2FA Hardware Keys

Hello All; I was curious about 2FA hardware keys popularized by Yubikey. Recently the FIDO standard has been published, which incentivizes cheaper hardware through competition. I purchased this Mini HyperFido key to use for my testing. The unit came with ZERO documentation so I am creating a document here.

Setup for Gmail:

If your FidoKey is plugged in at this point you will be asked to unplug it.

The Backup Codes option will supply you with 10 alternate codes that you can use to sign-in in the event that you have forgot your Hardware key at home. My first choice would be to save these to a USB key that you take with you, alternately your Sync or DropBox storage.

The two factor only needs to be done once per computer, which doesn’t seem very intrusive. This, of course, won’t help if your laptop gets stolen or lost. I need to test turning 2fa off globally from a computer that has “Don’t Ask Again” turned on. That could be a contingency plan if you lost your hw token.

Other Thoughts; the green LED blinks when you need to press the button, which is nice if they 2faKey is plugged into the top of your keyboard, facing away from you. The keychain string it comes with is completely impossible to install in the tiny hole.