TOTP for PayPal in 1Password - Success

AGAlumB

@cryptomanic: Ah, that explains it! I didn't have any of those myself. Thank you for letting us know your discovery! :)

[Deleted User]

Thanks to @steven0451 for starting this thread, and to everyone else who chipped in.

You're welcome man, glad you got it working in the end! ;)

AGAlumB

:) :+1:

cmw022

Was able to do this for paypal. Thanks. One hint: use the entire VSST12345678 string, not just the numeric part.

I want to use this technique to create a TOTP for a different account. I wonder, should I create a new credential with vipaccess or can I use the same one?

AGAlumB

Was able to do this for paypal. Thanks. One hint: use the entire VSST12345678 string, not just the numeric part.

Ah, that's a good point. I didn't even think of it, but I guess I did just as a matter of course.

I want to use this technique to create a TOTP for a different account. I wonder, should I create a new credential with vipaccess or can I use the same one?

I'd use a new one. I'm not sure there would be a benefit to reusing, since this isn't a physical token you have to carry around.

Shadow651

I just did this today and it works. Only potential issue is that one of the dependant libraries (PyCrypto) is not compatible with Python running on Win 10. Had to run a Ubuntu VM system on VirtualBox.

Any word on the expiration date?

AGAlumB

Ah, interesting. Glad you were able to work around that! Really not sure about expirations. There doesn't seem to be and information available about that.

ejkitchen

I am having the same issue as another user: "We're sorry. There's been an intermittent communication problem. Please try again later."

I deleted all of my previous tokens, disabled two factor, logged out and logged back in. Same issue. I also generated a new key a few times but that also did not work. I am noticing others getting this strange error message in other forums. If anyone else has advice, it would be great to hear from them.

AGAlumB

Unfortunately I'm not sure what to tell you, as it isn't something I've encountered, or that we have control over. Your best bet would be their forums, as I don't imagine this is something they'll actually support. :(

natpeterson

I used this today successfully with E*TRADE. They did not accept the VSST ID, but running vipaccess to provision with "-t SYMC" led to a credential which the etrade website accepted.

Ben

:+1:

Ben

pmocek

Note that while cyrozap's python-vipaccess is apparently abandoned, development is active in Dan Lenski's fork of it. I used dlenski/python-vipaccess v0.9.0 to successfully generate a token of credential type "VIP Access Mobile (no TrustZone)," for which the applicable prefix is "SYMC," and successfully authenticate to USAA using this token, a task which otherwise requires Symatec's VIP Access mobile phone application.

AGAlumB

Interesting. Thanks for sharing. :)

Moh_

Hi,

Thanks for sharing this. Worked wonders for me.

I just wanted to know, what happens when your security key expires before you renew it? Do you get locked out of your account? Has anyone here had any experience with this?

Thanks.

[Deleted User]

Hi Moh_,

I would imagine that once the expiry date is reached then the key will just need to be renewed.

I'm afraid that I won't experience that myself though because I've just made the push to get rid of eBay & PayPal from my life, managed to go entirely without it now.

AGAlumB

Indeed. And probably only PayPal knows for sure.

XIII

I can currently use both TOTP (via VIP) and SMS, so I hope SMS is still available when VIP expires.

Ben

:+1: :)

Ben

BLD

Thank you for this!! It not only helps with PayPal but with other vendors using Symantec VIP Access, like Fidelity.

Unfortunately, PayPal's stupid iOS app still only works with SMS, but they claim a "future update" will support VSMT tokens.

1Password -- you folks should integrate and directly support this.

AGAlumB

Thank you for this!! It not only helps with PayPal but with other vendors using Symantec VIP Access, like Fidelity.

Glad it helped you, but...just keep in mind that they don't seem to support it. :dizzy:

Unfortunately, PayPal's stupid iOS app still only works with SMS, but they claim a "future update" will support VSMT tokens.

That is odd. I wasn't aware of that. Thank you for mentioning it!

1Password -- you folks should integrate and directly support this.

That isn't going to happen unless PayPal and others offer a supported way of doing that. I'm not sure I'll hold my breath, but we can always hope. Cheers! :)

XIII

Unfortunately, PayPal's stupid iOS app still only works with SMS, but they claim a "future update" will support VSMT tokens.

I did not like that either. Good to hear that they might change it in the future!

Ben

:+1:

Ben