Solved: Digipass Go 6 secret key

Ray_Traeger · ‎12-14-2018

We would like to use the Digipass Go 6 key and purchased 100 of these from a Vasco reseller. I have been tole that I need to know the “secret Hex key” of each token. However when working with the reseller he informed me that he has no idea of such a key. Can anyone help with this.

DuoKristina · ‎12-21-2018

I’m sorry to hear you are having a poor experience with your third-party token purchase.

When a customer purchases hardware tokens directly from us we are able to import the seed information directly into Duo for the customer. Token vendors will not give us seeds for tokens we did not purchase on behalf of a customer.

There is risk involved with purchasing used or surplus HOTP tokens from a third-party. Even if the university was able to provide you with the secrets for the tokens you purchased, you have no idea how many people have already had access to that information before it got to you. If another copy of the seed info was stored anywhere else, it opens those tokens up for possible 2FA compromise.

When you buy RSA tokens they do send you the seed information for those tokens along with it in an encrypted format. If you lose the seeds you can’t import the tokens into RSA either.

Yubikey tokens are programmable, so they don’t rely on a static token seed info. We do recommend Yubikey tokens to customers who want to manage the token secrets themselves.

Duo, not DUO.

View solution in original post

DuoKristina · ‎12-20-2018

You should have received a PKSC file that contains the token secrets in encrypted format. Ask your reseller for this file.

Duo, not DUO.

Ray_Traeger · ‎12-20-2018

They bought them as surplus from the University of Indiana and that was not with them and Vasco will not help to supply it for them. The company has no support for there products. They have gone as far as to say they are trash and I need to buy from them. I
have shown them that they are legitimately purchase from the University but still nothing. I will not ever buy their products again. I looked and RSA tokens don’t have this issue. Yubico keys don’t have this issue either.

As ever.

Ray Traeger

DuoKristina · ‎12-21-2018

I’m sorry to hear you are having a poor experience with your third-party token purchase.

When a customer purchases hardware tokens directly from us we are able to import the seed information directly into Duo for the customer. Token vendors will not give us seeds for tokens we did not purchase on behalf of a customer.

There is risk involved with purchasing used or surplus HOTP tokens from a third-party. Even if the university was able to provide you with the secrets for the tokens you purchased, you have no idea how many people have already had access to that information before it got to you. If another copy of the seed info was stored anywhere else, it opens those tokens up for possible 2FA compromise.

When you buy RSA tokens they do send you the seed information for those tokens along with it in an encrypted format. If you lose the seeds you can’t import the tokens into RSA either.

Yubikey tokens are programmable, so they don’t rely on a static token seed info. We do recommend Yubikey tokens to customers who want to manage the token secrets themselves.

Duo, not DUO.

Thomas_Ebbing · ‎12-19-2022

I worked at company that used these as well and they were junk. You’re not out anything by never buying their stuff again…