Two-factor authentication is a great way to add an extra layer of security to online accounts. However, it requires the use of your smartphone, which is not only inconvenient, but which can be a problem if the phone is lost or broken. Hardware security keys can provide an extra layer of security to password-protected online accounts and in turn your identity. They are also not difficult to install. How to set them up for your Google Account, Facebook and Twitter.
Security keys can connect to your system using USB-A, USB-C, Lightning or NFC, and are small enough to be carried on a keychain (with the exception of the Yubico 5C Nano key, which is so small that it is safest when stored in the computer̵
When you insert a security key into your computer or connect to a wireless one, your browser issues a challenge to the key, which includes the domain name of the specific website you are trying to access. The key then signs cryptographically and allows the challenge to log in to the service.
Many sites support U2F security keys, including Twitter, Facebook, Google, Instagram, GitHub, Dropbox, Electronic Arts, Epic Games, Microsoft Account Services, Nintendo, Okta, and Reddit. The best thing to do is check the website of the security key you choose and see which services are supported – for example, here is a link to the apps supported by YubiKeys.
An installation process is required before you can use a security key. After that, it is easy to enter your password, enter the key and press the button securely to access your online profile on a website.
Remember that you cannot copy, transfer or store security key data between the keys (even if the keys are of the same model). It’s by design, so keys can not be easily duplicated and used elsewhere. If you lose your security key, you can use two-factor authentication on your mobile phone or an authentication app. So, if you want to use a new key, you will need to go through the process of re-authorizing your accounts.
Which security key should I use?
Several brand choices are available. Yubico, one of the developers of the FIDO U2F approval standard, sells several different versions. Google sells its own U2F key, called Titan, which comes in three versions: USB-C, USB-A / NFC or Bluetooth / NFC / USB. Other U2F keys include Kensington’s USB-A fingerprint support key and Thetis USB-A key.
For this procedure, we used the YubiKey 5C NFC security key, which fits into a USB-C port, but which also works with phones via NFC. The process is fairly similar for all hardware security keys.
Pair a key with your Google Account
To use a security key with your Google Account (or any account), you must already have two-factor authentication set up.
- Log in to your Google Account and select your profile icon at the top right. Then select “Manage your Google Account.”
- Click on “Security” in the menu on the left. Scroll down until you see “Sign in to Google.” Click the “2-Step Verification” link. At this point, you may need to sign in to your account again.
- Scroll down until you see the heading “Add several more steps to confirm it’s you”. Look for the “Security Key” option and click “Add Security Key.”
- A pop-up pane will display your options, which include devices that have built-in security keys and the ability to use an external security key. Select “USB or Bluetooth / external security key.”
- You will see a route telling you to make sure the key is nearby but not connected. You will also see an option to use only the security key as part of the Google Advanced Protection Program (which is for users with “high visibility and sensitive information”). Assuming you do not fall into that category, click “Next” .
- The next box allows you to register the security key. Insert the key into the computer port. Press the button on the key, then click “Allow” when you see the Chrome pop-up window asking to read the make and model of the key.
- Give the key a name.
- Now you are ready! You can return to the 2FA page of your Google Account to rename or remove the key.
Pair a key with your Twitter account
- Log in to your Twitter account and click on “More” in the left column. Select “Settings and privacy” from the menu.
- Under the heading “Settings”, select “Security and account access”> “Sikkerhet”> “Two-factor authentication.”
- You will see three options: “Text message”, “Authentication app” and “Security key.” Click “Security Key.” You will probably be asked for your password at this time.
- Select Start.
- Insert the security key into the computer port, and then press the key.
- The window should be refreshed to say “Security key found.” Enter a name for the key and click “Next”.
- The window will now read “You are ready.” It will also provide you with a one-time backup code that you can use if you do not have access to any of your other login methods. Copy the code and put it in a safe place.
- If you have changed your mind and want to remove the security key, go back to the “Two-factor authentication” page and select “Manage security keys.”
- Click on the name of the key, then select “Delete key.” You must enter your password and confirm that you want to delete the key.
Connect a key with your Facebook account
- Log in to your Facebook account. Click the triangle icon at the top right and select “Settings & Privacy”> “Settings.”
- You are now in “General Account Settings.” Select the “Security and Login” link from the left sidebar.
- Scroll down until you see the section labeled “Two-factor authentication.” Click “Edit” on “Use Two-Factor Authentication”. You may be asked for your password.
- If you have not set up 2FA, you will have three options: “Authentication app”, “Text message (SMS)” and “Security key.” It is recommended that you use an authentication app as your primary security, but if you prefer, you can just click on “Security Key.”
- If you have set up 2FA, you will find the “Backup Key” option under “Add a backup method.”
- Either way, you get a popup route; click “Register Security Key.” You will be prompted to insert the security key and press the button.
- And that’s it. If you are not using 2FA, you will now be prompted for the security key if you are logging in from an unknown device or browser. If you do, you can use your key if you do not have access to your authentication app.
- If you no longer want to use the key, go back to “Two-factor authentication”, find “Security key” under “Your security method” and click on “Manage my keys.”