Symantec is one of the largest and most well-known security vendors in the IT industry. The Symantec Validation and ID Protection (VIP) Service is a multifactor authentication (MFA) product that uses biometrics and smartphones to supplement standard username/password logins on a variety of servers and services. While this is marketed as a proprietary implementation, researchers confirmed a standard TOTP algorithm is used for OTP generation. However, the enrollment process consists of an additional step, which is creating a Credential ID on the Symantec VIP Servers, which in its turn is associated with standard TOTP secret (shared key).
The tool below allows creating Symantec VIP credential ID and shows the TOTP QR code to allow using Token2 programmable hardware tokens with Symantec VIP service.
- An Symantec VIP account. A demo account can also be used for testing purposes (click on "Test" on https://vip.symantec.com/ )
- Any Token2 programmable token
- An Android device with NFC* or Windows computer with NFC Writer device or built-in module - this is needed for the enrollment only, subsequent logins will only require the hardware token
- TOKEN2 NFC Burner app (Android or Windows version)
Step №1. Generate Credential ID using VIPAccess tool
THE TOOL IS PROVIDED “AS IS” WITHOUT ANY EXPRESS OR IMPLIED WARRANTY OF ANY KIND INCLUDING WARRANTIES OF MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE.