How to use a two-factor security key?

Two-factor authentication is a good way to add an extra layer of security to online accounts. However, it does require the use of your smartphone, which is not only inconvenient but can also be a problem if your phone is lost or breached. Hardware security keys can offer an additional layer of security to password-protected online accounts and therefore to your identity. Installation is not difficult either. Here’s how to set them up for your Google account, Facebook, and Twitter.

Security keys can be connected to your system using USB-A, USB-C, Lightning, or NFC, and they’re small enough to be carried on a keychain (with the exception of Yubico’s 5C Nano key, which is as small as it’s safest when stored in your computer’s USB port). They use various authentication standards: FIDO2, U2F, smart card, OTP and OpenPGP 3.

When you add a security key to your computer or connect one wirelessly, your browser sends a query to the key containing the domain name of the particular site you are trying to access. The key is then cryptographically signed and allows you to log into the service, allowing the challenge.

Many sites support U2F security keys, including Twitter, Facebook, Google, Instagram, GitHub, Dropbox, Electronic Arts, Epic Games, Microsoft account services, Nintendo, Okta, and Reddit. The best thing to do is to check the website for your preferred security key and see what services are supported – for example, here is a link to apps supported by YubiKeys.

A setup process is required before using a security key. After that, securely accessing your online profile on a site is a simple matter of entering your password, entering the key, and tapping the button.

Note that you cannot copy, move, or save security key data between keys (even if the keys are the same model). This is by design, so keys cannot be easily copied and used elsewhere. If you lose your security key, you can use two-factor authentication on your mobile phone or an authentication app. Then, if you want to use a new key, you will have to go through the process of reauthorizing your accounts again.

In relation :  Salt and Sacrifice Refuge Key and Trader Raury explained

Which security key should I use?

There are several brand options available. Yubico, one of the developers of the FIDO U2F authentication standard, sells several different versions. Google sells its own U2F key, It’s called titan, comes in three versions: USB-C, USB-A / NFC or Bluetooth / NFC / USB. Other U2F switches include Kensington’s USB-A fingerprint supporting keyand Thetis USB-A switch.

For this how-to, we used the YubiKey 5C NFC security key, which fits into a USB-C port but also works with phones over NFC. Still, the process is pretty similar for all hardware security keys.

Pairing a key with your Google account

To use a security key with your Google account (or any account), you must have two-factor authentication set up beforehand.

  • Sign in to your Google account and select your profile icon in the upper right corner. Then select “Manage your Google Account”.
  • Click on “Security” in the left menu. Scroll down until you see “Signing in to Google”. Click the “2-Step Verification” link. At this point, you may need to sign in to your account again.

Go to ‘Security’ > ‘Google Sign-in’ > ‘2-Step Verification’.

  • Scroll down until you see the “Add more second steps to verify it’s you” heading. Find the “Security Key” option and click “Add Security Key”.
  • A drop-down box lists your options, including devices with built-in security keys and the option to use an external security key. Select “USB or Bluetooth / External security key”.
  • You will see a box telling you to make sure the switch is nearby but not plugged in. You’ll also see an option to use only the security key as part of Google’s Advanced Protection Program (this means “high visibility and sensitive information”). Click “Next” assuming you do not fall into this category.
  • The next box lets you save your security key. Plug your key into your computer port. Press the button on the switch, then click “Allow” when you see the Chrome popup asking you to read the make and model of your switch.
  • Give your key a name.
  • You are now ready! You can return to the 2FA page of your Google account to rename or remove your key.

Pairing a key with your Twitter account

  • Log in to your Twitter account and click on the “More” option in the left column. Select “Settings and privacy” from the menu.
  • Under “Settings”, select “Security and account access” > “Security” > “Two-factor authentication”.
  • You will see three options: “Text message”, “Authentication app” and “Security key”. Click on “Security key”. You will probably be asked for your password at this point.
  • Select “Start”.

Once your security key is saved, you will get a backup code (deleted from here), just in case.

Once your security key is saved, you will get a backup code (deleted from here), just in case.

  • Insert your security key into your computer port, and then press the key’s button.
  • The window should refresh to say “Security key found”. Type a name for your key and click “Next”.
  • The window will now say “You’re all set”. It will also give you a one-time backup code to use if you don’t have access to your other sign-in methods. Copy this code and put it in a safe place.
  • If you’ve changed your mind and want to remove the security key, go back to the ‘Two-factor authentication’ page and select ‘Manage security keys’.
  • Click on the name of the key and then select the “Delete Key” option. You need to enter your password and confirm that you want to delete the key.

Pairing a key with your Facebook account

  • Login to your Facebook account. Click the triangle icon in the upper right corner and select “Settings & Privacy” > “Settings”.
  • You are now in “General Account Settings”. Select the “Security & Login” link from the left sidebar.
  • Scroll down until you see the section labeled “Two-Factor Authentication”. In the “Use two-factor authentication” option, click “Edit”. You may be asked for your password.
  • If you don’t have 2FA setup, you will be presented with three options: “Authentication App”, “Text Message (SMS)” and “Security Key”. It is recommended that you use an authentication app as your primary security, but simply click “Security Key” if you wish.

You can use a security key as your main authentication method.

You can use a security key as your main authentication method.

  • If you have 2FA setup, you will find the “Security Key” option under “Add Backup Method”.
  • Either way, you’ll get a popup box; Click “Save Security Key”. You will be prompted to enter your security key and press the button.
  • And that’s it. If you’re not using 2FA, you will now be asked for a security key if you sign in from an unrecognized device or browser. If you do, you can use your key if you don’t have access to your authentication application.
  • If you no longer want to use the key, return to “Two-Factor Authentication”, find “Security Key” under “Your Security Method” and click “Manage my keys”.