12-14-2018 10:30 PM
We would like to use the Digipass Go 6 key and purchased 100 of these from a Vasco reseller. I have been tole that I need to know the “secret Hex key” of each token. However when working with the reseller he informed me that he has no idea of such a key. Can anyone help with this.
Solved! Go to Solution.
12-21-2018 07:09 AM
I’m sorry to hear you are having a poor experience with your third-party token purchase.
When a customer purchases hardware tokens directly from us we are able to import the seed information directly into Duo for the customer. Token vendors will not give us seeds for tokens we did not purchase on behalf of a customer.
There is risk involved with purchasing used or surplus HOTP tokens from a third-party. Even if the university was able to provide you with the secrets for the tokens you purchased, you have no idea how many people have already had access to that information before it got to you. If another copy of the seed info was stored anywhere else, it opens those tokens up for possible 2FA compromise.
When you buy RSA tokens they do send you the seed information for those tokens along with it in an encrypted format. If you lose the seeds you can’t import the tokens into RSA either.
Yubikey tokens are programmable, so they don’t rely on a static token seed info. We do recommend Yubikey tokens to customers who want to manage the token secrets themselves.
12-20-2018 07:11 AM
You should have received a PKSC file that contains the token secrets in encrypted format. Ask your reseller for this file.
12-20-2018 05:42 PM
They bought them as surplus from the University of Indiana and that was not with them and Vasco will not help to supply it for them. The company has no support for there products. They have gone as far as to say they are trash and I need to buy from them. I
have shown them that they are legitimately purchase from the University but still nothing. I will not ever buy their products again. I looked and RSA tokens don’t have this issue. Yubico keys don’t have this issue either.
As ever.
Ray Traeger
12-21-2018 07:09 AM
I’m sorry to hear you are having a poor experience with your third-party token purchase.
When a customer purchases hardware tokens directly from us we are able to import the seed information directly into Duo for the customer. Token vendors will not give us seeds for tokens we did not purchase on behalf of a customer.
There is risk involved with purchasing used or surplus HOTP tokens from a third-party. Even if the university was able to provide you with the secrets for the tokens you purchased, you have no idea how many people have already had access to that information before it got to you. If another copy of the seed info was stored anywhere else, it opens those tokens up for possible 2FA compromise.
When you buy RSA tokens they do send you the seed information for those tokens along with it in an encrypted format. If you lose the seeds you can’t import the tokens into RSA either.
Yubikey tokens are programmable, so they don’t rely on a static token seed info. We do recommend Yubikey tokens to customers who want to manage the token secrets themselves.
12-19-2022 03:53 PM
I worked at company that used these as well and they were junk. You’re not out anything by never buying their stuff again…
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide