U2F stands for Universal Second Factor, an open authentication universal standard for tokens. A security token is a physical device used to gain access to the restricted resource. Tokens automatically transmit the authentication information to the computer once a physical connection is made.
U2F is a hardware-based authentication, where a single token can have keys for many different sites and apps, so there’s no need for an individual to have multiple tokens.
With U2F, the login is secured by the device, so nothing is cached and the token can be carried around once the user logs out. That is, when you first add the key to your account, your key generates a random number. It uses a secure hash function to mix this with the domain of the website you are on (e.g. aviumshost.com) and a private key (which never leaves the device), to generate a unique private key for your account. From this unique private key, the device works out a public key and a secure checksum (sequence of numbers and letters), which it sends to the server along with the random number.
The use of private-public key cryptography makes the U2F method not vulnerable to phishing attacks, and protects against session hijacking, man-in-the-middle, and malware attacks.
U2F overcomes many of the security flaws of other methods, which makes it one of the most secure and easy-to-use methods available today.
Where is it supported?
Google Chrome, Mozilla Firefox, and Edge are the browsers that currently support U2F on Windows, Mac, and Linux.
U2F also works with the Google Chrome browser on Android, assuming you have a USB key with NFC support built in.
As for Apple devices and the Safari browser, it's possible to register a U2F key with iOS 14 and the latest version of Safari (starting from v.13.3).
How to use U2F
To get started, you’ll need just a few things:- A U2F security key. You can use any U2F key for 2FA, like YubiKey authentication token. NB: If you want to use it with an Android device, make sure to purchase the security key with NFC.
- Google Chrome, Mozilla Firefox, or Edge browser. NB: If you want to use Safari, make sure you have the latest version installed. It's also preferable to have an iOS version starting from 14 for iPhones.
To start using the U2F 2FA method in your AviumsHost account, go to Profile >> Security >> Access >> Two-Factor Authentication page and click Enable.
Enter your AviumsHost password and confirm the change by clicking Continue .
NOTE: If you already have any of the 2FA methods enabled (SMS, OneTouch or TOTP), the pop-up window with a request to confirm the authentication method change will appear.
On the next page, you will receive the set of backup codes that can help you to recover access to your AviumsHost account if you lose your device/s or cannot use them for some reason. You need to either print or copy the backup codes somewhere. Once you have done this, click Next:
Few things to keep in mind:
- If you change the 2FA method from TOTP to U2F, the same backup codes that were created for the TOTP 2FA method will be kept for U2F as well. You can regenerate them during U2F method setup if you wish.
- The Backup Codes are activated only if the U2F setup process is fully completed.
- After one of the backup codes is used to sign in, it becomes inactive.
- You can generate a new set of backup codes whenever you want. After creating a new set, the old set will automatically become inactive.
- We recommend that you store your backup codes in a safe place, eg: in a password manager.
Insert your U2F security key into your computer’s USB port within 30 seconds and press the button on it when prompted:
If something goes wrong or you do not insert the key within 30 seconds, you will receive an error message. If this happens, try the process again, Once the device is successfully registered, the corresponding pop-up window will appear.
The next time you log into your Namecheap account, you’ll be prompted to insert your U2F security key.
U2F Management
Adding a new device
If you would like to link several U2F keys to your AviumsHost account, click Add device in the Device Authentication (U2F) section:
