U2F standard USB keys allow you to easily add a second level of authentication, in addition to the traditional password, on Google and Facebook.
Google, Facebook, Dropbox… these sites use the classic combination of a username and password to identify you. They are therefore easily accessible by a hacker who possesses these two pieces of information, hence the idea of securing them by an additional confirmation, called two-factor authentication. This confirmation is usually done by mobile phone: the site sends an SMS containing a code that must then be entered to confirm its identity.
But there is now a more secure way: a USB key that does not store data, but authenticates a user using the U2F (Universal 2nd Factor), managed by the FIDO alliance. This type of key costs from 10 euros and works on Windows, macOS and Linux, provided you have a compatible web browser (Chrome and Opera, or even Firefox with a specific extension). Here’s how to use it in three steps with Google and Facebook.
1 – Enable two-factor authentication
In Facebook, click on the triangle icon to the right of the padlock, in the top toolbar, and choose Settings from the drop-down menu. Click Security in the icon area on the left, then click Edit in Connection Approvals. You will absolutely need to provide a mobile number first, in case you lose your key.
Click on Add a phone in the section dedicated to two-factor authentication. A window opens and asks to indicate the number of the telephone which will receive the authentication SMS.
Finally, click on Activate at the top of the two-factor authentication area.
Log in normally to your Gmail account, then click on the circle at the top right of the window and on the My account button. The account settings then appear in another tab of the browser.
In the Connection and security section, click on Connect to Google.
Then choose Two-step validation.
An assistant is triggered and asks for the account password, then to enter the phone number that will be used for authentication. An SMS is then sent to the phone and must be entered to complete the operation.
2 – Register the U2F USB key
When using for the first time, it is advisable to first insert the USB key into the computer so that it is initialized by the operating system.
Go to Settings, Security, then in the section dedicated to two-factor authentication, as in step 1. Click on Add a key in the Security keys section.
A wizard is then triggered and guides the user through the registration steps.
On some U2F key models, for example those from Yubico, you must place your finger on a golden circle to activate the key and complete the operation.
It is more practical to register the key just after step 1, this avoids going through the two-step validation phase again. At the bottom of the page is the Security Key option. Then click on Add a security key.
A wizard then appears to finalize the registration phase and the key is ready for use.
3 – Use the USB key to authenticate
Log in as usual with your username and password. A window then appears, asking to insert the USB key.
Then just insert the USB key and possibly activate it with your finger to authenticate. Facebook then asks whether to remember the browser.
Select the option Save browser for devices that you consider safe, for example the home computer. The next time you log in, it will not be necessary to use the key.
After logging in by entering your username and password, Google asks you to insert the USB key. The Don’t ask me again for this computer check box allows you to disable two-step verification for machines that are deemed safe.
Insert the USB key into the computer, and possibly put your finger on the activation ring, to complete the procedure and access your email in Gmail.