Yubico FIDO U2F Security Key

· · · Gadget

Yubico FIDO U2F Security Key is a USB device that uses the FIDO U2F protocol. It will work with websites that support the FIDO U2F protocol like Facebook, Google, Google Apps, GitHub, BitBucket, and Dropbox.

FIDO Alliance, or just FIDO, in short, is an open authentication industry consortium.

U2F stands for Universal 2nd Factor. It is an open authentication standard that strengthens and simplifies two-factor authentication using specialized USB or NFC devices based on similar security technology found in smart cards (Source: Wikipedia).

Yubico sells their FIDO U2F Security Key on Amazon for US$17.99 (S$29). It does ship to Singapore directly for an additional US$5.05 (S$8) in shipping fee.

On Yubico website, the FIDO U2F Security Key is retailing for US$18 and shipping is an additional US$5. It is US$0.04 cheaper than Amazon.

The security key weighs 3g, is crush-resistant and waterproof. There is also a hole for you to attach it to your keychain.

It identifies itself as a USB Human Interface Device (HID) device which is a standard on all computers (Windows, Mac OS, and Linux). You do not need to install any software or drivers on the computer.

Yubico FIDO U2F Security Key - Packaging Front
Yubico FIDO U2F Security Key – Packaging Front

Yubico FIDO U2F Security Key - Packaging Back
Yubico FIDO U2F Security Key – Packaging Back

Yubico FIDO U2F Security Key - Packaging Open
Yubico FIDO U2F Security Key – Packaging Open

Yubico FIDO U2F Security Key - Top
Yubico FIDO U2F Security Key – Top

Yubico FIDO U2F Security Key - Bottom
Yubico FIDO U2F Security Key – Bottom

Yubico FIDO U2F Security Key
Yubico FIDO U2F Security Key

Google Internet Safety
As part of Google Internet Safety initiative, Google sometimes give away the Yubico FIDO U2F Security Key.

Google - Internet Safety
Google – Internet Safety

Google - Internet Safety
Google – Internet Safety

Thanks to Lucian from Google’s Trust and Safety team for passing me the Yubico FIDO U2F Security Key.

Google - Yubico FIDO U2F Security Key
Google – Yubico FIDO U2F Security Key

The previous pictures of the Yubico FIDO U2F Security Key are taken when I bought it from Amazon for my brother. The packaging contents differ slightly.

Using it with Google
I am already using 2FA for my Google account since 2012. You can head over to myaccount.google.com/signinoptions/two-step-verification to get yours setup if you haven’t done so.

Google supports Google Prompt, security key, authenticator app and voice/text messages as your Two-Factor Authentication (2FA).

Google - 2 Step Verification - Methods - Before
Google – 2 Step Verification – Methods – Before

Google Prompt is Google’s new 2FA option which was launched last year (2016). Google Prompt as the name sounds, sends a prompt to your phone. The prompt will ask if you’re trying to sign in and you just have to tap “Yes” or “No”. For iOS users, you need install the Google iOS App. For Android users, it should be automatically available to you if you are using Google Play store.

Authenticator apps are a type of app you can install on your mobile phone that generates a token based on Time-based One-time Password Algorithm (TOTP) or HMAC-based One-time Password Algorithm (HOTP). The token is then used for your 2FA login.

Personally, I am using Authy (iOS | Android) as my authenticator app. You can also use Google Authenticator (iOS | Android) or Microsoft Authenticator (iOS | Android). If you are using 1Password, it also supports one-time password.

Google has been supporting physical USB security key as a 2FA option since 2014. To setup a security key like a Yubico FIDO U2F Security Key on your Google account, go to:

2-step Verification > Set up alternative second step > Security Key

Google - 2 Step Verification - Security Key - Add
Google – 2 Step Verification – Security Key – Add

Google - 2 Step Verification - Security Key - Register
Google – 2 Step Verification – Security Key – Register

Google - 2 Step Verification - Security Key - Registered
Google – 2 Step Verification – Security Key – Registered

Note that both security key and Google Prompt cannot be activated for the same Google Account. I am not too sure why is there such a limitation. So you have to choose a different type of 2FA such as an authenticator app or voice/text messages in order to use the security key as your alternative 2FA.

Google - 2 Step Verification - Methods - After
Google – 2 Step Verification – Methods – After

Summary
In layman terms, Yubico FIDO U2F Security Key is a hardware 2FA USB device that you have to physically plug into a computer when logging in to websites that support the FIDO U2F protocol.

Google - Sign In
Google – Sign In

After entering your username and password on the login page, you will be prompted to insert the security key into a USB port and press the button on it. That’s it. You do not need to key in any 2FA token or SMS verification code anymore.

Google - Sign In - Security Key
Google – Sign In – Security Key

If you are logging in to those sites using your mobile phone, you still have to use an authenticator app or voice/text message as your 2FA.

You Might Also Be Interested In