What does HackerNews think of python-vipaccess?
A free software implementation of Symantec's VIP Access application and protocol
e: I think you added a reference to this as I was writing my comment :)
At work, we do for non-person accounts. It's non-ideal, but I don't want to manage two separate systems for storing that data and trying to keep them in sync. The password vault system itself has a hard requirement for 2FA to download the vault.
[1] https://www.cyrozap.com/2014/09/29/reversing-the-symantec-vi... (expired cert warning)
But in any case, what I wanted to let you know is that you can convert the Symantec VIP token into a standard TOTP token.
1) Install pip, a python package manager, using your OS package manager.
2) Install python-vipaccess by executing `pip install --user python-vipaccess`
3) Execute `vipaccess provision -p -t VSMT` - this will print out all the information needed. Note the Symantec ID (it looks like VSMT12345678). It is what goes in the "Credential ID" field when adding a new device on Schwab's website.
4) Save the `otpauth://...` data into data.txt.
4.5) (Optional) Modify the `issuer=Symantec` parameter to read `issuer=Charles%20Schwab` Also change `VIP%20Access:VSMT123456789` to your Schwab online banking username. These are purely aesthetic changes and will only make a difference in the label that shows up in the Google Auth app.
5) Install qrencode using your OS package manager.
6) Execute `qrencode.exe -o qr.png -s 15 < data.txt` to generate the QR image (qr.png) from your otpauth data file. The -s 15 scales how many pixels wide a QR block is in the image (in this case, 15).
7) Scan the QR image (qr.png) with your google auth app.
8) Go to Schwab -> Service -> Security Center -> Manage Two-Step Verification -> Add another Security Token and input the Symantec ID from step 3 (it looks like VSMT12345678) and the current rolling TOTP code from the Google Auth App. (If you use Authy you may have to type it manually)
[0] https://github.com/dlenski/python-vipaccess
[1] https://www.reddit.com/r/personalfinance/comments/hvvuwl/usi...
https://github.com/dlenski/python-vipaccess
I then can store it in my 1Password which provides the new code every 30 seconds.
[0] https://github.com/dlenski/python-vipaccess emulates the Symantec VIP app, allowing you to provision a secret key, then export it to a different authenticator app
It's also allegedly possible to deactivate in a bunch of other ways, e.g. by adding a new credit card.
You can use a tool such as https://github.com/dlenski/python-vipaccess to use google authenticator/freeotp etc. to access paypal.
That said... I believe you still need a mobile number enrolled to enable a token.