Two-factor authentication is a smart approach to provide your online accounts an extra degree of security. It does, however, necessitate the usage of your smartphone, which is not only cumbersome but also potentially dangerous if your phone is lost or compromised. Password-protected online accounts, and hence your identity, can benefit from the addition of hardware security keys. They’re also simple to set up. Here’s how to add them to your Google, Facebook, and Twitter accounts.
Security keys link to your system through USB-A, USB-C, Lightning, or NFC, and they’re small enough to carry on a keychain (except for Yubico’s 5C Nano key, which is so small that it’s safest kept in your computer’s USB port). They employ a number of authentication methods, including FIDO2, U2F, smart cards, one-time passwords, and OpenPGP 3.
When you insert or connect a security key to your computer, your browser issues a challenge to the key, which includes the domain name of the site you’re trying to visit. The key then signs and authorizes the challenge, allowing you to log in to the service.
Twitter, Facebook, Google, Instagram, GitHub, Dropbox, Electronic Arts, Epic Games, Microsoft account services, Nintendo, Okta, and Reddit are just a few of the sites that accept U2F security keys. The best thing to do is go to the website of your security key of choice and see what services are supported – for example, here’s a list of YubiKeys apps.
Before you may use a security key, you must first complete the setup process. After then, it’s just a question of typing your password, inserting the key, and pushing the button to gain safe access to your online profile on a website.
Keep in mind that security-key data cannot be copied, migrated, or saved between keys (even if the keys are the same model). Because of this, keys cannot be simply reproduced and used elsewhere. You can use two-factor authentication on your cellphone or an authenticator app if you lose your security key. Then, if you wish to use a new key, you’ll have to go through the reauthorization process all over again.
HOW DO I KNOW WHICH SECURITY KEY TO USE?
There are several brands to choose from. Yubico, one of the FIDO U2F authentication standard’s inventors, offers various different variants. The Titan, Google’s own U2F key, is available in three versions: USB-C, USB-A / NFC, and Bluetooth / NFC / USB. The Kensington USB-A fingerprint-supporting key and the Thetis USB-A key are two other U2F keys.
We chose the YubiKey 5C NFC security key for this tutorial, which fits into a USB-C port and also works with phones through NFC. However, the procedure is pretty much the same for all hardware security keys.
LINKING YOUR GOOGLE ACCOUNT TO A KEY
You must have already set up two-factor authentication with your Google account (or any account) in order to use a security key.
1 Sign in to your Google account and go to the upper-right corner of your screen to your profile symbol. Then select “Manage your Google Account” from the drop-down menu.
2 Go to the left-hand menu and select “Security.” Scroll down to “Signing in to Google” and select the “2-step Verification” link. You may need to login in to your account again at this time.
3 Scroll down till you see the heading “Add extra second steps to confirm it’s you.” Look for the option “Security Key” and select “Add Security Key.”
4 A pop-up box will appear, listing your options, which include devices with built-in security keys as well as using an external security key. “USB or Bluetooth / External security key” should be selected.
5 A box will appear, instructing you to check that the key is nearby but not plugged in. As part of Google’s Advanced Protection Program (which is for users with “high visibility and sensitive information”), you’ll also see an option to use solely the security key. Click “Next” if you don’t fall into that group.
6 In the following box, you can register your security key. Place your key in the computer’s port. Once you get the Chrome pop-up requesting to read the make and model of your key, press the button on the key, then click “Allow.”
7 Assign a name to your key.
8 You’re all set now! You can rename or erase your key by going back to your Google account’s 2FA page.
LINKING YOUR TWITTER ACCOUNT TO A KEY
1 Log into your Twitter account and go to the left-hand column and choose “More.” From the menu, choose “Settings and privacy.”
2 Select “Security and account access” > “Security” > “Two-factor authentication” under the “Settings” header.
3 You’ll see three options: “Text message,” “Authentication app,” and “Security key.” Choose “Security key,” and you’ll be prompted for your password.
4 Press the “Start” button.
5 Place your security key in the port on your computer and push the key’s button.
6 When the window refreshes, it should say “Security key detected.” Give your key a name and click “Next.”
7 If you don’t have access to any of your other log-in methods, the window will say “You’re all set.” It will also provide you a one-time backup code to use if you don’t have access to any of them. Take a copy of the code and keep it somewhere safe.
8 Return to the “Two-factor authentication” page and click “Manage security keys” if you’ve changed your mind and wish to remove the security key.
9 Select the key’s name and then “Delete key.” You’ll be prompted to enter your password and confirm that you wish to delete the key.
LINKING YOUR KEY TO YOUR FB ACCOUNT
1 Go to your Facebook account and log in. Select “Settings & Privacy” > “Settings” from the triangle icon in the upper-right corner.
2 Select the “Security and Login” tab from the left sidebar now that you’re at “General Account Settings.”
3 Scroll down to the “Two-Factor Authentication” section and click “Edit” on the “Use two-factor authentication” option. It’s possible that you’ll be prompted for your password.
4 If you don’t have two-factor authentication set up, you’ll be offered three options: “Authentication App,” “Text Message (SMS),” and “Security Key.” It’s suggested that you use an authenticator app as your primary security, but you can choose “Security Key” if you prefer.
5 If you have 2FA enabled, the “Security Key” option can be found under “Add a Backup Method.”
6 In any case, you’ll get a pop-up box; select “Register Security Key” and then insert and push your security key’s button.
7 That’s all there is to it. If you don’t utilize 2FA, you’ll be prompted to enter your security key if you log in from an unfamiliar device or browser. If you do, you can use your key instead of your authentication app if you don’t have access to it.
8 Return to “Two-Factor Authentication,” find “Security Key” under “Your Security Method,” and click “Manage my keys” if you no longer want to utilize the key.