What does HackerNews think of python-vipaccess?

Symantec VIP is TOTP under the hood.

https://github.com/dlenski/python-vipaccess

Fortunately you can undo these steps for $BANK1 and use your TOTP authenticator of choice: https://github.com/dlenski/python-vipaccess

e: I think you added a reference to this as I was writing my comment :)

Personally, I don't, I explicitly and intentionally keep my Email, Password Manager and 2FA providers all distinct and separate. (This was very useful for extracting the TOTP secret out of the Symantec VIP 2FA system: https://github.com/dlenski/python-vipaccess)

At work, we do for non-person accounts. It's non-ideal, but I don't want to manage two separate systems for storing that data and trying to keep them in sync. The password vault system itself has a hard requirement for 2FA to download the vault.

Never interacted with Symantec’s system and thought it was one of the rare non-standard exceptions, but apparently it’s just normal TOTP with extra funky lock-in at the enrolment stage[1,2].

[1] https://www.cyrozap.com/2014/09/29/reversing-the-symantec-vi... (expired cert warning)

[2] https://github.com/dlenski/python-vipaccess

I’m not sure what the three are, but I was able to use Authy for all of my TOTP codes before I moved them all to the iOS/macOS keychain which now has TOTP support combined with autofill into the TOTP field in Safari.

But in any case, what I wanted to let you know is that you can convert the Symantec VIP token into a standard TOTP token.

https://github.com/dlenski/python-vipaccess

python-vipaccess might interest you. I used it for both PayPal and eBay at one point. https://github.com/dlenski/python-vipaccess

Is this the Symantec script you're referring to? https://github.com/dlenski/python-vipaccess Once you follow those steps you can generate codes from any TOTP system (Yubi, Android, etc).

If you trust python-vipaccess[0], you can use it to provision the token to load into your preferred TOTP app. It’s not a supported method but if you (or someone coming across this later) want to use another app it’s an option :) From WilsonHammer on Reddit[1]:

1) Install pip, a python package manager, using your OS package manager.

2) Install python-vipaccess by executing `pip install --user python-vipaccess`

3) Execute `vipaccess provision -p -t VSMT` - this will print out all the information needed. Note the Symantec ID (it looks like VSMT12345678). It is what goes in the "Credential ID" field when adding a new device on Schwab's website.

4) Save the `otpauth://...` data into data.txt.

4.5) (Optional) Modify the `issuer=Symantec` parameter to read `issuer=Charles%20Schwab` Also change `VIP%20Access:VSMT123456789` to your Schwab online banking username. These are purely aesthetic changes and will only make a difference in the label that shows up in the Google Auth app.

5) Install qrencode using your OS package manager.

6) Execute `qrencode.exe -o qr.png -s 15 < data.txt` to generate the QR image (qr.png) from your otpauth data file. The -s 15 scales how many pixels wide a QR block is in the image (in this case, 15).

7) Scan the QR image (qr.png) with your google auth app.

8) Go to Schwab -> Service -> Security Center -> Manage Two-Step Verification -> Add another Security Token and input the Symantec ID from step 3 (it looks like VSMT12345678) and the current rolling TOTP code from the Google Auth App. (If you use Authy you may have to type it manually)

[0] https://github.com/dlenski/python-vipaccess

[1] https://www.reddit.com/r/personalfinance/comments/hvvuwl/usi...

Was it Symantec? You can import that into Authy/Google Authenticator/1Password if you want. It's good at least for backup.

https://github.com/dlenski/python-vipaccess

FYI, you can use this utility to get the Symantec TOTP code into a standard TOTP program like Authy or Google Authenticator:

https://github.com/dlenski/python-vipaccess

Does this mean I can now add PayPal TOTP easily? I've got an existing key in Authy[0], but I'd like to move to a different authenticator app

[0] https://github.com/dlenski/python-vipaccess emulates the Symantec VIP app, allowing you to provision a secret key, then export it to a different authenticator app

It is possible to enroll hardware tokens, but I believe SMS is a prerequisite.

It's also allegedly possible to deactivate in a bunch of other ways, e.g. by adding a new credit card.

https://github.com/dlenski/python-vipaccess

Those proprietary 2FA devices are just TOTP with a weird provisioning system.

You can use a tool such as https://github.com/dlenski/python-vipaccess to use google authenticator/freeotp etc. to access paypal.

That said... I believe you still need a mobile number enrolled to enable a token.