How to use a two-factor security key

-
Two-factor authentication is a good way to add an extra layer of security to online accounts. It requires the use of your smartphone, however, which is not only inconvenient, but it can be a problem if your phone is lost or breached. Hardware security keys can offer an extra layer of security to password-protected online accounts and, in turn, your identity. They’re also not hard to install. Here’s how to set them up for your Google account, Facebook, and Twitter.

Security keys connect to your system using USB-A, USB-C, or Bluetooth, and they are small enough to be carried on a keychain (with the exception of Yubico’s USB-C nano key, which is so small that it’s safest when kept in your computer’s USB port). They mainly use an open authentication standard called FIDO U2F. There is also an improved Fido2 standard, although not all the keys or applications use it.

When you insert a security key into your computer or connect it wirelessly and press a button on the key, your browser issues a challenge to the key, which includes the domain name of the specific site you are trying to access. The key then cryptographically signs and allows the challenge, logging you into the service.

Many sites support U2F security keys, including Twitter, Facebook, Google, Instagram, GitHub, Dropbox, Electronic Arts, Epic Games, Microsoft account services, Nintendo, Okta, and Reddit. You can also use it to log into macOS, but not Windows — not yet, anyway. The Fido2 standard can use Windows Hello together with Microsoft’s Edge browser to authenticate Windows if the key supports it. However, as far as we know, keys cannot be used on some devices, such as Android TVs or Nvidia Shields, so do your research beforehand.

There is a setup process that is necessary before you can use a security key. After that, securely accessing your online profile on a site is a simple matter of entering your password, inserting the key, and tapping the button.

Keep in mind that you can’t copy, migrate, or save security key data between keys (even if the keys are the same model). That is by design, so keys can’t be easily duplicated and used elsewhere. If you lose your security key, you can use your cellphone’s two-factor authentication or authenticator app. Then, if you want to use a new key, you will have to go through the process of reauthorizing your accounts all over again.

WHICH SECURITY KEY SHOULD I USE?
There are several available brand choices. Yubico, which is one of the developers of the FIDO U2F authentication standard, sells several different versions. Google sells its own U2F key, called the Titan (which has come under scrutiny for being manufactured in China). Google does include a spare key that has a Bluetooth function, but that has to be charged, which could be an issue if it suddenly runs out of power at an inconvenient time. Other U2F key manufacturers include Kensington and Thetis, which also offer USB-A keys but lack USB-C variants.

For this how-to, I used the YubiKey 5 NFC security key, which fits into a USB-A port for desktops, but it also works with Android phones and the iPhone via NFC. The process is pretty much the same for all hardware security keys, though.

PAIRING A KEY TO YOUR GOOGLE ACCOUNT

  • In order to use a security key with your Google account (or any account), you need to already have two-factor authentication set up.
  •  Log in to your Google account, and click on your profile icon on the upper right-hand corner. Select “Google Account.”
  • On the left-hand menu, click on “Security.” Scroll down until you see “Signing in to Google.” Click on the “2-step verification” link. At this point, you may need to sign into your account again.
  • Scroll down until you see “Set up alternative second step.” Look for the “Security Key” option and click on “Add Security Key.”
  • You’ll get a box telling you to make sure the key is nearby but not plugged in. Click “Next.”
  • Insert your key into your computer port. Tap the button on the key, then click “Allow” once you see the Chrome pop-up asking to read the make and model of your key.
  • Give your key a name.
  • Now you’re set! You can come back to your Google account’s 2FA page to rename, add, or remove additional keys.


PAIRING A KEY TO YOUR FACEBOOK ACCOUNT

  • Log into your Facebook account.
  • Click on the drop-down menu icon on the upper right-hand corner and select “Settings.”
  • Now you’re at “General Account Settings.” Select the “Security and Login” link from the left sidebar.
  • Scroll down until you see the section labeled “Two-Factor Authentication.” Click “Edit” on the “Use two-factor authentication” option.
  • Click on “Get Started” to set up a text message or an authentication app as your two-factor method.
  • Head back to “Two-Factor Authentication” and scroll down to “Add a Backup.” Select “Setup” for the Security Key option.
  • Enter your Facebook password and click “Submit.” Insert your security key into the USB port, tap your button. You should get a confirmation pop-up.
  • You can revisit the “Two-Factor Authentication” page from “Security and Login” to add, remove, or rename security keys tied to your account.

Comments

Post a Comment

Popular posts from this blog

The OnePlus 7 is looking unlikely to have wireless charging

-
Image
Comments made by OnePlus CEO Pete Lau at Mobile World Congress 2019 in Barcelona have cast doubt over the hopeful expectation that the next OnePlus flagship phone will have wireless charging. In speaking with CNET, Lau calls wireless charging “far inferior” to his company’s wired Warp Charge and the tone of the interview, via a translator, was apparently strong enough for CNET to conclude that the feature will definitely not be on the OnePlus 7. The sentiments expressed by Lau echo previous comments he’s made, saying that OnePlus won’t include wireless charging until it can be made as fast as the company’s wired charging, but fans of the brand will have been hoping to hear a different tune in the buildup to the company’s first release of 2019. I reached out to OnePlus, asking the company to confirm or deny the reported absence of wireless charging from its next flagship. What I received was something approaching an implicit confirmation: OnePlus reiterated its belief that the speed o
Read more

YouTube is disabling comments on almost all videos featuring children

-
Image
Only a few select channels will have comment sections enabled. YouTube will no longer allow the majority of channels featuring kids to include comment sections following a controversy over predatory comments being posted on videos of children. YouTube will temporarily remove comments from videos that feature minors in the coming months. Only a select few channels with children will be allowed to include a comment sections, but even that comes with a caveat: they’ll be required to monitor their comments for safety. “These channels will be required to actively moderate their comments, beyond just using our moderation tools, and demonstrate a low risk of predatory behavior,” YouTube wrote in a blog post. YouTube also says it’s launched a better algorithm to let it automatically “identify and remove predatory comments.” The classifier is “more sweeping in scope,” according to the blog post, and will catch up to twice as many predatory comments from individuals. YouTube’s decision
Read more

Samsung will include preinstalled screen protector on Galaxy S10 and S10 Plus

-
Image
Not all screen protectors will work with the ultrasonic fingerprint reader, so Samsung is giving you one. Buyers of the new Samsung Galaxy S10 and S10 Plus will find a preinstalled plastic screen protector on their device when they unbox it beginning March 8th. Samsung has confirmed that it’s shipping the S10 with a protector on the display, meaning you won’t have to immediately hunt for something that’s compatible with the ultrasonic in-display fingerprint sensor on day one. Now, this is just your very basic screen protector — similar to what OnePlus does with their phones, if I had to guess — and it isn’t glass, so it’s bound to scratch over time. The included protector thus doesn’t have any sort of warranty on how long it’ll last. Samsung will sell extras of its first-party screen protector for $29.99, but the company doesn’t plan to bring it to Best Buy or carrier stores since they’ll likely be carrying other, similar options. The Galaxy S10E won’t have this screen protector
Read more