 2FA system: https://github.com/dlenski/python-vipaccess)

At work, we do for non-person accounts. It's non-ideal, but I don't want to manage two separate systems for storing that data and trying to keep them in sync. The password vault system itself has a hard requirement for 2FA to download the vault.

Never interacted with Symantec’s system and thought it was one of the rare non-standard exceptions, but apparently it’s just normal TOTP with extra funky lock-in at the enrolment stage[1,2].

[1] https://www.cyrozap.com/2014/09/29/reversing-the-symantec-vi... (expired cert warning)

[2] https://github.com/dlenski/python-vipaccess

I’m not sure what the three are, but I was able to use Authy for all of my TOTP codes before I moved them all to the iOS/macOS keychain which now has TOTP support combined with autofill into the TOTP field in Safari.

But in any case, what I wanted to let you know is that you can convert the Symantec VIP token into a standard TOTP token.

https://github.com/dlenski/python-vipaccess

python-vipaccess might interest you. I used it for both PayPal and eBay at one point. https://github.com/dlenski/python-vipaccess

Is this the Symantec script you're referring to? https://github.com/dlenski/python-vipaccess Once you follow those steps you can generate codes from any TOTP system (Yubi, Android, etc).

Was it Symantec? You can import that into Authy/Google Authenticator/1Password if you want. It's good at least for backup.

https://github.com/dlenski/python-vipaccess

FYI, you can use this utility to get the Symantec TOTP code into a standard TOTP program like Authy or Google Authenticator:

https://github.com/dlenski/python-vipaccess

Does this mean I can now add PayPal TOTP easily? I've got an existing key in Authy[0], but I'd like to move to a different authenticator app

[0] https://github.com/dlenski/python-vipaccess emulates the Symantec VIP app, allowing you to provision a secret key, then export it to a different authenticator app

It is possible to enroll hardware tokens, but I believe SMS is a prerequisite.

It's also allegedly possible to deactivate in a bunch of other ways, e.g. by adding a new credit card.

https://github.com/dlenski/python-vipaccess

Those proprietary 2FA devices are just TOTP with a weird provisioning system.

You can use a tool such as https://github.com/dlenski/python-vipaccess to use google authenticator/freeotp etc. to access paypal.

That said... I believe you still need a mobile number enrolled to enable a token.