Worried about storing the secrets used to generate those OATH codes used by 2-step verification on your mobile? With the YubiKey NEO and our OATH applet, you can store them instead securely on your YubiKey NEO and use ANY NFC equipped smartphone or tablet to display the current set. See this in operation in this video.

SCRIPT:
Welcome to Yubico!

In this video, I'm going to show the YubiKey NEO loaded with our OATH applet being used with my Android smartphone to display OATH one time passcodes or OTP. These OTPs are used for two step verification with services such as Google Apps, DropBox, HotMail and so on. The one time passcodes are 6 or 8 digit numbers that change every 30 seconds or on every request. You may already have the Google Authenticator app on your smart phone; beware - the crytographic secrets used to generate the next code are stored on the device and could be phished by malware. It's also difficult to move the credentials to another device. With the YubiKey NEO and OATH applet, you carry those secrets on your key chain, and can use any NFC equipped phone or tablet with the YubiOATH app to display the current set of one time passcodes; once set up, the cryptographic secrets never leave the safety of your YubiKey NEO!

I've downloaded the YubiOATH app from Google's Play Store. Let's run it. When I tap my YubiKey NEO on the back of my Galaxy Nexus it shows my credential list is empty. Let's add a new credential. These are generally displayed by the service as a QR Code - I have setup a test code in my browser. From the menu I select "Scan new QR-code" point the camera at my browser and the app captures the credential details. I tap my YubiKey NEO to my phone and the credential is securely stored on my NEO and erased from the phone and the display shows the current OTP. Notice the timer bar - once 30 seconds passed, the OTP is greyed out. To get the next OTP, I just tap again and it updates the OTP. I can store many credentials on my YubiKey NEO - I have several on another NEO - let's see them: I tap that NEO on the back on my phone and the list of OTPs is displayed.

I can also password protect my credentials on my NEO and delete expired credentials. Want to know more? Go to yubico.com

otpauth://totp/Yubico:TestUser@yubico.com?secret=aabbaabbaabbaabbaabbaabbaabbaacc
otpauth://hotp/Ubuntu:MyLogin?secret=aabbaabbaabbaabbaabbaabbaabbaadd&digits=6
otpauth://totp/AmazonWS:User?secret=aabbaabbaabbaabbaabbaabbaabbaaee&digits=8

Loading more stuff…

Hmm…it looks like things are taking a while to load. Try again?

Loading videos…