A few days ago I ordered some Yubico FIDO U2F security keys, after reading that they are a useful way to help secure various online accounts and keep intruders out. These cost US$18 each, either singly or in 50-unit bulk packaging. They arrived, packaged inconspicously, promptly after I placed my order.
The individually packaged devices come in small vinyl pouches with tamper-evident seals. They are USB devices, for the the traditional USB A and B socket. They are narrow enough to fit in a USB socket even when another device is in the next socket.
Personally, I have been using the Google Authenticator app on my smartphone for several years to provide two-factor authenticaion (2FA). Any online account of mine that supports 2FA has it. This includes email, github, dropbox, and others. However, the Authenticator has a frustrating limitation. Upon retiring one smartphone and replacing it for another, its settings don’t carry over. When this happened to me, I was able to recover access to most of my accounts by using one the emergency one-time passwords issued to me. But one service (I’m looking at you, AWS) doesn’t offer emergency passwords and I had to go through a manual recovery process. It was secure, but it took a while.
So, naturally I’m curious about alternatives to the Authenticator app. Let’s give this Yubico gizmo a try.
In the tiny little package there was a URL yubico.com/sec. It takes you to an https-secured web site.
Google asked me to repeat my password, then took me to their 2-step verification page. Scrolling down to the bottom revealed a link marked “ADD SECURITY KEY.”
Clicking the link took me through a straightforward wizard-style setup sequence. I was prompted to insert the key, then tap the little disk on the device. That was it. The device was enabled. The device requires the use of Google Chrome to get into gmail.
Once I enabled the device, authenticating to Gmail was easy. It prompted for user name and password. Then I inserted the device and the little key on the gold disk started flashing. I tapped the disk and I was in.