TWO FACTOR SECURITY KEY: wo-factor authentication is a smart approach to provide your online accounts an extra degree of security. It does, however, necessitate the usage of your smartphone, which is not only cumbersome but also potentially dangerous if your phone is lost or compromised. Password-protected online accounts, and hence your identity, can benefit from the addition of hardware security keys. They’re also simple to set up. Here’s how to add them to your Google, Facebook, and Twitter accounts.
Security keys link to your system through USB-A, USB-C, Lightning, or NFC, and they’re small enough to carry on a keychain (except for Yubico’s 5C Nano key, which is so small that it’s safest kept in your computer’s USB port). They employ a number of authentication methods, including FIDO2, U2F, smart cards, one-time passwords, and OpenPGP 3.
When you insert or connect a security key to your computer, your browser issues a challenge to the key, which includes the domain name of the site you’re trying to visit. The key then signs and authorizes the challenge, allowing you to log in to the service.
Twitter, Facebook, Google, Instagram, GitHub, Dropbox, Electronic Arts, Epic Games, Microsoft account services, Nintendo, Okta, and Reddit are just a few of the sites that accept U2F security keys. The best thing to do is go to the website of your security key of choice and see what services are supported – for example, here’s a list of YubiKeys apps.
Before you may use a security key, you must first complete the setup process. After then, it’s just a question of typing your password, inserting the key, and pushing the button to gain safe access to your online profile on a website.
Keep in mind that security-key data cannot be copied, migrated, or saved between keys (even if the keys are the same model). Because of this, keys cannot be simply reproduced and used elsewhere. You can use two-factor authentication on your cellphone or an authenticator app if you lose your security key. Then, if you wish to use a new key, you’ll have to go through the reauthorization process all over again.
WHICH SECURITY KEY SHOULD I USE?
There are several brands to choose from. Yubico, one of the FIDO U2F authentication standard’s inventors, offers various different variants. The Titan, Google’s own U2F key, is available in three versions: USB-C, USB-A / NFC, and Bluetooth / NFC / USB. The Kensington USB-A fingerprint-supporting key and the Thetis USB-A key are two other U2F keys.
We chose the YubiKey 5C NFC security key for this tutorial, which fits into a USB-C port and also works with phones through NFC. However, the procedure is pretty much the same for all hardware security keys.
PAIRING A KEY WITH YOUR GOOGLE ACCOUNT
You must have already set up two-factor authentication with your Google account (or any account) in order to use a security key.
Select your profile symbol in the upper-right area after logging into your Google account. Then select “Manage your Google Account” from the drop-down menu.
Select “Security” from the left-hand menu. Scroll down to the section titled “Signing in to Google.” Select “2-Step Verification” from the drop-down menu. You may need to login in to your account again at this time.
Scroll down until you see the heading “Add extra second steps to confirm it’s you.” Look for the option “Security Key” and select “Add Security Key.”
Your options will be listed in a pop-up box, which will include devices with built-in security keys as well as the ability to utilize an external security key. “USB or Bluetooth / External security key” should be selected.
A popup will appear, instructing you to check that the key is close but not plugged in. As part of Google’s Advanced Protection Program (which is for users with “high visibility and sensitive information”), you’ll also see an option to use solely the security key. Click “Next” if you don’t fall into that group.
You can register your security key in the next box. Place your key in the computer’s port. Once you get the Chrome pop-up requesting to read the make and model of your key, press the button on the key, then click “Allow.”
Assign a name to your key.
You’re all set now! You can rename or erase your key by going back to your Google account’s 2FA page.
PAIRING A KEY WITH YOUR TWITTER ACCOUNT
Log into your Twitter account and go to the left-hand column and choose “More.” From the menu, choose “Settings and privacy.”
Select “Security and account access” > “Security” > “Two-factor authentication” from the “Settings” menu.
There are three options available: “Text message,” “Authentication app,” and “Security key.” Select “Security key.” At this point, you’ll almost certainly be prompted for your password.
Insert your security key into the port on your computer and press the key’s button.
“Security key found,” the window should refresh. Click “Next” after giving your key a name.
The message in the window will now say, “You’re all set.” It will also provide you with a one-time backup code that you can use if you lose access to any of your other log-in options. Take a copy of the code and keep it somewhere safe.
Return to the “Two-factor authentication” page and click “Manage security keys” if you’ve changed your mind and wish to remove the security key.
Choose “Delete key” after clicking on the key’s name. To delete the key, you’ll need to enter your password and confirm that you wish to delete it.
LINKING YOUR KEY TO YOUR FB ACCOUNT
Go to your Facebook account and sign in. Select “Settings & Privacy” > “Settings” from the triangle icon in the upper-right corner.
You’re now on the “General Account Settings” page. From the left sidebar, select the “Security and Login” link.
Scroll down until you reach the “Two-Factor Authentication” area. On the “Use two-factor authentication” option, click “Edit.” It’s possible that you’ll be prompted for your password.
You’ll be given three options if you don’t have 2FA set up: “Authentication App,” “Text Message (SMS),” and “Security Key.” Although it is advised that you utilize an authenticator app as your primary security, you can just click on “Security Key” if you prefer.
If you have 2FA enabled, the “Security Key” option can be found under “Add a Backup Method.”
You’ll see a pop-up box in either case; click “Register Security Key.” You’ll be told to insert your security key and push the button on it.
That’s all there is to it. If you don’t utilize 2FA, you’ll be prompted to enter your security key if you log in from an unfamiliar device or browser. If you do, you can use your key instead of your authentication app if you don’t have access to it.
Return to “Two-Factor Authentication,” find “Security Key” under “Your Security Method,” and click “Manage my keys” if you no longer want to utilize the key.